random shit

fin secureboot support
2025-11-11 16:34:13 -06:00 · 2025-11-11 16:29:31 -06:00
4 changed files with 23 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -83,9 +83,9 @@
        specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
        modules = [
          ./hosts/nixos/yveltal/configuration.nix
+          ./hosts/nixos/yveltal/disko.nix
          inputs.home-manager-unstable.nixosModules.default
          inputs.disko.nixosModules.disko
-          ./hosts/nixos/yveltal/disko.nix
        ];
      };
      vaniville = nixpkgs.lib.nixosSystem {
--- a/modules/system/secure_boot/default.nix
+++ b/modules/system/secure_boot/default.nix
@@ -14,17 +14,27 @@ in {
  imports = [inputs.lanzaboote.nixosModules.lanzaboote];

  config = lib.mkIf cfg.enable {
-
    # install userspace secureboot tools
    environment.systemPackages = with pkgs; [
      sbctl
+      e2fsprogs
    ];

    # force disable systemd-boot so lanzaboote can be used
    boot.loader.systemd-boot.enable = lib.mkForce false;

-    # make sure the keys are generated and in the pkiBundle path
-    # with `nix-shell -p --run "sbctl create-keys"`
+    /*
+    this uses the project lanzaboote for secureboot (extension on systemd)
+    setup guide can be found here: https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md
+    tldr:
+    while currently using systemd-boot
+    generate keys with `nix-shell -p --run "sudo sbctl create-keys"`
+    rebuild with this module enabled then check `sudo sbctl verify`
+    reboot and enable secureboot setup mode in bios
+    check that setup mode is enabled with `sudo sbctl status`
+    enroll keys with `sudo sbctl enroll-keys` use the `--microsoft` flag to incude their keys for compatibality
+    reboot (disable secureboot setup mode if not done automatically) then check secure boot status with `sudo bootctl status`
+    */
    boot.lanzaboote = {
      enable = true;
      pkiBundle = "/var/lib/sbctl";
--- a/users/blake/dots/core/lf/lfrc
+++ b/users/blake/dots/core/lf/lfrc
@@ -24,6 +24,7 @@ set ignorecase true
 # shortcuts
 map gb cd /holocron
 map gn cd ~/.nix
+map gc cd ~/.config

 # navigation
 map [ half-up
--- a/users/blake/dots/core/ssh/default.nix
+++ b/users/blake/dots/core/ssh/default.nix
@@ -45,6 +45,14 @@ in {
        mode = "644";
        path = "${home_dir}/.ssh/id_snowbelle.pub";
      };
+      "id_blake" = {
+        mode = "0600";
+        path = "${home_dir}/.ssh/id_blake";
+      };
+      "id_blake.pub" = {
+        mode = "644";
+        path = "${home_dir}/.ssh/id_blake.pub";
+      };
    };
  };
 }
Author	SHA1	Message	Date
blake	d92a192a7f	random shit	2025-11-11 16:34:13 -06:00
blake	51c3ae6d1e	fin secureboot support	2025-11-11 16:29:31 -06:00