chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Enable secure boot on kholinar

Browse source
This commit is contained in:
Charlotte Van Petegem 2023-06-19 21:28:51 +02:00
parent 79d8375c21
commit f323d1826e
No known key found for this signature in database
GPG key ID: 019E764B7184435A
4 changed files with 187 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

13
machines/kholinar/hardware.nix
View file

@ -4,10 +4,11 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
loader.efi.canTouchEfiVariables = true;
initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" ];
@ -19,6 +20,12 @@
};
};
chvp.base.zfs.systemLinks = [{ path = "/etc/secureboot"; type = "cache"; }];
# For Secure Boot management
environment.systemPackages = [ pkgs.sbctl ];
fileSystems."/" = {
device = "rpool/local/root";
fsType = "zfs";