talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add preparations for the new location for secureboot keys.

Browse Source
This commit is contained in:
Tom Alexander 2025-01-12 21:00:56 -05:00
parent 4019e6d132
commit 0fb53a4294
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nix/configuration/roles/boot/default.nix
View File

@ -75,11 +75,15 @@
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
# TODO:
# pkiBundle = "/var/lib/sbctl";
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/secureboot" # Secure Boot Keys "/etc/secureboot" # Old Secure Boot Keys location
# TODO: run `doas sbctl setup --migrate` to move keys
"/var/lib/sbctl" # Secure Boot Keys
]; ];
}; };
}) })