Skip to content

Commit

Permalink
Remove support for GPG card at boot
Browse files Browse the repository at this point in the history
  • Loading branch information
@NotM32
NotM32 committed Feb 15, 2025
1 parent 39aafed commit 649786d
Showing 1 changed file with 66 additions and 67 deletions.
133 changes: 66 additions & 67 deletions modules/hardware/ryzen-desktop.nix
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
{ config, lib, modulesPath, ... }:

{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules =
[ "dm-snapshot" "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
boot.kernelModules = [ "kvm-amd" "nzxt-kraken3" "nct6775" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ liquidtux asus-ec-sensors ];
boot.extraModulePackages = with config.boot.kernelPackages; [
liquidtux
asus-ec-sensors
];

boot.initrd.secrets =
{ "/persist/secrets/boot/pubkey.asc" =
../../home/gpg/pubkey.asc;
"/persist/secrets/boot/cryptkey.gpg" =
/persist/secrets/boot/cryptkey.gpg;
};
boot.initrd.secrets = {
"/persist/secrets/boot/pubkey.asc" = ../../home/gpg/pubkey.asc;
# "/persist/secrets/boot/cryptkey.gpg" = /persist/secrets/boot/cryptkey.gpg;
};

# Support for YubiKey PBA (two factor decryption)
boot.initrd.luks.yubikeySupport = false;
# Support for GPG smartcard decryption
boot.initrd.luks.gpgSupport = true;
boot.initrd.luks.gpgSupport = false;
# Support for FIDO2 decryption
boot.initrd.luks.fido2Support = false;

Expand All @@ -45,10 +45,10 @@
# };

# gpg-card CCID smartcard support
gpgCard = {
publicKey = ../../home/gpg/pubkey.asc;
encryptedPass = /persist/secrets/boot/cryptkey.gpg;
};
# gpgCard = {
# publicKey = ../../home/gpg/pubkey.asc;
# encryptedPass = /persist/secrets/boot/cryptkey.gpg;
# };

# FIDO2 support
fido2 = {
Expand All @@ -66,67 +66,65 @@
device = "/dev/disk/by-uuid/53243a77-1b78-49c3-8d26-ccb118c5a692";
preLVM = true;

gpgCard = {
publicKey = /persist/secrets/boot/pubkey.asc;
encryptedPass = /persist/secrets/boot/cryptkey.gpg;
};
# gpgCard = {
# publicKey = /persist/secrets/boot/pubkey.asc;
# encryptedPass = /persist/secrets/boot/cryptkey.gpg;
# };

fallbackToPassword = true;
};
};

fileSystems."/" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/home" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd,noatime,autodefrag" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@nix,compress=zstd,noatime,autodefrag" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@nix,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@persist,compress=zstd,noatime,autodefrag" ];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@persist,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/srv" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@srv,compress=zstd,noatime,autodefrag" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@srv,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/var" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@var,compress=zstd,noatime,autodefrag" ];
};
fileSystems."/var" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@var,compress=zstd,noatime,autodefrag" ];
};

fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@var/log,compress=zstd,noatime,autodefrag" ];
neededForBoot = true;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/51718d2c-a082-4ad4-9836-c0ecffeb4eee";
fsType = "btrfs";
options = [ "subvol=@var/log,compress=zstd,noatime,autodefrag" ];
neededForBoot = true;
};

fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C900-11F4";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C900-11F4";
fsType = "vfat";
};

swapDevices = [
{ device = "/dev/disk/by-uuid/9e60cced-d0fc-4fc9-9093-421dfcadf101"; }
];
swapDevices =
[{ device = "/dev/disk/by-uuid/9e60cced-d0fc-4fc9-9093-421dfcadf101"; }];

# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
Expand All @@ -140,7 +138,8 @@
hardware.bluetooth.enable = true;

nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;

# Hardware Temps
programs.coolercontrol.enable = true;
Expand Down

0 comments on commit 649786d

Please sign in to comment.