From d0565553a231fc9a2cfbfca13d261199d1d0b8e8 Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Tue, 9 Apr 2024 16:44:21 +0200
Subject: basesystem: set lanzaboote.settings.editor to false

This prevents gaining a root shell with init=/bin/sh
---
 modules/nixos/sils/basesystem.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix
index 1812feb..6d10f3f 100644
--- a/modules/nixos/sils/basesystem.nix
+++ b/modules/nixos/sils/basesystem.nix
@@ -28,6 +28,9 @@
         enable = true;
         configurationLimit = 10;
         pkiBundle = "/etc/secureboot";
+        settings = {
+          editor = false;
+        };
       };
       resumeDevice = config.sils.meta.mainDisk;
       kernelParams = ["resume_offset=369403136"];
-- 
cgit 1.4.1