titaniumtown/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge system.activationScripts sections

Browse Source
This commit is contained in:
Simon Gardling 2025-08-17 23:36:18 -04:00
parent 81f0c9ea0b
commit 13f91cc813
Signed by: titaniumtown
GPG Key ID: 9AB28AC10ECE533D
1 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
etcnixos/common.nix
View File

@ -44,6 +44,17 @@
#!/bin/sh #!/bin/sh
mkdir -p /nix/var/nix/profiles/per-user/root/channels mkdir -p /nix/var/nix/profiles/per-user/root/channels
''; '';
# extract all my secureboot keys
# TODO! proper secrets management
"secureboot-keys".text = ''
#!/usr/bin/env sh
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
mkdir -p ${config.boot.lanzaboote.pkiBundle}
${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
'';
}; };
swapDevices = [ ]; swapDevices = [ ];
@ -59,19 +70,6 @@
]; ];
}; };
system.activationScripts = {
# extract all my secureboot keys
# TODO! proper secrets management
"secureboot-keys".text = ''
#!/usr/bin/env sh
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
mkdir -p ${config.boot.lanzaboote.pkiBundle}
${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
'';
};
# kernel options # kernel options
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;