nixosModules/lanzaboote.nix at main · bwc9876.dev/nixos-config

bwc9876.dev / nixos-config

fork atom

Flake for my NixOS devices

fork atom

nixos-config / nixosModules / lanzaboote.nix

at main 20 lines 446 B view raw

wrap content

bwc9876.dev Better lanzaboote control, better ssh host keys 4mo ago

e281bd0e

 1{...}: {
 2  inputs,
 3  lib,
 4  config,
 5  ...
 6}: {
 7  imports = [inputs.lanzaboote.nixosModules.lanzaboote];
 8
 9  options.cow.lanzaboote.enable = lib.mkEnableOption "Use lanzaboote for booting and secure boot";
10
11  config.boot = lib.mkIf config.cow.lanzaboote.enable {
12    loader.systemd-boot.enable = lib.mkForce false;
13    bootspec.enable = true;
14
15    lanzaboote = {
16      enable = true;
17      pkiBundle = lib.mkDefault "/var/lib/sbctl";
18    };
19  };
20}