nixcfg/modules/nixos/sgx/aesmd_dcap/default.nix

{
  options,
  config,
  lib,
  pkgs,
  ...
}:

with lib;
with lib.metacfg;
let
  cfg = config.metacfg.aesmd_dcap;
in
{
  options.metacfg.aesmd_dcap = with types; {
    enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode.";
  };

  config = mkIf cfg.enable {
    metacfg = {
      nix.extra-substituters = {
        "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
      };
    };
    services.aesmd = {
      enable = true;
      quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
    };
    systemd.services.aesmd = {
      environment.LD_LIBRARY_PATH = lib.mkForce (
        lib.makeLibraryPath [
          pkgs.nixsgx.sgx-dcap.default_qpl
          pkgs.curl.out
        ]
      );
      serviceConfig = {
        BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ];
        BindPaths = [ "/dev/log" ];
      };
    };
  };
}
nix fmt Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-11-19 10:31:29 +01:00			`{`
			`options,`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
A new start 2024-03-21 15:00:36 +01:00
			`with lib;`
			`with lib.metacfg;`
			`let`
			`cfg = config.metacfg.aesmd_dcap;`
			`in`
			`{`
			`options.metacfg.aesmd_dcap = with types; {`
			`enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode.";`
			`};`

			`config = mkIf cfg.enable {`
			`metacfg = {`
			`nix.extra-substituters = {`
feat: Add new substituter and trusted key in various modules This commit introduces a new substituter 'https://attic.teepot.org/tee-pot' and its associated trusted key 'tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg='. The changes affect the Nix, aesmd_dcap, home settings, and pccs modules. This update provides additional package sources for these modules. 2024-06-28 14:33:05 +02:00			`"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";`
A new start 2024-03-21 15:00:36 +01:00			`};`
			`};`
			`services.aesmd = {`
			`enable = true;`
			`quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;`
			`};`
			`systemd.services.aesmd = {`
nix fmt Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-11-19 10:31:29 +01:00			`environment.LD_LIBRARY_PATH = lib.mkForce (`
			`lib.makeLibraryPath [`
			`pkgs.nixsgx.sgx-dcap.default_qpl`
			`pkgs.curl.out`
			`]`
			`);`
feat: add BindPaths to systemd services in aesmd_dcap This commit updates systemd services configuration of aesmd_dcap by adding a new directory to BindPaths. The file "/dev/log" has been added to ensure proper logging. 2024-05-21 15:44:00 +02:00			`serviceConfig = {`
nix fmt Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-11-19 10:31:29 +01:00			`BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ];`
			`BindPaths = [ "/dev/log" ];`
feat: add BindPaths to systemd services in aesmd_dcap This commit updates systemd services configuration of aesmd_dcap by adding a new directory to BindPaths. The file "/dev/log" has been added to ensure proper logging. 2024-05-21 15:44:00 +02:00			`};`
A new start 2024-03-21 15:00:36 +01:00			`};`
			`};`
			`}`