tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
9274b5a87011e1c05ef4a1790b73b1096bdd1844
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Steffen Beyer 9274b5a870 Add NBDE channel modules
2026-03-27 15:12:40 +01:00
examples
Add NBDE channel modules
2026-03-27 15:12:40 +01:00
nbde
Add NBDE channel modules
2026-03-27 15:12:40 +01:00
README.md
Add NBDE channel modules
2026-03-27 15:12:40 +01:00

README.md

NBDE Channel

This repository provides the Guix-side pieces for network-bound disk encryption:

  • nbde/packages/crypto.scm Package definitions for luksmeta, tang, and clevis.
  • nbde/services/tang.scm A standalone Tang service for Guix systems.
  • nbde/system/mapped-devices.scm A Clevis-backed mapped-device kind with manual cryptsetup fallback.
  • nbde/system/initrd.scm A helper around raw-initrd for early-boot Clevis support.
  • examples/phase0-system.scm Minimal reference system using the Clevis-backed mapped-device kind and custom initrd.

Current development status:

  1. luksmeta, tang, and clevis build successfully on pguix.
  2. A disposable Tang + LUKS smoke test passes.
  3. A QEMU Phase-0 system with encrypted root now boots unattended through Clevis/Tang and reaches a login prompt.

For pinned bootstrap usage, generate a channels.scm that combines upstream Guix with this repository's current commit.

Reference in New Issue View Git Blame Copy Permalink
Description
Guix Channel for Tribes
Readme 366 KiB
Languages
Scheme 99.7%
Common Lisp 0.3%