nixos-configs/hosts/mpl/bootloader.nix

{
  pkgs,
  lib,
  ...
}: {
  environment.systemPackages = [pkgs.sbctl];

  boot = {
    initrd.systemd = {
      enable = true;
      tpm2.enable = true;
    };

    loader = {
      efi.canTouchEfiVariables = true;

      timeout = 1;

      # disable systemd-boot in favor of lanzaboote
      systemd-boot.enable = lib.mkForce false;
    };
  };

  boot.lanzaboote = {
    enable = true;

    pkiBundle = "/etc/secureboot";
    configurationLimit = 3;
  };
}
update jan 6 2025-01-06 13:50:04 -06:00			`{`
			`pkgs,`
			`lib,`
			`...`
			`}: {`
			`environment.systemPackages = [pkgs.sbctl];`

btrfs autoscrub + initrd systemd 2024-12-30 23:28:20 -06:00			`boot = {`
update jan 6 2025-01-06 13:50:04 -06:00			`initrd.systemd = {`
			`enable = true;`
			`tpm2.enable = true;`
			`};`

btrfs autoscrub + initrd systemd 2024-12-30 23:28:20 -06:00			`loader = {`
			`efi.canTouchEfiVariables = true;`

update jan 6 2025-01-06 13:50:04 -06:00			`timeout = 1;`

			`# disable systemd-boot in favor of lanzaboote`
			`systemd-boot.enable = lib.mkForce false;`
initial commit 2024-12-27 16:44:03 -06:00			`};`
			`};`
update jan 6 2025-01-06 13:50:04 -06:00
			`boot.lanzaboote = {`
			`enable = true;`

			`pkiBundle = "/etc/secureboot";`
			`configurationLimit = 3;`
			`};`
initial commit 2024-12-27 16:44:03 -06:00			`}`