rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-25 16:08:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

configured secureboot

Browse source
This commit is contained in:
Rouven Seifert 2023-05-31 13:23:49 +02:00
parent ea825be67f
commit a9442f038d
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
6 changed files with 249 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/thinkpad/default.nix
View file

@ -12,7 +12,16 @@
# Use the systemd-boot EFI boot loader.
boot = {
loader.systemd-boot.enable = true;
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
};
loader.systemd-boot.editor = false;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
@ -27,6 +36,7 @@
directories = [
"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
"/etc/ssh"
"/etc/secureboot"
];
files = [
"/etc/machine-id"
@ -179,6 +189,7 @@
unzip
virt-viewer # multi monitor for vms
sbctl
];
programs.java.enable = true;