nix/nixos/common/modules/secureboot.nix

{ lib, config, pkgs, ...}: {

  imports = [ ./boot.nix ];
  
  # SecureBoot
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote.enable = true;
  boot.lanzaboote.pkiBundle = "/etc/secureboot";

  # Bootloader
  boot.loader.efi.canTouchEfiVariables = true;
  boot.tmp.cleanOnBoot = true;
  boot.initrd.systemd.enable = true;
}
test 2023-07-12 16:43:21 +02:00			`{ lib, config, pkgs, ...}: {`
test 2023-09-21 15:22:59 +02:00
test 2023-09-22 11:50:46 +02:00			`imports = [ ./boot.nix ];`
test 2023-11-26 12:29:58 +01:00
test 2023-09-21 15:22:59 +02:00			`# SecureBoot`
			`boot.loader.systemd-boot.enable = lib.mkForce false;`
Break things out for greater modulatiry 2023-07-12 13:52:15 +02:00			`boot.lanzaboote.enable = true;`
			`boot.lanzaboote.pkiBundle = "/etc/secureboot";`
Update splash screen 2023-09-21 14:51:42 +02:00
test 2023-09-21 15:22:59 +02:00			`# Bootloader`
			`boot.loader.efi.canTouchEfiVariables = true;`
			`boot.tmp.cleanOnBoot = true;`
			`boot.initrd.systemd.enable = true;`
Break things out for greater modulatiry 2023-07-12 13:52:15 +02:00			`}`