first stab at secure boot
This commit is contained in:
parent
ad9ced3250
commit
7e815dd5d0
GPG key ID:
91FA5E5BF9AA901C
4 changed files with 263 additions and 20 deletions
|
|
@ -6,6 +6,7 @@
|
|||
./network-vpns.nix
|
||||
./network.nix
|
||||
./secrets.nix
|
||||
./secure-boot.nix
|
||||
./zfs.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
12
hosts/toaster/secure-boot.nix
Normal file
12
hosts/toaster/secure-boot.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, lib, ... }: {
|
||||
boot = {
|
||||
bootspec.enable = true;
|
||||
loader.systemd-boot.enable = lib.mkForce false;
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.sbctl ];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue