Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make shodan more secure for reinstall, copied stuff from EDI

Browse source
This commit is contained in:
Lillian Violet 2024-03-18 22:30:27 +01:00
parent 70f63daf80
commit ca4553749c
4 changed files with 83 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nixos/hosts/shodan/configuration.nix
View file

@ -22,6 +22,8 @@
# ./nvim.nix
./hardware-configuration.nix
../../../disko/EDI
./auto-mount.nix
];
@ -184,7 +186,7 @@
enable = true;
};
users.users.lillian.extraGroups = ["decky"];
users.users.lillian.extraGroups = ["decky" "tss"];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
@ -199,6 +201,13 @@
networking.hostName = "shodan";
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = ["bcachefs"];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;