puter/common/secure-boot.nix

{self, attrName, config, lib, pkgs, ...}: let
  inherit (config.age) secrets;
in{
  age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age;

  system.activationScripts.secureboot = let
    target = config.boot.lanzaboote.pkiBundle;
  in ''
    mkdir --parents ${target}
    ${lib.getExe pkgs.gnutar} --extract --file ${secrets.secure-boot.path} --directory ${target}
  '';
}
stuff 2025-05-18 01:08:10 +02:00			`{self, attrName, config, lib, pkgs, ...}: let`
			`inherit (config.age) secrets;`
			`in{`
			`age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age;`

			`system.activationScripts.secureboot = let`
			`target = config.boot.lanzaboote.pkiBundle;`
			`in ''`
			`mkdir --parents ${target}`
			`${lib.getExe pkgs.gnutar} --extract --file ${secrets.secure-boot.path} --directory ${target}`
			`'';`
			`}`