diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/by-name/bo/boot/module.nix | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix index 8b71ce65..dfcd14b7 100644 --- a/modules/by-name/bo/boot/module.nix +++ b/modules/by-name/bo/boot/module.nix @@ -1,7 +1,17 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. { config, lib, pkgs, + modules, ... }: let cfg = config.soispha.boot; @@ -12,6 +22,10 @@ in { # enableIsoEntry = lib.mkEnableOption "an tails iso boot entry"; }; + imports = [ + modules.lanzaboote.nixosModules.lanzaboote + ]; + config = lib.mkIf cfg.enable ( # let # cfg = config.boot.loader.systemd-boot; @@ -70,7 +84,7 @@ in { # This should only be necessary for `lanzaboote`, but that is the current default in # this module. soispha.impermanence.directories = [ - "/etc/secureboot" + "/var/lib/sbctl" ]; boot = { @@ -82,7 +96,7 @@ in { lanzaboote = { enable = true; - pkiBundle = "/etc/secureboot"; + pkiBundle = "/var/lib/sbctl"; settings = { # Disable editing the kernel command line (which could allow someone to become root) |