From 82f1d9d5c92d24ee0d47fb3e50308d4cbcb39299 Mon Sep 17 00:00:00 2001 From: Jay Looney Date: Fri, 12 Sep 2025 20:49:29 -0500 Subject: [PATCH] refactor: moved secure boot and disko --- flake.nix | 13 +------------ hosts/titanium/default.nix | 4 ++++ hosts/titanium/secure-boot.nix | 7 +++++++ 3 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 hosts/titanium/secure-boot.nix diff --git a/flake.nix b/flake.nix index f2a8b0f..b4a67f8 100644 --- a/flake.nix +++ b/flake.nix @@ -40,18 +40,7 @@ users = [ "jml" ]; - extraModules = [ - { nixpkgs.config.allowUnfree = true; } - disko.nixosModules.disko - ./hosts/titanium/disko.nix # TODO: Import this in mkSystem if both the file and module exist. - lanzaboote.nixosModules.lanzaboote - ({ pkgs, lib, ... }: { - environment.systemPackages = [ pkgs.sbctl ]; - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.lanzaboote.enable = true; - boot.lanzaboote.pkiBundle = "/var/lib/sbctl"; - }) - ]; + extraModules = []; }; # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage` # https://github.com/nix-community/nixos-generators diff --git a/hosts/titanium/default.nix b/hosts/titanium/default.nix index bba79e0..23d9076 100644 --- a/hosts/titanium/default.nix +++ b/hosts/titanium/default.nix @@ -1,5 +1,6 @@ { inputs, ... }: { + nixpkgs.config.allowUnfree = true; imports = [ ../../modules/nixos/base.nix ../../modules/nixos/audio.nix @@ -9,5 +10,8 @@ #./hardware.nix ./configuration.nix ./nvidia.nix + ./secure-boot.nix + inputs.disko.nixosModules.disko + ./disko.nix ]; } diff --git a/hosts/titanium/secure-boot.nix b/hosts/titanium/secure-boot.nix new file mode 100644 index 0000000..82f4d98 --- /dev/null +++ b/hosts/titanium/secure-boot.nix @@ -0,0 +1,7 @@ +{ pkgs, lib, inputs, ... }: { + imports = with inputs; [ lanzaboote.nixosModules.lanzaboote ]; + environment.systemPackages = [ pkgs.sbctl ]; + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote.enable = true; + boot.lanzaboote.pkiBundle = "/var/lib/sbctl"; +}