Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

disable secure boot shodan, updates to other stuff

Browse source
This commit is contained in:
Lillian Violet 2024-03-20 16:43:19 +01:00
parent 4078aa6690
commit 9b2fbd4ae5
4 changed files with 47 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/hosts/shodan/auto-mount.nix
View file

@ -6,8 +6,6 @@
pkgs,
...
}: {
environment.systemPackages = with pkgs; [auto-mount];
services.udev.extraRules = ''
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service"
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
@ -17,6 +15,7 @@
KERNEL=="nvme0n1p9|nvme0n1p1[0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
'';
systemd.services."external-drive-mount@" = {
path = with pkgs; [jq coreutils udisks];
enable = true;
description = "Mount External Drive on %i";
serviceConfig = {

10
nixos/hosts/shodan/configuration.nix
View file

@ -211,13 +211,13 @@
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = true;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# boot.lanzaboote = {
# enable = true;
# pkiBundle = "/etc/secureboot";
# };
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;