Trustix - Usage via Nix
The easiest way to use Trustix is via the NixOS modules, though even they require some manual preparation in terms of generating keys.
This document will guide you through the very basic NixOS setup required both by log clients and log publishers.
How to actually publish/subscribe are laid out in other documents.
Requisites
- A NixOS installation (flakes based optional)
Strategies
Classical Nix
It's highly recommended to use some automated tool like niv to ensure you are up to date with your external dependencies, here we'll show you how to integrate Trustix in your NixOS configuration manually using no external tooling.
From within your configuration directory, clone Trustix:
$ git clone https://github.com/nix-community/trustix.git
And add it to your NixOS configuration like:
{ config, pkgs, lib, ... }:
{
imports = [ ./trustix/nixos ];
}
Flakes
This is a minimal flake.nix
for using Trustix with Flakes:
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
trustix = {
url = "github:nix-community/trustix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { nixpkgs, flake-utils, trustix, ... }: {
nixosConfigurations.trustix-example = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules =
[ ({ pkgs, ... }: {
# import trustix modules
imports = [ trustix.nixosModules.trustix ];
})
];
};
};
}
Effect
This will add all relevant services to your system (but not enable them) and adds packages to the pkgs set via an overlay.