soopy.moe / gensokyo
nixos config
fork atom
gensokyo / systems / koumakan / security / secureboot.nix
at refactor/move-global-system-config 311 B view raw
1{ 2 pkgs, 3 lib, 4 ... 5}: { 6 environment.systemPackages = with pkgs; [ 7 cryptsetup 8 sbctl 9 ]; 10 11 # lanzaboote currently replaces systemd-boot, so disable that here. 12 boot.loader.systemd-boot.enable = lib.mkForce false; 13 boot.lanzaboote = { 14 enable = true; 15 pkiBundle = "/etc/secureboot"; 16 }; 17}