From 13f91cc813a659789df7f9f7b2cf3b7b6e667e0c Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Sun, 17 Aug 2025 23:36:18 -0400
Subject: [PATCH] merge system.activationScripts sections

---
 etcnixos/common.nix | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/etcnixos/common.nix b/etcnixos/common.nix
index d4d9cc7..3afb2da 100644
--- a/etcnixos/common.nix
+++ b/etcnixos/common.nix
@@ -44,6 +44,17 @@
       #!/bin/sh
       mkdir -p /nix/var/nix/profiles/per-user/root/channels
     '';
+
+    # extract all my secureboot keys
+    # TODO! proper secrets management
+    "secureboot-keys".text = ''
+      #!/usr/bin/env sh
+      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
+      mkdir -p ${config.boot.lanzaboote.pkiBundle}
+      ${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
+      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
+      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
+    '';
   };
 
   swapDevices = [ ];
@@ -59,19 +70,6 @@
     ];
   };
 
-  system.activationScripts = {
-    # extract all my secureboot keys
-    # TODO! proper secrets management
-    "secureboot-keys".text = ''
-      #!/usr/bin/env sh
-      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
-      mkdir -p ${config.boot.lanzaboote.pkiBundle}
-      ${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
-      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
-      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
-    '';
-  };
-
   # kernel options
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;