mauville: enable secureboot and auto luks unlocking

This commit is contained in:
Aly Raffauf 2024-08-24 14:36:25 -04:00
parent c850f1dfec
commit 78840bcb6f

View file

@ -33,28 +33,17 @@ in {
boot = { boot = {
initrd = { initrd = {
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"]; availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
systemd.enable = true;
network = {
enable = true;
flushBeforeStage2 = true;
ssh = {
enable = true;
hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
}; };
udhcpc.enable = true; lanzaboote = {
enable = true;
postCommands = '' pkiBundle = "/etc/secureboot";
# Automatically ask for the password on SSH login
echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
'';
};
}; };
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
}; };
}; };