lavaridge: enable lanzaboote

2024-11-25 06:11:55 -05:00 · 2024-08-24 12:41:39 -04:00 · 2024-08-24 12:41:39 -04:00 · 9b8b7f1284
parent 85969849ea
commit 9b8b7f1284
1 changed files with 8 additions and 1 deletions
--- a/hosts/lavaridge/default.nix
+++ b/hosts/lavaridge/default.nix
@ -11,6 +11,7 @@
    ./home.nix
    ./secrets.nix
    ./stylix.nix
+    self.inputs.lanzaboote.nixosModules.lanzaboote
    self.inputs.nixhw.nixosModules.framework-13-amd-7000
    self.nixosModules.common-auto-upgrade
    self.nixosModules.common-base
@ -24,11 +25,17 @@
  ];

  boot = {
+    initrd.systemd.enable = true;
    kernelPackages = lib.mkForce pkgs.linuxPackages_6_9;

+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+
    loader = {
      efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
    };
  };