stuff

2025-05-18 01:08:10 +02:00 · 2025-05-18 01:08:10 +02:00 · 8164e92af6
commit 8164e92af6
parent b8af0e9761
84 changed files with 674 additions and 567 deletions
--- a/common/secure-boot.nix
+++ b/common/secure-boot.nix
@ -0,0 +1,12 @@
+{self, attrName, config, lib, pkgs, ...}: let
+  inherit (config.age) secrets;
+in{
+  age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age;
+
+  system.activationScripts.secureboot = let
+    target = config.boot.lanzaboote.pkiBundle;
+  in ''
+    mkdir --parents ${target}
+    ${lib.getExe pkgs.gnutar} --extract --file ${secrets.secure-boot.path} --directory ${target}
+  '';
+}