secure boot
This commit is contained in:
parent
eafde182c3
commit
e383fc2fad
GPG key ID:
AB79213B044674AE
3 changed files with 192 additions and 7 deletions
|
|
@ -1,4 +1,9 @@
|
|||
{ inputs, pkgs, ... }:
|
||||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
networking.hostName = "fw";
|
||||
|
||||
|
|
@ -11,18 +16,28 @@
|
|||
inputs.disko.nixosModules.disko
|
||||
./disko.nix
|
||||
inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.sbctl
|
||||
];
|
||||
|
||||
services.fprintd.enable = true;
|
||||
# security.pam.enableFscrypt = true;
|
||||
|
||||
boot = {
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/var/lib/sbctl";
|
||||
};
|
||||
loader = {
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
efi.canTouchEfiVariables = true;
|
||||
grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
};
|
||||
# grub = {
|
||||
# enable = false;
|
||||
# efiSupport = true;
|
||||
# };
|
||||
};
|
||||
|
||||
kernelPackages = pkgs.linuxPackages_6_12;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue