Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Secure boot and wsl (#10)

Browse source 
- Add secure boot via lanzaboote
- Add wsl flag
- Remove flatpak flake
This commit is contained in:
Dashie 2025-05-02 10:16:15 +02:00 committed by GitHub
parent 8cf9a40763
commit 32f0512ef5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 51 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

21
base/common_hardware.nix
View file

@ -13,16 +13,30 @@ in {
#(modulesPath + "/misc/nixpkgs/read-only.nix")
];
wsl.enable = config.conf.wsl;
# Bootloader.
boot = {
boot = lib.mkIf (!config.conf.wsl) {
consoleLogLevel = 0;
lanzaboote = lib.mkIf config.conf.secureBoot {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
loader = {
systemd-boot = lib.mkIf config.conf.useSystemdBootloader {
enable = true;
systemd-boot = {
enable =
if config.conf.secureBoot
then lib.mkForce false
else if config.conf.useSystemdBootloader
then true
else false;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
};
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
initrd = {
verbose = false;
@ -60,7 +74,6 @@ in {
# Enable the X11 windowing system.
services = {
lorri.enable = true;
flatpak.enable = true;
xserver.enable = true;
fstrim.enable = lib.mkDefault true;
# Enable sound with pipewire.