nixos-config/config/secureboot.nix

{
  pkgs,
  config,
  ...
}: {
  imports = [
    ../modules/systemd-secure-boot
    #    ../modules/systemd-cryptsetup.nix # broken
  ];

  sops.secrets."secureboot/DB.key" = {};
  boot.loader.systemd-boot = {
    editor = false;
    secureBoot = {
      enable = true;
      keyPath = config.sops.secrets."secureboot/DB.key".path;
      certPath = builtins.toString ../efi/DB.crt;
    };
  };
  system.extraSystemBuilderCmds = ''
    substituteAll ${../extra/switch-to-configuration.pl} $out/bin/switch-to-configuration
  '';
}
reformat repo 2022-06-12 15:39:15 +00:00			`{`
			`pkgs,`
			`config,`
			`...`
			`}: {`
Add secureboot to nutty-noon 2022-04-20 07:35:17 +00:00			`imports = [`
			`../modules/systemd-secure-boot`
disable systemd-cryptsetup because it’s broken 2022-04-21 07:23:50 +00:00			`# ../modules/systemd-cryptsetup.nix # broken`
Add secureboot to nutty-noon 2022-04-20 07:35:17 +00:00			`];`

reformat repo 2022-06-12 15:39:15 +00:00			`sops.secrets."secureboot/DB.key" = {};`
Add secureboot to nutty-noon 2022-04-20 07:35:17 +00:00			`boot.loader.systemd-boot = {`
			`editor = false;`
			`secureBoot = {`
			`enable = true;`
			`keyPath = config.sops.secrets."secureboot/DB.key".path;`
			`certPath = builtins.toString ../efi/DB.crt;`
			`};`
			`};`
Patch switch-to-configuration to switch to the new config first before setting up the bootloader 2022-04-20 10:45:35 +00:00			`system.extraSystemBuilderCmds = ''`
			`substituteAll ${../extra/switch-to-configuration.pl} $out/bin/switch-to-configuration`
			`'';`
Add secureboot to nutty-noon 2022-04-20 07:35:17 +00:00			`}`