modules/boot: Migrate to new `sbctl` directory

Otherwise, `sbctl` will yell at you, that your setup is deprecated.
author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-06-10 10:05:00 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-06-10 10:05:00 +0200
commit: 47a0a89a570b2e282010239bf1fe60adb7db73c9 (patch)
tree: 73aa0886d1e2dcebde06122983a461d7216e448d
parent: pkgs/tskm: Merge tags of inputs, which have to same url (diff)
download: nixos-config-47a0a89a570b2e282010239bf1fe60adb7db73c9.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix
index 404352ac..dfcd14b7 100644
--- a/modules/by-name/bo/boot/module.nix
+++ b/modules/by-name/bo/boot/module.nix
@@ -84,7 +84,7 @@ in {
       # This should only be necessary for `lanzaboote`, but that is the current default in
       # this module.
       soispha.impermanence.directories = [
-        "/etc/secureboot"
+        "/var/lib/sbctl"
       ];
 
       boot = {
@@ -96,7 +96,7 @@ in {
 
         lanzaboote = {
           enable = true;
-          pkiBundle = "/etc/secureboot";
+          pkiBundle = "/var/lib/sbctl";
 
           settings = {
             # Disable editing the kernel command line (which could allow someone to become root)
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-06-10 10:05:00 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-06-10 10:05:00 +0200
commit	47a0a89a570b2e282010239bf1fe60adb7db73c9 (patch)
tree	73aa0886d1e2dcebde06122983a461d7216e448d
parent	pkgs/tskm: Merge tags of inputs, which have to same url (diff)
download	nixos-config-47a0a89a570b2e282010239bf1fe60adb7db73c9.zip