pyrox.dev
+2
hosts/prefect/default.nix
+2
hosts/prefect/default.nix
+8
-5
nixosModules/default-config/security.nix
+8
-5
nixosModules/default-config/security.nix
···
1
-
{ pkgs, ... }:
1
+
{ pkgs, lib, ... }:
2
+
let
3
+
inherit (lib) mkDefault;
4
+
in
2
5
{
3
6
# Everything should use doas instead of sudo
4
7
# Sudo is kept enabled for tools that ~can't~ won't use doas.
···
12
15
13
16
# TPM configuration
14
17
tpm2 = {
15
-
enable = true;
16
-
abrmd.enable = true;
17
-
applyUdevRules = true;
18
-
pkcs11.enable = false;
18
+
enable = mkDefault true;
19
+
abrmd.enable = mkDefault true;
20
+
applyUdevRules = mkDefault true;
21
+
pkcs11.enable = mkDefault false;
19
22
};
20
23
21
24
# Set up extra certificates for DN42 specifically