tom/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 38 Wiki Activity

add yubikey to unlock FDE on laptop; update flake; minor wayland changes
All checks were successful
Build iso when a new version is pushed / test (push) Successful in 2m38s
Details

Browse Source
This commit is contained in:
tomoron
2025-09-04 15:17:30 +02:00
parent 1e46d42f27
commit e13360f793
11 changed files with 113 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
osConfigs/hosts/laptop.nix
View File

@ -1,8 +1,24 @@
{ config, pkgs, ... }:
{
boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f";
boot.initrd.luks.devices.cryptroot.allowDiscards = true;
boot.initrd.luks.yubikeySupport = true;
boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
boot.initrd.luks.devices.cryptroot = {
device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f";
allowDiscards = true;
#set up initial : https://wiki.nixos.org/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
yubikey = {
twoFactor = false;
keyLength = 64;
saltLength = 32;
storage = {
device = "/dev/disk/by-uuid/BA5C-F216";
path = "/default";
};
};
};
boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ];
mods.displayManager.enable = true;
mods.virtualManager.enable = false;

1
osConfigs/hosts/server.nix
View File

@ -74,7 +74,6 @@
virtualisation.docker = {
liveRestore = false;
enableOnBoot = true;
# package = inputs.pkgs-docker-2750.legacyPackages."x86_64-linux".docker;
# daemon.settings = {
# runtimes.nvidia.path = "${pkgs.nvidia-docker}/bin/nvidia-container-runtime";
# exec-opts = ["native.cgroupdriver=cgroupfs"];