System/Nixinator: Enable lanzaboote + secure boot

2025-08-16 11:50:39 +02:00
parent 6503d33fc5
commit b340e16edd
4 changed files with 193 additions and 13 deletions
--- a/system/default.nix
+++ b/system/default.nix
@ -26,9 +26,12 @@ with mylib.networking; {
      enable = true;

      loader =
-        if headless
-        then "grub"
-        else "systemd-boot";
+        lib.mkDefault
+        (
+          if headless
+          then "grub"
+          else "systemd-boot"
+        );
      systemd-boot.bootDevice = "/boot";
      grub.bootDevice = "/dev/sda";
    };
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -1,4 +1,5 @@
 {
+  lib,
  mylib,
  pkgs,
  username,
@ -14,6 +15,11 @@
  ];

  modules = {
+    bootloader = {
+      # Secure boot
+      loader = "lanzaboote";
+    };
+
    impermanence.enable = true;

    network = {