diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-25 08:20:25 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-25 08:29:39 -0800 |
| commit | 2777680940425a9a741a8ba1befef2fcf1cc139b (patch) | |
| tree | a86d7ea98aceb31325de04324ba59ebd5b20f96e /profiles/secureboot.nix | |
| parent | enforce sorting in some places (diff) | |
| download | infra-2777680940425a9a741a8ba1befef2fcf1cc139b.tar.gz | |
enable lanzaboote
Diffstat (limited to '')
| -rw-r--r-- | profiles/secureboot.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/profiles/secureboot.nix b/profiles/secureboot.nix new file mode 100644 index 0000000..53df8e3 --- /dev/null +++ b/profiles/secureboot.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, ... }: +{ + environment.persistence."/persist/save".directories = [ + "/var/lib/sbctl" + ]; + + environment.systemPackages = [ + pkgs.sbctl + ]; + + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; +} |