nixdots/options/system/secure-boot.nix

{ lib, ... }: with lib; let
  inherit (lib) mkEnableOption;
in
{
  options.myOptions.system.secure-boot = {
     enabled = mkEnableOption ''
      secure-boot using lanzaboote.

      Note that you will need to have UEFI firmware, and the rebuild
      will report errors until you generate the secure boot keys with:
      ```shell
      sudo sbctl create-keys
      ````

      Optionally (though enabling this is pointless otherwise), you should
      now enter secure-boot setup mode and enroll the keys:
      ```shell
      sudo sbctl enroll-keys -m
      ```
      Then reboot, and secure-boot should be enabled.
     '';
  };
}
Add secure-boot 2024-04-12 16:25:26 +00:00			`{ lib, ... }: with lib; let`
			`inherit (lib) mkEnableOption;`
			`in`
			`{`
			`options.myOptions.system.secure-boot = {`
			`enabled = mkEnableOption ''`
			`secure-boot using lanzaboote.`

			`Note that you will need to have UEFI firmware, and the rebuild`
			`will report errors until you generate the secure boot keys with:`
			```shell
			`sudo sbctl create-keys`
			````

			`Optionally (though enabling this is pointless otherwise), you should`
			`now enter secure-boot setup mode and enroll the keys:`
			```shell
			`sudo sbctl enroll-keys -m`
			```
			`Then reboot, and secure-boot should be enabled.`
			`'';`
			`};`
			`}`