mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

feat: add lanzaboote for sausebiene

Browse source
This commit is contained in:
oddlama 2025-01-12 21:01:57 +01:00
parent 7f1be2f841
commit 50bebac0e0
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
6 changed files with 372 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

24
hosts/sausebiene/default.nix
View file

@ -2,12 +2,15 @@
globals,
inputs,
nodes,
pkgs,
lib,
...
}:
{
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.lanzaboote.nixosModules.lanzaboote
../../config
../../config/hardware/intel.nix
@ -22,6 +25,27 @@
nixpkgs.hostPlatform = "x86_64-linux";
boot.mode = "efi";
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.initrd.availableKernelModules = [
"r8169"
"tpm_crb"
];
security.tpm2 = {
enable = true;
pkcs11.enable = true;
};
environment.systemPackages = [ pkgs.sbctl ];
environment.persistence."/persist".directories = [
{
directory = "/var/lib/sbctl";
mode = "0700";
}
];
meta.promtail = {
enable = true;