Harald Hoyer
a14d98c710
This commit introduces a new substituter 'https://attic.teepot.org/tee-pot' and its associated trusted key 'tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg='. The changes affect the Nix, aesmd_dcap, home settings, and pccs modules. This update provides additional package sources for these modules.
37 lines
995 B
Nix
37 lines
995 B
Nix
{ options, config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
with lib.metacfg;
|
|
let
|
|
cfg = config.metacfg.aesmd_dcap;
|
|
in
|
|
{
|
|
options.metacfg.aesmd_dcap = with types; {
|
|
enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode.";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
metacfg = {
|
|
nix.extra-substituters = {
|
|
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
|
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
|
};
|
|
};
|
|
services.aesmd = {
|
|
enable = true;
|
|
quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
|
|
};
|
|
systemd.services.aesmd = {
|
|
environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]);
|
|
serviceConfig = {
|
|
BindReadOnlyPaths = [
|
|
"/etc/sgx_default_qcnl.conf"
|
|
];
|
|
BindPaths = [
|
|
"/dev/log"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|