feat: Update hardware configuration and extract disk setup

This commit refactors the hardware configuration in the SGX attic. A new file named `disko.nix` has been added which houses the disk setup previously located on `hardware-configuration.nix`. Additionally, some parameters in `default.nix` have been updated and unneeded configuration settings have been removed.

systems/x86_64-linux/sgx-attic/default.nix

@@ -7,36 +7,11 @@ with lib.metacfg;
     ./atticd.nix
   ];
 
-  boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
-  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
-
-  networking.firewall.extraCommands = ''
-    iptables -t nat -A OUTPUT -o lo -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
-    iptables -t nat -A POSTROUTING -j MASQUERADE
-  '';
-
   metacfg = {
     base.enable = true;
-    nix-ld.enable = true;
     nix.enable = true;
-    aesmd_dcap.enable = true;
-    podman.enable = true;
-    user.extraGroups = [ "docker" "sgx" ];
   };
 
-  environment.etc."sgx_default_qcnl.conf".text = ''
-    {
-      "pccs_url": "https://192.168.122.1:8081/sgx/certification/v4/",
-      "use_secure_cert": false,
-      "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
-      "retry_times": 6,
-      "retry_delay": 10,
-      "pck_cache_expire_hours": 168,
-      "verify_collateral_cache_expire_hours": 168,
-      "local_cache_only": false
-    }
-  '';
-
   virtualisation = {
     docker.enable = true;
     podman.dockerCompat = false;
@@ -57,5 +32,5 @@ with lib.metacfg;
 
   powerManagement.cpuFreqGovernor = "ondemand";
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.05";
 }

systems/x86_64-linux/sgx-attic/disko.nix

@@ -0,0 +1,41 @@
+# USAGE in your configuration.nix.
+# Update devices to match your hardware.
+# {
+#  imports = [ ./disko-config.nix ];
+#  disko.devices.disk.main.device = "/dev/sda";
+# }
+{
+  config.disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

systems/x86_64-linux/sgx-attic/hardware-configuration.nix

@@ -6,28 +6,16 @@
 {
   imports =
     [
+      ./disko.nix
       (modulesPath + "/profiles/qemu-guest.nix")
     ];
+  disko.devices.disk.main.device = "/dev/vda";
 
   boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/2d36df53-678c-49a7-9d59-05a1af7661df";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/69FB-9117";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction