diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index d9083ce..9ddc15f 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -25,12 +25,12 @@ boot = { kernelModules = [ "v4l2loopback" ]; kernelPackages = pkgs.linuxPackages_latest; - extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; - extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" - ''; + # extraModulePackages = [ + # config.boot.kernelPackages.v4l2loopback + # ]; + # extraModprobeConfig = '' + # options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" + # ''; tmp.useTmpfs = true; }; diff --git a/hosts/thinkpad/modules/security/default.nix b/hosts/thinkpad/modules/security/default.nix index 1b3ef77..416969f 100644 --- a/hosts/thinkpad/modules/security/default.nix +++ b/hosts/thinkpad/modules/security/default.nix @@ -35,13 +35,13 @@ # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false # for now. - loader.systemd-boot.enable = lib.mkForce true; - # lanzaboote = { - # enable = true; - # pkiBundle = "/etc/secureboot"; - # configurationLimit = 10; - # }; - # loader.systemd-boot.editor = false; - # loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + configurationLimit = 10; + }; + loader.systemd-boot.editor = false; + loader.efi.canTouchEfiVariables = true; }; } diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index 4db693e..39b4dce 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -1,7 +1,10 @@ { pkgs, ... }: { virtualisation = { - docker.enable = true; + docker = { + enable = true; + extraOptions = "--iptables=false"; + }; libvirtd = { enable = true; qemu = { @@ -15,7 +18,7 @@ spiceUSBRedirection.enable = true; }; # allow libvirts internal network stuff - networking.firewall.trustedInterfaces = [ "virbr0" "br0" ]; + networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ]; programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ virt-viewer