nixos-config/nixos/profiles/system/boot/secure-boot.nix

{ pkgs, lib, ... }:
{
  environment.systemPackages = with pkgs; [ sbctl ];

  boot.loader.systemd-boot.enable = lib.mkForce false;

  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/etc/secureboot";
  };

  environment.etc."secureboot" = {
    source = "/persist/etc/secureboot";
    mode = "direct-symlink";
  };
}
treewide: init flakes 2024-11-28 01:14:34 +08:00			`{ pkgs, lib, ... }:`
			`{`
			`environment.systemPackages = with pkgs; [ sbctl ];`

			`boot.loader.systemd-boot.enable = lib.mkForce false;`

			`boot.lanzaboote = {`
			`enable = true;`
			`pkiBundle = "/etc/secureboot";`
			`};`

system/preservation: use static symlink for files in `/etc` 2025-01-13 13:17:05 +08:00			`environment.etc."secureboot" = {`
			`source = "/persist/etc/secureboot";`
			`mode = "direct-symlink";`
			`};`
treewide: init flakes 2024-11-28 01:14:34 +08:00			`}`