From 2fb1d3dad4a887073c424d515bbabf956664968d Mon Sep 17 00:00:00 2001
From: min <minish@riseup.net>
Date: Fri, 10 May 2024 22:51:27 -0400
Subject: [PATCH] createKeys option

---
 nix/modules/lanzaboote.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nix/modules/lanzaboote.nix b/nix/modules/lanzaboote.nix
index f5d54af..565dcc9 100644
--- a/nix/modules/lanzaboote.nix
+++ b/nix/modules/lanzaboote.nix
@@ -21,6 +21,7 @@ in
     enable = mkEnableOption "Enable the LANZABOOTE";
 
     enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
+    createKeys = mkEnableOption "Automatic creation of the keys using sbctl";
 
     configurationLimit = mkOption {
       default = config.boot.loader.systemd-boot.configurationLimit;
@@ -110,6 +111,10 @@ in
     boot.loader.external = {
       enable = true;
       installHook = pkgs.writeShellScript "bootinstall" ''
+        ${optionalString cfg.createKeys ''
+          ${pkgs.sbctl}/bin/sbctl create-keys
+        ''}
+
         ${optionalString cfg.enrollKeys ''
           mkdir -p /tmp/pki
           cp -r ${cfg.pkiBundle}/* /tmp/pki