nixsgx for everyone

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
2024-03-20 00:07:00 +01:00 · 2024-03-20 00:07:00 +01:00 · 94d0ada223
parent eafb5c1455
commit 94d0ada223
5 changed files with 5 additions and 6 deletions
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -48,6 +48,9 @@ in
      let
        users = [ "root" config.plusultra.user.name ] ++
          optional config.services.hydra.enable "hydra";
+        extra-substituters = cfg.extra-substituters // {
+          "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
+        };
      in
      {
        package = cfg.package;
@ -65,11 +68,11 @@ in
          substituters =
            [ cfg.default-substituter.url ]
              ++
-              (mapAttrsToList (name: value: name) cfg.extra-substituters);
+              (mapAttrsToList (name: value: name) extra-substituters);
          trusted-public-keys =
            [ cfg.default-substituter.key ]
              ++
-              (mapAttrsToList (name: value: value.key) cfg.extra-substituters);
+              (mapAttrsToList (name: value: value.key) extra-substituters);

        } // (lib.optionalAttrs config.plusultra.tools.direnv.enable {
          keep-outputs = true;
--- a/systems/x86_64-linux/sgx-nixos/default.nix
+++ b/systems/x86_64-linux/sgx-nixos/default.nix
@ -8,7 +8,6 @@ with lib.plusultra;
    base.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
-    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
    user.extraGroups = [ "docker" "sgx" ];
  };

--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@ -14,7 +14,6 @@ in
    gui.enable = false;
    nix-ld.enable = true;
    nix.enable = true;
-    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
    pccs.enable = true;
    pccs.secret = config.sops.secrets.pccs.path;
    podman.enable = true;
--- a/systems/x86_64-linux/t15/default.nix
+++ b/systems/x86_64-linux/t15/default.nix
@ -7,7 +7,6 @@
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
-    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
    podman.enable = true;
    secureboot.enable = true;
  };
--- a/systems/x86_64-linux/x1/default.nix
+++ b/systems/x86_64-linux/x1/default.nix
@ -9,7 +9,6 @@ with lib.plusultra;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
-    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
    podman.enable = true;
    secureboot.enable = true;
  };