Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add secureBoot

Browse source
This commit is contained in:
DashieTM 2025-05-01 22:02:09 +02:00
parent a7dba12fd3
commit 4a8e226066
3 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
base/common_hardware.nix
View file

@ -16,13 +16,27 @@ in {
# Bootloader. # Bootloader.
boot = { boot = {
consoleLogLevel = 0; consoleLogLevel = 0;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = lib.mkIf config.conf.secureBoot {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
loader = { loader = {
systemd-boot = lib.mkIf config.conf.useSystemdBootloader { systemd-boot = {
enable = true; enable =
if config.conf.secureBoot
then lib.mkForce false
else if config.conf.useSystemdBootloadertrue
then true
else false;
configurationLimit = 5; configurationLimit = 5;
}; };
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
initrd = { initrd = {
verbose = false; verbose = false;

9
modules/conf.nix
View file

@ -20,6 +20,15 @@
''; '';
}; };
secureBoot = lib.mkOption {
default = false;
example = true;
description = ''
enables secure boot.
Please don't forget to add your keys.
'';
};
useSystemdBootloader = lib.mkOption { useSystemdBootloader = lib.mkOption {
default = true; default = true;
example = false; example = false;

1
modules/programs/basePackages.nix
View file

@ -74,6 +74,7 @@
seahorse seahorse
upower upower
xorg.xkbutils xorg.xkbutils
sbctl
] ]
++ config.mods.basePackages.additionalPackages ++ config.mods.basePackages.additionalPackages
else config.mods.basePackages.additionalPackages; else config.mods.basePackages.additionalPackages;