set up secure boot on eclipse and do some tpm stuff

2024-12-04 16:09:14 -05:00 · 2024-12-04 16:09:14 -05:00 · c9b44fbf1f
commit c9b44fbf1f
parent d5db083507
4 changed files with 261 additions and 22 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,10 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote/v0.4.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nix-flatpak.url = "github:gmodena/nix-flatpak";
    nixvim = {
      url = "github:nix-community/nixvim";
@ -29,7 +33,12 @@
    catppuccin-vsc.url = "https://flakehub.com/f/catppuccin/vscode/*.tar.gz";
  };
  outputs =
-    { nixpkgs, home-manager, ... }@inputs:
+    {
+      self,
+      nixpkgs,
+      home-manager,
+      ...
+    }@inputs:
    let
      user = "cswimr";
      system = "x86_64-linux";
@ -80,6 +89,18 @@
            inputs.nixvim.nixosModules.nixvim
            inputs.nix-flatpak.nixosModules.nix-flatpak

+            inputs.lanzaboote.nixosModules.lanzaboote
+            (
+              { lib, ... }:
+              {
+                boot.loader.systemd-boot.enable = lib.mkForce false;
+                boot.lanzaboote = {
+                  enable = true;
+                  pkiBundle = "/etc/secureboot";
+                };
+              }
+            )
+
            # Home Manager
            home-manager.nixosModules.home-manager
            {