From be2a34bcc530e075dc5299abd94ab7f352deaf44 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:37:12 +0100
Subject: [PATCH 1/7] sgx: reorder

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 systems/x86_64-linux/sgx/default.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix
index 3b6fced..6c15c83 100644
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@@ -4,6 +4,8 @@ with lib.plusultra;
 {
   imports = [ ./hardware-configuration.nix ];
 
+  sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
+
   plusultra = {
     base.enable = true;
     gui.enable = false;
@@ -25,10 +27,6 @@ with lib.plusultra;
   security.tpm2.enable = false;
   security.tpm2.abrmd.enable = false;
 
-  sops.secrets.pccs = {
-    sopsFile = ../../../.secrets/sgx/pccs.yaml; # bring your own password file
-  };
-
   networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
 
   services.aesmd.enable = true;

From af66a3f52401202886829ac60da5e9daeb7168f8 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:38:03 +0100
Subject: [PATCH 2/7] nix fmt

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 modules/home/tools/git/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix
index 423f229..693487e 100644
--- a/modules/home/tools/git/default.nix
+++ b/modules/home/tools/git/default.nix
@@ -48,7 +48,7 @@ in
         pull.ff = "only";
         core.pager = "${pkgs.delta}/bin/delta";
         delta = {
-          features = "decorations" ;
+          features = "decorations";
           syntax-theme = "Dracula";
           light = "false";
           navigate = "true";

From 34a8c1443a14d829a5a230af6ea40d56453da487 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:38:24 +0100
Subject: [PATCH 3/7] opengl intel

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 modules/nixos/services/base/default.nix      | 1 +
 modules/nixos/{ => services}/gui/default.nix | 0
 2 files changed, 1 insertion(+)
 rename modules/nixos/{ => services}/gui/default.nix (100%)

diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index 10f1c14..a56f06d 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -58,6 +58,7 @@ in
       };
       enableRedistributableFirmware = lib.mkDefault true;
       enableAllFirmware = true;
+      opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
     };
 
     programs = {
diff --git a/modules/nixos/gui/default.nix b/modules/nixos/services/gui/default.nix
similarity index 100%
rename from modules/nixos/gui/default.nix
rename to modules/nixos/services/gui/default.nix

From d3fb170feee3f28e6bc893e0e7356d3d3472f897 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:38:39 +0100
Subject: [PATCH 4/7] btrfs scrub

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 modules/nixos/services/base/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index a56f06d..e42cd97 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -79,6 +79,7 @@ in
     # powerManagement.cpuFreqGovernor = "ondemand";
 
     services = {
+      btrfs.autoScrub.enable = true;
       dbus.implementation = "broker";
       dbus.packages = [ pkgs.gcr ];
       fwupd.enable = true;

From 2f3ccfbc5d513971ca1aa76f7bd1dd6170ec3f26 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:38:51 +0100
Subject: [PATCH 5/7] libvirt program enable

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 modules/nixos/services/base/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index e42cd97..d3d371c 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -129,5 +129,7 @@ in
       flake = "git+https://git.hoyer.xyz/harald/nixcfg";
     };
 
+    virtualisation.libvirtd.enable = true;
+
   };
 }

From c405c2af83fb2cef9701f776e2d55897c7767569 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:54:17 +0100
Subject: [PATCH 6/7] add README.md

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5ad3d0c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+```bash
+❯ nix run  github:numtide/nixos-anywhere -- --flake .#hostname root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
+... enter disk password
+❯ ssh -t  root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
+```
+
+remote git flake
+```bash
+❯ sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg
+```
+

From 707faa675187f5e092bce1df762155507430a07a Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 6 Mar 2024 19:54:33 +0100
Subject: [PATCH 7/7] sgx-azure

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 flake.nix                                                 | 8 ++++----
 .../default.nix                                           | 5 -----
 2 files changed, 4 insertions(+), 9 deletions(-)
 rename homes/x86_64-linux/{harald@nix.fedora.fritz.box => harald@sgx-azure}/default.nix (84%)

diff --git a/flake.nix b/flake.nix
index b2d1499..531fdd3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -56,10 +56,6 @@
         allowUnfree = true;
       };
 
-      homes.users."harald@nix.fedora.fritz.box".modules = with inputs; [
-        neovim-flake.homeManagerModules.default
-      ];
-
       homes.users."harald@sgx-nixos".modules = with inputs; [
         neovim-flake.homeManagerModules.default
       ];
@@ -76,6 +72,10 @@
         neovim-flake.homeManagerModules.default
       ];
 
+      homes.users."harald@sgx-azure".modules = with inputs; [
+        neovim-flake.homeManagerModules.default
+      ];
+
       #      homes.modules = with inputs; [
       #        neovim-flake.homeManagerModules.default
       #      ];
diff --git a/homes/x86_64-linux/harald@nix.fedora.fritz.box/default.nix b/homes/x86_64-linux/harald@sgx-azure/default.nix
similarity index 84%
rename from homes/x86_64-linux/harald@nix.fedora.fritz.box/default.nix
rename to homes/x86_64-linux/harald@sgx-azure/default.nix
index 170ad4b..1a22611 100644
--- a/homes/x86_64-linux/harald@nix.fedora.fritz.box/default.nix
+++ b/homes/x86_64-linux/harald@sgx-azure/default.nix
@@ -2,8 +2,6 @@
 , pkgs
 , config
 , nixpkgs
-, osConfig ? { }
-, format ? "unknown"
 , ...
 }:
 {
@@ -28,10 +26,7 @@
       git.enable = true;
       direnv.enable = true;
       ssh.enable = true;
-      # jetbrains.enable = true;
     };
   };
-
-  fonts.fontconfig.enable = true;
 }