nix: add lanzaboote

2025-05-03 16:15:58 +10:00 · 2025-05-03 16:15:58 +10:00 · 3259c38d75
commit 3259c38d75
parent 27b763939b
3 changed files with 229 additions and 1 deletions
--- a/modules/secureboot.nix
+++ b/modules/secureboot.nix
@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    sbctl
+  ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+}