puter/modules/secure-boot.nix

{
  config,
  lib,
  # inputs,
  # pkgs,
  ...
}: let
  cfg = config.setups.secureBoot;
in {
  # imports = [
  #   inputs.lanzaboote.nixosModules.lanzaboote
  # ];

  options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot";

  config = lib.mkIf cfg.enable {
    # environment.systemPackages = [
    #   pkgs.sbctl
    # ];

    # boot.loader.systemd-boot.enable = lib.mkForce false;

    # boot.lanzaboote = {
    #   enable = lib.mkForce true;
    #   pkiBundle = lib.mkDefault "/var/lib/sbctl";
    # };
  };
}
pluh 🗣 2025-03-01 21:21:00 +00:00			`{`
			`config,`
			`lib,`
repair 2025-03-26 16:12:29 +00:00			`# inputs,`
			`# pkgs,`
pluh 🗣 2025-03-01 21:21:00 +00:00			`...`
			`}: let`
			`cfg = config.setups.secureBoot;`
			`in {`
repair 2025-03-26 16:12:29 +00:00			`# imports = [`
			`# inputs.lanzaboote.nixosModules.lanzaboote`
			`# ];`
pluh 🗣 2025-03-01 21:21:00 +00:00
			`options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot";`

			`config = lib.mkIf cfg.enable {`
repair 2025-03-26 16:12:29 +00:00			`# environment.systemPackages = [`
			`# pkgs.sbctl`
			`# ];`
pluh 🗣 2025-03-01 21:21:00 +00:00
repair 2025-03-26 16:12:29 +00:00			`# boot.loader.systemd-boot.enable = lib.mkForce false;`
pluh 🗣 2025-03-01 21:21:00 +00:00
repair 2025-03-26 16:12:29 +00:00			`# boot.lanzaboote = {`
			`# enable = lib.mkForce true;`
			`# pkiBundle = lib.mkDefault "/var/lib/sbctl";`
			`# };`
pluh 🗣 2025-03-01 21:21:00 +00:00			`};`
			`}`