nix/nixos/common/modules/secureboot.nix

{ lib, config, pkgs, ...}: {

  imports = [ ./boot.nix ];
  
  # SecureBoot
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote.enable = true;
  boot.lanzaboote.pkiBundle = "/etc/secureboot";

  # Bootloader
  boot.loader.efi.canTouchEfiVariables = true;
  boot.tmp.cleanOnBoot = true;
  boot.initrd.systemd.enable = true;
}
test 2023-07-12 23:43:21 +09:00			`{ lib, config, pkgs, ...}: {`
test 2023-09-21 22:22:59 +09:00
test 2023-09-22 18:50:46 +09:00			`imports = [ ./boot.nix ];`
test 2023-11-26 20:29:58 +09:00
test 2023-09-21 22:22:59 +09:00			`# SecureBoot`
			`boot.loader.systemd-boot.enable = lib.mkForce false;`
Break things out for greater modulatiry 2023-07-12 20:52:15 +09:00			`boot.lanzaboote.enable = true;`
			`boot.lanzaboote.pkiBundle = "/etc/secureboot";`
Update splash screen 2023-09-21 21:51:42 +09:00
test 2023-09-21 22:22:59 +09:00			`# Bootloader`
			`boot.loader.efi.canTouchEfiVariables = true;`
			`boot.tmp.cleanOnBoot = true;`
			`boot.initrd.systemd.enable = true;`
Break things out for greater modulatiry 2023-07-12 20:52:15 +09:00			`}`