titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secureboot: restrictive file permissions

Browse Source
This commit is contained in:
Simon Gardling 2025-03-25 11:33:11 -04:00
parent eaec89e698
commit 3447478847
Signed by: titaniumtown
GPG Key ID: 9AB28AC10ECE533D
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configuration.nix
View File

@ -86,6 +86,8 @@
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
mkdir -p ${config.boot.lanzaboote.pkiBundle}
${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
chmod -R 700 ${config.boot.lanzaboote.pkiBundle}
'';
};