Skip to content

Commit

Permalink
Enabled settings for secure boot (although the config doesnt
Browse files Browse the repository at this point in the history
automatically give you secure boot as you still need to follow steps
from lanzaboote quick start)
  • Loading branch information
jwyuen committed Jul 7, 2024
1 parent f57e7de commit e1876b4
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 8 deletions.
12 changes: 6 additions & 6 deletions nix-config/hosts/nix-lappy/hardware.nix
Original file line number Diff line number Diff line change
Expand Up @@ -20,26 +20,26 @@

boot.initrd.luks.devices."luks-280f3096-4ae3-493e-ad61-f7523cb0b574".device = "/dev/disk/by-uuid/280f3096-4ae3-493e-ad61-f7523cb0b574";

fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AF84-0B7A";
fsType = "vfat";
};

fileSystems."/home" =
{ device = "/dev/disk/by-uuid/f9ca8e28-eaae-4016-bf38-1bab9e36a54e";
fsType = "ext4";
};

boot.initrd.luks.devices."luks-7d861ea1-85e9-4642-9f67-bc4d5d1a751b".device = "/dev/disk/by-uuid/7d861ea1-85e9-4642-9f67-bc4d5d1a751b";

fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AF84-0B7A";
fsType = "vfat";
};

swapDevices = [ ];

# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;

nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
Expand Down
9 changes: 7 additions & 2 deletions nix-config/system/boot.nix
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
{ pkgs, config, ... }:
{ pkgs, config, lib, ... }:

{
# Bootloader
boot.loader.systemd-boot.enable = true;
#boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = { "vm.max_map_count" = 2147483642; };
boot.tmp.useTmpfs = true;
Expand Down
2 changes: 2 additions & 0 deletions nix-config/system/packages.nix
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
fastfetch htop btop stow brightnessctl
# other
polkit_gnome
# secure boot
sbctl
];

programs = {
Expand Down

0 comments on commit e1876b4

Please sign in to comment.