dotfiles/modules/os/core/secure-boot.nix
eriedaberrie f821fb411e Initial commit
Note: not the actual initial commit.

I swear I will stop repeatedly force pushing to this single commit eventually
ok.
2024-09-11 11:09:05 -07:00

27 lines
473 B
Nix

{ pkgs, config, lib, inputs, ... }:
let
cfg = config.my.secure-boot;
in {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
options.my.secure-boot = {
enable = lib.mkEnableOption null;
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.sbctl ];
boot = {
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
};
}