Skip to content

Commit

Permalink
Put lanzaboote as an option that will only be enabled if secureboot is
Browse files Browse the repository at this point in the history
true in a options.nix file
  • Loading branch information
jwyuen committed Jul 10, 2024
1 parent c63d139 commit 7450e65
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 4 deletions.
3 changes: 3 additions & 0 deletions nix-config/hosts/nix-deskstar/options.nix
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,7 @@ in {

# Power profiles daemon
powerprofiles = false;

# Use lanzaboote for secureboot
secureboot = false;
}
3 changes: 3 additions & 0 deletions nix-config/hosts/nix-lappy/options.nix
Original file line number Diff line number Diff line change
Expand Up @@ -81,4 +81,7 @@ in {

# Power profiles daemon
powerprofiles = true;

# Use lanzaboote for secureboot
secureboot = true;
}
3 changes: 3 additions & 0 deletions nix-config/hosts/nix-vm/options.nix
Original file line number Diff line number Diff line change
Expand Up @@ -80,5 +80,8 @@ in {

# Power profiles daemon
powerprofiles = false;

# Use lanzaboote for secureboot
secureboot = false;
}

26 changes: 22 additions & 4 deletions nix-config/system/boot.nix
Original file line number Diff line number Diff line change
@@ -1,13 +1,31 @@
{ pkgs, config, lib, ... }:
{ pkgs, config, lib, host, ... }:

let inherit (import ../hosts/${host}/options.nix) secureboot; in
{


# Bootloader
#boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
#boot.loader.systemd-boot.enable = lib.mkForce false;
#boot.loader.systemd-boot.enable = mkMerge
boot.loader.systemd-boot = lib.mkMerge [
(lib.mkIf (secureboot == true)
{
enable = lib.mkForce false;
}
)
(lib.mkIf (secureboot == false)
{
enable = true;
}
)
];

boot.lanzaboote = lib.mkIf (secureboot == true) {
enable = true;
pkiBundle = "/etc/secureboot";
};


boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = { "vm.max_map_count" = 2147483642; };
boot.tmp.useTmpfs = true;
Expand Down

0 comments on commit 7450e65

Please sign in to comment.