2022-04-20 14:46:01 +00:00
|
|
|
{ pkgs, config, ... }: {
|
2022-04-20 07:35:17 +00:00
|
|
|
imports = [
|
|
|
|
../modules/systemd-secure-boot
|
2022-04-21 07:23:50 +00:00
|
|
|
# ../modules/systemd-cryptsetup.nix # broken
|
2022-04-20 07:35:17 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sops.secrets."secureboot/DB.key" = { };
|
|
|
|
boot.loader.systemd-boot = {
|
|
|
|
editor = false;
|
|
|
|
secureBoot = {
|
|
|
|
enable = true;
|
|
|
|
keyPath = config.sops.secrets."secureboot/DB.key".path;
|
|
|
|
certPath = builtins.toString ../efi/DB.crt;
|
|
|
|
};
|
|
|
|
};
|
2022-04-20 10:45:35 +00:00
|
|
|
system.extraSystemBuilderCmds = ''
|
|
|
|
substituteAll ${../extra/switch-to-configuration.pl} $out/bin/switch-to-configuration
|
|
|
|
'';
|
2022-04-20 07:35:17 +00:00
|
|
|
}
|