nix/nixos/common/modules/secureboot.nix
2023-09-21 22:25:30 +09:00

13 lines
No EOL
348 B
Nix

{ lib, config, pkgs, ...}: {
imports = [ ./bootloader.nix ];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;
boot.lanzaboote.pkiBundle = "/etc/secureboot";
# Bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
boot.initrd.systemd.enable = true;
}