mirror of
https://github.com/tuxdotrs/nix-config.git
synced 2026-06-17 10:16:31 +05:30
39 lines
819 B
Nix
39 lines
819 B
Nix
{ inputs, ... }:
|
|
{
|
|
flake.modules.nixos.boot =
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.tnix.boot;
|
|
in
|
|
{
|
|
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
|
|
|
|
options.tnix.boot.secure-boot = {
|
|
enable = lib.mkEnableOption "Enable secure-boot";
|
|
};
|
|
|
|
config = lib.mkIf cfg.secure-boot.enable {
|
|
environment.systemPackages = [
|
|
pkgs.sbctl
|
|
];
|
|
|
|
# Lanzaboote currently replaces the systemd-boot module.
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
autoGenerateKeys.enable = true;
|
|
autoEnrollKeys.enable = true;
|
|
|
|
configurationLimit = 10;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
};
|
|
};
|
|
}
|