min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc: add a more complete flakes fragment for quickstart

This commit is contained in:
Julian Stecklina 2023-02-19 19:34:52 +01:00
parent a75e2b4c95
commit 6e72e2fed2
1 changed files with 47 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/QUICK_START.md
View File

@ -125,16 +125,32 @@ Below is a fragment of a NixOS configuration that enables the Secure
Boot stack. Boot stack.
```nix ```nix
{
description = "A SecureBoot-enabled NixOS configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, lanzaboote, ...}: {
nixosConfigurations = { nixosConfigurations = {
yourHost = nixpkgs.lib.nixosSystem { yourHost = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
# ... other modules ... # This is not a complete NixOS configuration and you need to reference
# your normal configuration here.
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
({ config, pkgs, lib, ... }: { ({ pkgs, lib, ... }: {
# This should already be here from switching to bootspec earlier. # This should already be here from switching to bootspec earlier.
# It's not required anymore, but also doesn't do any harm. # It's not required anymore, but also doesn't do any harm.
boot.bootspec.enable = true; boot.bootspec.enable = true;
@ -157,6 +173,9 @@ nixosConfigurations = {
}) })
]; ];
}; };
};
};
}
``` ```
After you rebuild your system, check `sbctl verify` output: After you rebuild your system, check `sbctl verify` output: