puter/modules/secure-boot.nix

{
  config,
  lib,
  inputs,
  pkgs,
  ...
}: let
  cfg = config.setups.secureBoot;
in {
  imports = [
    inputs.lanzaboote.nixosModules.lanzaboote
  ];

  options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot";

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
      pkgs.sbctl
    ];

    boot.loader.systemd-boot.enable = lib.mkForce false;

    boot.lanzaboote = {
      enable = lib.mkForce true;
      pkiBundle = lib.mkDefault "/var/lib/sbctl";
    };
  };
}
pluh 🗣 2025-03-01 21:21:00 +00:00			`{`
			`config,`
			`lib,`
			`inputs,`
			`pkgs,`
			`...`
			`}: let`
			`cfg = config.setups.secureBoot;`
			`in {`
			`imports = [`
			`inputs.lanzaboote.nixosModules.lanzaboote`
			`];`

			`options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot";`

			`config = lib.mkIf cfg.enable {`
			`environment.systemPackages = [`
			`pkgs.sbctl`
			`];`

			`boot.loader.systemd-boot.enable = lib.mkForce false;`

			`boot.lanzaboote = {`
			`enable = lib.mkForce true;`
			`pkiBundle = lib.mkDefault "/var/lib/sbctl";`
			`};`
			`};`
			`}`