feat: deploy secure boot on bootstrap

2025-12-06 17:17:22 +01:00 · 2024-12-28 03:06:45 +01:00 · 2024-12-28 03:06:45 +01:00 · 06b5b95a8a
commit 06b5b95a8a
parent 9271805c26
8 changed files with 87 additions and 26 deletions
--- a/hosts/nixos/nbl-imba-2/default.nix
+++ b/hosts/nixos/nbl-imba-2/default.nix
@ -45,7 +45,8 @@ in
    loader.efi.canTouchEfiVariables = true;
    lanzaboote = {
      enable = true;
-      pkiBundle = "/etc/secureboot";
+      # pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
    };
    supportedFilesystems = [ "btrfs" ];
    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;