nixcfg/modules/nixos/services/secureboot/default.nix

{ options, config, lib, pkgs, ... }:

with lib;
with lib.plusultra;
let cfg = config.plusultra.secureboot;
in
{
  options.plusultra.secureboot = with types; {
    enable = mkBoolOpt false "Whether or not to enable secureboot.";
  };

  config = mkIf cfg.enable {
    boot = {
      lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
      };
      loader.systemd-boot.enable = lib.mkForce false;
    };
  };
}
refactor and simplify Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-06 15:36:02 +01:00			`{ options, config, lib, pkgs, ... }:`

			`with lib;`
			`with lib.plusultra;`
			`let cfg = config.plusultra.secureboot;`
			`in`
			`{`
			`options.plusultra.secureboot = with types; {`
			`enable = mkBoolOpt false "Whether or not to enable secureboot.";`
			`};`

			`config = mkIf cfg.enable {`
			`boot = {`
			`lanzaboote = {`
			`enable = true;`
			`pkiBundle = "/etc/secureboot";`
			`};`
			`loader.systemd-boot.enable = lib.mkForce false;`
			`};`
			`};`
			`}`