diff --git a/nix-config/hosts/nix-lappy/hardware.nix b/nix-config/hosts/nix-lappy/hardware.nix index 783dd3751..a087f058b 100644 --- a/nix-config/hosts/nix-lappy/hardware.nix +++ b/nix-config/hosts/nix-lappy/hardware.nix @@ -20,6 +20,11 @@ boot.initrd.luks.devices."luks-280f3096-4ae3-493e-ad61-f7523cb0b574".device = "/dev/disk/by-uuid/280f3096-4ae3-493e-ad61-f7523cb0b574"; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AF84-0B7A"; + fsType = "vfat"; + }; + fileSystems."/home" = { device = "/dev/disk/by-uuid/f9ca8e28-eaae-4016-bf38-1bab9e36a54e"; fsType = "ext4"; @@ -27,11 +32,6 @@ boot.initrd.luks.devices."luks-7d861ea1-85e9-4642-9f67-bc4d5d1a751b".device = "/dev/disk/by-uuid/7d861ea1-85e9-4642-9f67-bc4d5d1a751b"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AF84-0B7A"; - fsType = "vfat"; - }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -39,7 +39,7 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/nix-config/system/boot.nix b/nix-config/system/boot.nix index 6048d8b1a..0f585b1c9 100644 --- a/nix-config/system/boot.nix +++ b/nix-config/system/boot.nix @@ -1,8 +1,13 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { # Bootloader - boot.loader.systemd-boot.enable = true; + #boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; boot.loader.efi.canTouchEfiVariables = true; boot.kernel.sysctl = { "vm.max_map_count" = 2147483642; }; boot.tmp.useTmpfs = true; diff --git a/nix-config/system/packages.nix b/nix-config/system/packages.nix index bbc908523..a6e5a5ada 100644 --- a/nix-config/system/packages.nix +++ b/nix-config/system/packages.nix @@ -16,6 +16,8 @@ fastfetch htop btop stow brightnessctl # other polkit_gnome + # secure boot + sbctl ]; programs = {