Merge pull request #105 from nix-community/quickstart

Add a More Complete Flakes Fragment for Quickstart
This commit is contained in:
Julian Stecklina 2023-02-21 00:24:06 +01:00 committed by GitHub
commit 750629c860
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 47 additions and 28 deletions

View File

@ -125,16 +125,32 @@ Below is a fragment of a NixOS configuration that enables the Secure
Boot stack. Boot stack.
```nix ```nix
{
description = "A SecureBoot-enabled NixOS configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, lanzaboote, ...}: {
nixosConfigurations = { nixosConfigurations = {
yourHost = nixpkgs.lib.nixosSystem { yourHost = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
# ... other modules ... # This is not a complete NixOS configuration and you need to reference
# your normal configuration here.
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
({ config, pkgs, lib, ... }: { ({ pkgs, lib, ... }: {
# This should already be here from switching to bootspec earlier. # This should already be here from switching to bootspec earlier.
# It's not required anymore, but also doesn't do any harm. # It's not required anymore, but also doesn't do any harm.
boot.bootspec.enable = true; boot.bootspec.enable = true;
@ -157,6 +173,9 @@ nixosConfigurations = {
}) })
]; ];
}; };
};
};
}
``` ```
After you rebuild your system, check `sbctl verify` output: After you rebuild your system, check `sbctl verify` output: