ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2025-06-30 14:00:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Group shared system settings

Browse source
This commit is contained in:
ItsDrike 2024-04-13 19:05:42 +02:00
parent 31221a5d19
commit fca6296841
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
35 changed files with 16 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

23
system/shared/boot/secure-boot.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }: let
inherit (lib) mkIf;
cfg = config.myOptions.system.boot.secure-boot;
in {
config = mkIf cfg.enable {
# Secure Boot Key Manager
environment.systemPackages = [ pkgs.sbctl ];
# Persist the secure boot keys (for impermanence)
myOptions.system.impermanence.root.extraDirectories = [
"/etc/secureboot"
];
# Lanzaboote replaces systemd-boot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
}