configuration.nix/hosts/skipper/secureboot.nix

20 lines
383 B
Nix

{ lib
, pkgs
, ...
}: {
environment.etc."secureboot" = {
mode = "symlink";
source = "/persist/secrets/secureboot";
};
boot = {
bootspec.enable = true;
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/persist/secrets/secureboot";
};
};
environment.systemPackages = with pkgs; [
sbctl
];
}