Compare commits
2 Commits
8b1e76d9d7
...
0fb53a4294
| Author | SHA1 | Date | |
|---|---|---|---|
|
0fb53a4294
|
||
|
|
4019e6d132
|
@ -75,11 +75,15 @@
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
# TODO:
|
||||
# pkiBundle = "/var/lib/sbctl";
|
||||
};
|
||||
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/etc/secureboot" # Secure Boot Keys
|
||||
"/etc/secureboot" # Old Secure Boot Keys location
|
||||
# TODO: run `doas sbctl setup --migrate` to move keys
|
||||
"/var/lib/sbctl" # Secure Boot Keys
|
||||
];
|
||||
};
|
||||
})
|
||||
|
||||
@ -9,10 +9,15 @@
|
||||
imports = [ ];
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.docker.rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
# Use docker activation
|
||||
virtualisation.docker.enableOnBoot = false;
|
||||
# Rootless docker breaks access to ssh for buildkit.
|
||||
# virtualisation.docker.rootless = {
|
||||
# enable = true;
|
||||
# setSocketVariable = true;
|
||||
# };
|
||||
# Give docker access to ssh for fetching repos with buildkit.
|
||||
virtualisation.docker.extraPackages = [ pkgs.openssh ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker-buildx
|
||||
];
|
||||
@ -27,16 +32,18 @@
|
||||
mode = "0740";
|
||||
}
|
||||
];
|
||||
users.talexander = {
|
||||
directories = [
|
||||
{
|
||||
directory = ".local/share/docker";
|
||||
user = "talexander";
|
||||
group = "talexander";
|
||||
mode = "0740";
|
||||
}
|
||||
];
|
||||
};
|
||||
# users.talexander = {
|
||||
# directories = [
|
||||
# {
|
||||
# directory = ".local/share/docker";
|
||||
# user = "talexander";
|
||||
# group = "talexander";
|
||||
# mode = "0740";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
};
|
||||
|
||||
# Needed for non-rootless docker
|
||||
users.users.talexander.extraGroups = [ "docker" ];
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user