Add lanzaboote
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
22
hosts/common/configs/system/lanzaboote/default.nix
Normal file
22
hosts/common/configs/system/lanzaboote/default.nix
Normal file
@@ -0,0 +1,22 @@
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
|
||||
|
||||
environment = {
|
||||
persistence."/persist/state"."/var/lib/sbctl" = { };
|
||||
|
||||
systemPackages = with pkgs; [ sbctl ];
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/var/lib/sbctl";
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user