From 99ed0a4e82b60453e1fc5cc3590c9638e5e312cb Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Fri, 13 Dec 2019 20:51:13 +0100
Subject: [PATCH] steveej-nuc7pjyh-work: sgx group for accessing /dev/sgx

---
 nix/os/devices/steveej-nuc7pjyh-work/system.nix | 2 ++
 nix/os/devices/steveej-nuc7pjyh-work/user.nix   | 1 +
 2 files changed, 3 insertions(+)

diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix
index b04ec58..8d673ba 100644
--- a/nix/os/devices/steveej-nuc7pjyh-work/system.nix
+++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix
@@ -2,6 +2,8 @@
 
 let
 in {
+  services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
+  users.groups.sgx = {};
   networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
 }
diff --git a/nix/os/devices/steveej-nuc7pjyh-work/user.nix b/nix/os/devices/steveej-nuc7pjyh-work/user.nix
index eecba37..05a9670 100644
--- a/nix/os/devices/steveej-nuc7pjyh-work/user.nix
+++ b/nix/os/devices/steveej-nuc7pjyh-work/user.nix
@@ -12,6 +12,7 @@ in {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
     shell = pkgs.posh { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; };
+    extraGroups = [ "sgx" ];
 
     subUidRanges = [{ startUid = 100000; count = 65536; }];
     subGidRanges = [{ startGid = 100000; count = 65536; }];