20 lines
383 B
Nix
20 lines
383 B
Nix
{ lib
|
|
, pkgs
|
|
, ...
|
|
}: {
|
|
environment.etc."secureboot" = {
|
|
mode = "symlink";
|
|
source = "/persist/secrets/secureboot";
|
|
};
|
|
boot = {
|
|
bootspec.enable = true;
|
|
loader.systemd-boot.enable = lib.mkForce false;
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/persist/secrets/secureboot";
|
|
};
|
|
};
|
|
environment.systemPackages = with pkgs; [
|
|
sbctl
|
|
];
|
|
}
|