diff --git a/laptop/configuration.nix b/laptop/configuration.nix index 0066fcbe..c6f0bdac 100644 --- a/laptop/configuration.nix +++ b/laptop/configuration.nix @@ -41,7 +41,11 @@ boot.plymouth.enable = true; boot.initrd.systemd.enable = true; boot.kernelParams = ["quiet"]; - + # SecureBoot + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote.enable = true; + pkiBundle = "/etc/secureboot"; + # Setup keyfile boot.initrd.secrets = { "/crypto_keyfile.bin" = null; diff --git a/laptop/flake.nix b/laptop/flake.nix index 1e321344..5981b9e9 100644 --- a/laptop/flake.nix +++ b/laptop/flake.nix @@ -8,10 +8,16 @@ # Manage dotfiles in a home directory home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + # Secureboot Configuration + lanzaboote.url = "github:nix-community/lanzaboote"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { nixpkgs, home-manager, ... }: + outputs = { nixpkgs, home-manager, lanzaboote, ... }: let + # Secureboot Configuration + system = "x86_64-linux"; pkgs = import nixpkgs { # Tells Flake what OS version we are using @@ -28,6 +34,7 @@ modules = [ ./configuration.nix ./hardware-configuration.nix + lanzaboote.nixosModules.lanzaboote ]; }; };