about summary refs log tree commit diff stats
path: root/modules/by-name/bo/boot/module.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/bo/boot/module.nix')
-rw-r--r--modules/by-name/bo/boot/module.nix9
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix
index 8b9ca6dd..dfcd14b7 100644
--- a/modules/by-name/bo/boot/module.nix
+++ b/modules/by-name/bo/boot/module.nix
@@ -11,6 +11,7 @@
   config,
   lib,
   pkgs,
+  modules,
   ...
 }: let
   cfg = config.soispha.boot;
@@ -21,6 +22,10 @@ in {
     # enableIsoEntry = lib.mkEnableOption "an tails iso boot entry";
   };
 
+  imports = [
+    modules.lanzaboote.nixosModules.lanzaboote
+  ];
+
   config = lib.mkIf cfg.enable (
     # let
     # cfg = config.boot.loader.systemd-boot;
@@ -79,7 +84,7 @@ in {
       # This should only be necessary for `lanzaboote`, but that is the current default in
       # this module.
       soispha.impermanence.directories = [
-        "/etc/secureboot"
+        "/var/lib/sbctl"
       ];
 
       boot = {
@@ -91,7 +96,7 @@ in {
 
         lanzaboote = {
           enable = true;
-          pkiBundle = "/etc/secureboot";
+          pkiBundle = "/var/lib/sbctl";
 
           settings = {
             # Disable editing the kernel command line (which could allow someone to become root)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-03 21:18:44 +0000