sgx-azure

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
add README.md
2024-03-06 19:54:33 +01:00 · 2024-03-06 19:54:17 +01:00 · 2024-03-06 19:38:51 +01:00 · 2024-03-06 19:38:39 +01:00 · 2024-03-06 19:38:24 +01:00 · 2024-03-06 19:38:03 +01:00
7 changed files with 22 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,11 @@
 ```bash
 ❯ nix run  github:numtide/nixos-anywhere -- --flake .#hostname root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
 ... enter disk password
 ❯ ssh -t  root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
 ```
 remote git flake
 ```bash
 ❯ sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg
 ```
--- a/flake.nix
+++ b/flake.nix
@ -56,10 +56,6 @@
        allowUnfree = true;
      };
      homes.users."harald@nix.fedora.fritz.box".modules = with inputs; [
        neovim-flake.homeManagerModules.default
      ];
      homes.users."harald@sgx-nixos".modules = with inputs; [
        neovim-flake.homeManagerModules.default
      ];
@ -76,6 +72,10 @@
        neovim-flake.homeManagerModules.default
      ];
      homes.users."harald@sgx-azure".modules = with inputs; [
        neovim-flake.homeManagerModules.default
      ];
      #      homes.modules = with inputs; [
      #        neovim-flake.homeManagerModules.default
      #      ];
--- a/homes/x86_64-linux/harald@nix.fedora.fritz.box/default.nix
+++ b/homes/x86_64-linux/harald@nix.fedora.fritz.box/default.nix
@ -2,8 +2,6 @@
 , pkgs
 , config
 , nixpkgs
 , osConfig ? { }
 , format ? "unknown"
 , ...
 }:
 {
@ -28,10 +26,7 @@
      git.enable = true;
      direnv.enable = true;
      ssh.enable = true;
      # jetbrains.enable = true;
    };
  };
  fonts.fontconfig.enable = true;
 }
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@ -58,6 +58,7 @@ in
      };
      enableRedistributableFirmware = lib.mkDefault true;
      enableAllFirmware = true;
      opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
    };
    programs = {
@ -78,6 +79,7 @@ in
    # powerManagement.cpuFreqGovernor = "ondemand";
    services = {
      btrfs.autoScrub.enable = true;
      dbus.implementation = "broker";
      dbus.packages = [ pkgs.gcr ];
      fwupd.enable = true;
@ -127,5 +129,7 @@ in
      flake = "git+https://git.hoyer.xyz/harald/nixcfg";
    };
    virtualisation.libvirtd.enable = true;
  };
 }
--- a/modules/nixos/services/gui/default.nix
+++ b/modules/nixos/services/gui/default.nix
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@ -4,6 +4,8 @@ with lib.plusultra;
 {
  imports = [ ./hardware-configuration.nix ];
  sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
  plusultra = {
    base.enable = true;
    gui.enable = false;
@ -25,10 +27,6 @@ with lib.plusultra;
  security.tpm2.enable = false;
  security.tpm2.abrmd.enable = false;
  sops.secrets.pccs = {
    sopsFile = ../../../.secrets/sgx/pccs.yaml; # bring your own password file
  };
  networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
  services.aesmd.enable = true;
Author	SHA1	Message	Date
Harald Hoyer	707faa6751	sgx-azure Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:54:33 +01:00
Harald Hoyer	c405c2af83	add README.md Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:54:17 +01:00
Harald Hoyer	2f3ccfbc5d	libvirt program enable Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:38:51 +01:00
Harald Hoyer	d3fb170fee	btrfs scrub Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:38:39 +01:00
Harald Hoyer	34a8c1443a	opengl intel Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:38:24 +01:00
Harald Hoyer	af66a3f524	nix fmt Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:38:03 +01:00
Harald Hoyer	be2a34bcc5	sgx: reorder Signed-off-by: Harald Hoyer <harald@hoyer.xyz>	2024-03-06 19:37:12 +01:00