You've already forked guix-tribes
27 lines
962 B
Markdown
27 lines
962 B
Markdown
## NBDE Channel
|
|
|
|
This repository provides the Guix-side pieces for network-bound disk
|
|
encryption:
|
|
|
|
- `nbde/packages/crypto.scm`
|
|
Package definitions for `luksmeta`, `tang`, and `clevis`.
|
|
- `nbde/services/tang.scm`
|
|
A standalone Tang service for Guix systems.
|
|
- `nbde/system/mapped-devices.scm`
|
|
A Clevis-backed mapped-device kind with manual `cryptsetup` fallback.
|
|
- `nbde/system/initrd.scm`
|
|
A helper around `raw-initrd` for early-boot Clevis support.
|
|
- `examples/phase0-system.scm`
|
|
Minimal reference system using the Clevis-backed mapped-device kind and
|
|
custom initrd.
|
|
|
|
Current development status:
|
|
|
|
1. `luksmeta`, `tang`, and `clevis` build successfully on `pguix`.
|
|
2. A disposable Tang + LUKS smoke test passes.
|
|
3. A QEMU Phase-0 system with encrypted root now boots unattended through
|
|
Clevis/Tang and reaches a login prompt.
|
|
|
|
For pinned bootstrap usage, generate a `channels.scm` that combines upstream
|
|
Guix with this repository's current commit.
|