Add preparations for the new location for secureboot keys.

2025-01-12 21:00:56 -05:00 · 2025-01-12 21:00:56 -05:00 · 0fb53a4294
commit 0fb53a4294
parent 4019e6d132
1 changed files with 5 additions and 1 deletions
--- a/nix/configuration/roles/boot/default.nix
+++ b/nix/configuration/roles/boot/default.nix
@ -75,11 +75,15 @@
      boot.lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
+        # TODO:
+        #     pkiBundle = "/var/lib/sbctl";
      };
      environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
        hideMounts = true;
        directories = [
-          "/etc/secureboot" # Secure Boot Keys
+          "/etc/secureboot" # Old Secure Boot Keys location
+          # TODO: run `doas sbctl setup --migrate` to move keys
+          "/var/lib/sbctl" # Secure Boot Keys
        ];
      };
    })