feat: secure boot enabled on lappy

2025-07-31 17:20:28 -07:00 · 2025-07-31 17:20:28 -07:00 · fa3624655d
commit fa3624655d
parent b0881d9244
3 changed files with 180 additions and 2 deletions
--- a/hosts/lappy/default.nix
+++ b/hosts/lappy/default.nix
@ -36,6 +36,13 @@
    "kernel.yama.ptrace_scope=0"
  ];

+  # Secure Boot
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
  virtualisation = {
    docker.enable = true;
    libvirtd.enable = true;