config/hosts/jericho/extras/lanzaboote.nix

{ config, inputs, ... }:

{
  imports = [
    inputs.lanzaboote.nixosModules.lanzaboote
  ];

  age.secrets.secureBootKey.file = ../../../secrets/secure-boot-private-key-jericho.age;

  boot.lanzaboote = {
    enable = true;
    configurationLimit = 50;
    publicKeyFile = ./secure-boot/db.pem;
    # BUG: the bootloader installation runs before/without the activation script,
    # so this key may not exist unless the system has been activated beforehand.
    privateKeyFile = config.age.secrets.secureBootKey.path;
  };
}
hosts/jericho: enable secure boot with lanzaboote 2023-01-13 00:58:33 +02:00			`{ config, inputs, ... }:`

			`{`
			`imports = [`
			`inputs.lanzaboote.nixosModules.lanzaboote`
			`];`

			`age.secrets.secureBootKey.file = ../../../secrets/secure-boot-private-key-jericho.age;`

			`boot.lanzaboote = {`
			`enable = true;`
			`configurationLimit = 50;`
			`publicKeyFile = ./secure-boot/db.pem;`
			`# BUG: the bootloader installation runs before/without the activation script,`
			`# so this key may not exist unless the system has been activated beforehand.`
			`privateKeyFile = config.age.secrets.secureBootKey.path;`
			`};`
			`}`