pyrox.dev / nix
My Nix Configuration
fork atom
nix / nixosModules / default-config / security.nix
at 7068e0b691a070373059f02d88224cb646b19eda 1.0 kB view raw
1{ pkgs, ... }: 2{ 3 # Everything should use doas instead of sudo 4 # Sudo is kept enabled for tools that ~can't~ won't use doas. 5 security = { 6 doas = { 7 enable = true; 8 wheelNeedsPassword = false; 9 }; 10 # Needed for nixos-rebuild to work properly 11 sudo.enable = true; 12 13 # TPM configuration 14 tpm2 = { 15 enable = true; 16 abrmd.enable = true; 17 applyUdevRules = true; 18 pkcs11.enable = false; 19 }; 20 21 # Set up extra certificates for DN42 specifically 22 pki.certificateFiles = [ 23 (pkgs.fetchurl { 24 url = "https://dn42.burble.com/burble-dn42-ca.pem"; 25 name = "burble-dn42-ca.pem"; 26 sha256 = "0wcrjkiav018bpl87583g0v60clx3jg3wfyf8d9h8zdkwcb16b2g"; 27 }) 28 (pkgs.fetchurl { 29 url = "https://aur.archlinux.org/cgit/aur.git/plain/dn42.crt?h=ca-certificates-dn42&id=646f7effb290adf25c7e9fea3b41bf055522ba29"; 30 name = "dn42.crt"; 31 sha256 = "sha256-wsMeC9/tlppSNZGrqfZFLAjv3AMj1KwIAWeh2XBpiYs="; 32 }) 33 ]; 34 }; 35}