nix/configuration/roles/boot/default.nix

@@ -75,15 +75,11 @@
       boot.lanzaboote = {
         enable = true;
         pkiBundle = "/etc/secureboot";
-        # TODO:
-        #     pkiBundle = "/var/lib/sbctl";
       };
       environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
         hideMounts = true;
         directories = [
-          "/etc/secureboot" # Old Secure Boot Keys location
+          "/etc/secureboot" # Secure Boot Keys
-          # TODO: run `doas sbctl setup --migrate` to move keys
-          "/var/lib/sbctl" # Secure Boot Keys
         ];
       };
     })

nix/configuration/roles/docker/default.nix

@@ -9,15 +9,10 @@
   imports = [ ];
 
   virtualisation.docker.enable = true;
-  # Use docker activation
+  virtualisation.docker.rootless = {
-  virtualisation.docker.enableOnBoot = false;
+    enable = true;
-  # Rootless docker breaks access to ssh for buildkit.
+    setSocketVariable = true;
-  # virtualisation.docker.rootless = {
+  };
-  #   enable = true;
-  #   setSocketVariable = true;
-  # };
-  # Give docker access to ssh for fetching repos with buildkit.
-  virtualisation.docker.extraPackages = [ pkgs.openssh ];
   environment.systemPackages = with pkgs; [
     docker-buildx
   ];
@@ -32,18 +27,16 @@
         mode = "0740";
       }
     ];
-    # users.talexander = {
+    users.talexander = {
-    #   directories = [
+      directories = [
-    #     {
+        {
-    #       directory = ".local/share/docker";
+          directory = ".local/share/docker";
-    #       user = "talexander";
+          user = "talexander";
-    #       group = "talexander";
+          group = "talexander";
-    #       mode = "0740";
+          mode = "0740";
-    #     }
+        }
-    #   ];
+      ];
-    # };
+    };
   };
 
-  # Needed for non-rootless docker
-  users.users.talexander.extraGroups = [ "docker" ];
 }