31 lines
462 B
Nix
31 lines
462 B
Nix
{
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
environment.systemPackages = [pkgs.sbctl];
|
|
|
|
boot = {
|
|
initrd.systemd = {
|
|
enable = true;
|
|
tpm2.enable = true;
|
|
};
|
|
|
|
loader = {
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
timeout = 1;
|
|
|
|
# disable systemd-boot in favor of lanzaboote
|
|
systemd-boot.enable = lib.mkForce false;
|
|
};
|
|
};
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
|
|
pkiBundle = "/etc/secureboot";
|
|
configurationLimit = 3;
|
|
};
|
|
}
|