swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: introduce lanzaboote profile

Browse source
This commit is contained in:
Swarsel 2024-12-28 13:13:53 +01:00
parent 71a9020d17
commit c011c9bfdd
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
6 changed files with 65 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

1
profiles/common/nixos/default.nix
View file

@ -39,6 +39,7 @@ _:
./distrobox.nix
./lid.nix
./lowbattery.nix
./lanzaboote.nix
];
nixpkgs.config.permittedInsecurePackages = [

13
profiles/common/nixos/lanzaboote.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, config, ... }:
{
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
};
lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
}