18 lines
526 B
Nix
18 lines
526 B
Nix
{ config, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
inputs.lanzaboote.nixosModules.lanzaboote
|
|
];
|
|
|
|
age.secrets.secureBootKey.file = ../../../secrets/secure-boot-private-key-jericho.age;
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
configurationLimit = 50;
|
|
publicKeyFile = ./secure-boot/db.pem;
|
|
# BUG: the bootloader installation runs before/without the activation script,
|
|
# so this key may not exist unless the system has been activated beforehand.
|
|
privateKeyFile = config.age.secrets.secureBootKey.path;
|
|
};
|
|
}
|