add lanzaboote

Signed-off-by: unexplrd <unexplrd@linerds.us>
2025-03-28 16:13:37 +02:00
parent 852c5b0655
commit 897a472d60
3 changed files with 177 additions and 5 deletions
--- a/hosts/eldrid/configuration.nix
+++ b/hosts/eldrid/configuration.nix
@ -7,6 +7,7 @@
 }: {
  imports = with inputs; [
    chaotic.nixosModules.default
+    lanzaboote.nixosModules.lanzaboote
    lix.nixosModules.default
    self.nixosModules.desktop
    self.nixosModules.system
@ -61,9 +62,13 @@
    plymouth.enable = true;
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot = {
-      enable = true;
+      enable = !config.boot.lanzaboote.enable;
      consoleMode = "auto";
    };
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+    };
  };

  console = {