mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-04-03 02:30:52 +02:00
Activate secure boot
This commit is contained in:
parent
4d898e4a95
commit
968b0c90bd
GPG key ID:
6FC74C847011FD83
1 changed files with 16 additions and 1 deletions
|
|
@ -11,7 +11,12 @@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
boot.lanzaboote = {
|
||||||
|
enable = true;
|
||||||
|
pkiBundle = "/etc/secureboot";
|
||||||
|
};
|
||||||
|
|
||||||
boot.initrd.systemd.enable = true;
|
boot.initrd.systemd.enable = true;
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
#hardware.pulseaudio.enable = true;
|
#hardware.pulseaudio.enable = true;
|
||||||
|
|
@ -48,6 +53,7 @@
|
||||||
displayManager.gdm.enable = true;
|
displayManager.gdm.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||||
|
|
||||||
|
|
@ -104,6 +110,15 @@
|
||||||
];
|
];
|
||||||
services.gnome.gnome-keyring.enable = true;
|
services.gnome.gnome-keyring.enable = true;
|
||||||
|
|
||||||
|
services.openssh.extraConfig = ''
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
|
||||||
|
MaxAuthTries 20
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue