nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Set up secure boot for framework and new SSD

Browse source
This commit is contained in:
Natsu Kagami 2024-01-19 13:13:47 +01:00
parent 25ab9e9b70
commit 62c14ffd0d
Signed by: nki
GPG key ID: 55A032EB38B49ADB
2 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -183,14 +183,14 @@
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
(common-nixos nixpkgs) (common-nixos nixpkgs)
# inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
({ ... }: { ({ ... }: {
# Sets up secure boot # Sets up secure boot
# boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
# boot.lanzaboote = { boot.lanzaboote = {
# enable = true; enable = true;
# pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
# }; };
}) })
./nki-framework/configuration.nix ./nki-framework/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager

18
nki-framework/hardware-configuration.nix
View file

@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
@ -14,7 +15,8 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/ed6ef17f-4ad2-48ef-99bb-c4c9d12d6646"; {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=root" ]; options = [ "subvol=root" ];
}; };
@ -23,22 +25,25 @@
interval = "monthly"; interval = "monthly";
}; };
common.linux.luksDevices."cryptroot" = "/dev/disk/by-uuid/c676ec99-31d2-420a-af19-a25c4766d87c"; common.linux.luksDevices."cryptroot" = "/dev/disk/by-uuid/94226aae-6d1c-401a-bfad-3aa5f371a365";
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-uuid/ed6ef17f-4ad2-48ef-99bb-c4c9d12d6646"; {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" ]; options = [ "subvol=home" ];
}; };
fileSystems."/nix" = fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/ed6ef17f-4ad2-48ef-99bb-c4c9d12d6646"; {
device = "/dev/disk/by-uuid/fa8aaf51-b99f-4fb4-9230-8c0957d8af3f";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" ]; options = [ "subvol=nix" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4843-028F"; {
device = "/dev/disk/by-uuid/6A0E-4D23";
fsType = "vfat"; fsType = "vfat";
}; };
@ -55,6 +60,7 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
environment.systemPackages = with pkgs; [ vulkan-validation-layers ];
# Fingerprint # Fingerprint
services.fprintd.enable = true; services.fprintd.enable = true;