2 changed files with 15 additions and 26 deletions
--- a/nix/configuration/roles/boot/default.nix
+++ b/nix/configuration/roles/boot/default.nix
@ -75,15 +75,11 @@
      boot.lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
-        # TODO:
-        #     pkiBundle = "/var/lib/sbctl";
      };
      environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
        hideMounts = true;
        directories = [
-          "/etc/secureboot" # Old Secure Boot Keys location
-          # TODO: run `doas sbctl setup --migrate` to move keys
-          "/var/lib/sbctl" # Secure Boot Keys
+          "/etc/secureboot" # Secure Boot Keys
        ];
      };
    })
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@ -9,15 +9,10 @@
  imports = [ ];

  virtualisation.docker.enable = true;
-  # Use docker activation
-  virtualisation.docker.enableOnBoot = false;
-  # Rootless docker breaks access to ssh for buildkit.
-  # virtualisation.docker.rootless = {
-  #   enable = true;
-  #   setSocketVariable = true;
-  # };
-  # Give docker access to ssh for fetching repos with buildkit.
-  virtualisation.docker.extraPackages = [ pkgs.openssh ];
+  virtualisation.docker.rootless = {
+    enable = true;
+    setSocketVariable = true;
+  };
  environment.systemPackages = with pkgs; [
    docker-buildx
  ];
@ -32,18 +27,16 @@
        mode = "0740";
      }
    ];
-    # users.talexander = {
-    #   directories = [
-    #     {
-    #       directory = ".local/share/docker";
-    #       user = "talexander";
-    #       group = "talexander";
-    #       mode = "0740";
-    #     }
-    #   ];
-    # };
+    users.talexander = {
+      directories = [
+        {
+          directory = ".local/share/docker";
+          user = "talexander";
+          group = "talexander";
+          mode = "0740";
+        }
+      ];
+    };
  };

-  # Needed for non-rootless docker
-  users.users.talexander.extraGroups = [ "docker" ];
 }