diff options
| author | Freya Murphy <freya@freyacat.org> | 2025-01-22 10:06:45 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2025-01-22 10:07:01 -0500 |
| commit | 2e32697e99e76977a93aa5b665e5316ebb93b0c9 (patch) | |
| tree | 4e2217ba7b550575c636d1f55c8d2db45142b4ba /hosts | |
| parent | add unity (diff) | |
| download | dotfiles-nix-2e32697e99e76977a93aa5b665e5316ebb93b0c9.tar.gz dotfiles-nix-2e32697e99e76977a93aa5b665e5316ebb93b0c9.tar.bz2 dotfiles-nix-2e32697e99e76977a93aa5b665e5316ebb93b0c9.zip | |
secure boot
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/shinji.nix | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/hosts/shinji.nix b/hosts/shinji.nix index 220d72a..4ba5418 100644 --- a/hosts/shinji.nix +++ b/hosts/shinji.nix @@ -6,6 +6,7 @@ inputs.nixpkgs.lib.nixosSystem { modules = [ options inputs.home-manager.nixosModules.home-manager + inputs.lanzaboote.nixosModules.lanzaboote ../modules { # options @@ -19,10 +20,17 @@ inputs.nixpkgs.lib.nixosSystem { # hardware hardware.graphics.enable = true; hardware.bluetooth.enable = true; + security.tpm2.enable = false; # bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; # hostname networking.hostName = "shinji"; @@ -53,7 +61,7 @@ inputs.nixpkgs.lib.nixosSystem { }; # boot - fileSystems."/boot" = { + fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/6F93-6A0B"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; |