nixos: enrollment is optional
This commit is contained in:
parent
49519cb289
commit
a99646bb01
|
@ -37,9 +37,11 @@ in
|
|||
enable = true;
|
||||
passBootspec = true;
|
||||
installHook = "${pkgs.writeShellScriptBin "bootinstall" ''
|
||||
${optionalString cfg.enrollKeys ''
|
||||
mkdir -p /tmp/pki
|
||||
cp -r ${cfg.pkiBundle}/* /tmp/pki
|
||||
${sbctlWithPki}/bin/sbctl enroll-keys --yes-this-might-brick-my-machine
|
||||
''}
|
||||
${cfg.package}/bin/lanzatool install --pki-bundle ${cfg.pkiBundle} --public-key ${cfg.publicKeyFile} --private-key ${cfg.privateKeyFile} "$@"
|
||||
''}/bin/bootinstall";
|
||||
# ${cfg.package}/bin/lanzatool install ${optionalString cfg.enrollKeys "--auto-enroll"} --pki-bundle ${cfg.pkiBundle}
|
||||
|
|
Loading…
Reference in New Issue