Harald Hoyer
10fbd22629
The 'atticd' service has been deleted from the sgx-nixos configuration. Additionally, the reference to 'atticd.nix' has been removed from the 'default.nix' imports. This was done to help streamline the system configuration.
61 lines
1.5 KiB
Nix
61 lines
1.5 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
|
|
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
|
|
|
networking.firewall.extraCommands = ''
|
|
iptables -t nat -A OUTPUT -o lo -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
|
|
iptables -t nat -A POSTROUTING -j MASQUERADE
|
|
'';
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
aesmd_dcap.enable = true;
|
|
podman.enable = true;
|
|
user.extraGroups = [ "docker" "sgx" ];
|
|
};
|
|
|
|
environment.etc."sgx_default_qcnl.conf".text = ''
|
|
{
|
|
"pccs_url": "https://192.168.122.1:8081/sgx/certification/v4/",
|
|
"use_secure_cert": false,
|
|
"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
|
|
"retry_times": 6,
|
|
"retry_delay": 10,
|
|
"pck_cache_expire_hours": 168,
|
|
"verify_collateral_cache_expire_hours": 168,
|
|
"local_cache_only": false
|
|
}
|
|
'';
|
|
|
|
virtualisation = {
|
|
docker.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
};
|
|
|
|
security.tpm2.enable = false;
|
|
security.tpm2.abrmd.enable = false;
|
|
|
|
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
|
|
|
networking.firewall.allowPing = true;
|
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|