mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-25 11:21:53 -05:00
mauville: enable secureboot and auto luks unlocking
This commit is contained in:
parent
c850f1dfec
commit
78840bcb6f
|
@ -33,28 +33,17 @@ in {
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
|
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
|
||||||
|
systemd.enable = true;
|
||||||
network = {
|
|
||||||
enable = true;
|
|
||||||
flushBeforeStage2 = true;
|
|
||||||
|
|
||||||
ssh = {
|
|
||||||
enable = true;
|
|
||||||
hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
udhcpc.enable = true;
|
lanzaboote = {
|
||||||
|
enable = true;
|
||||||
postCommands = ''
|
pkiBundle = "/etc/secureboot";
|
||||||
# Automatically ask for the password on SSH login
|
|
||||||
echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
loader = {
|
loader = {
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
systemd-boot.enable = true;
|
systemd-boot.enable = lib.mkForce false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue