49 lines
1.2 KiB
Nix
49 lines
1.2 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
with lib;
|
|
with lib.plusultra;
|
|
{
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
plusultra = {
|
|
base.enable = true;
|
|
gui.enable = false;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
|
pccs.enable = true;
|
|
pccs.secret = config.sops.secrets.pccs.path;
|
|
podman.enable = true;
|
|
secureboot.enable = true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = true;
|
|
flags = [
|
|
"--update-input"
|
|
"nixpkgs"
|
|
"--update-input"
|
|
"unstable"
|
|
];
|
|
flake = "git+https://git.hoyer.xyz/harald/nixcfg#sgx";
|
|
};
|
|
|
|
networking.hostName = "sgx"; # Define your hostname.
|
|
|
|
security.tpm2.enable = false;
|
|
security.tpm2.abrmd.enable = false;
|
|
|
|
sops.secrets.pccs = {
|
|
sopsFile = ../../../.secrets/sgx/pccs.yaml; # bring your own password file
|
|
};
|
|
|
|
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
|
|
|
services.aesmd.enable = true;
|
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|