Remove hardcoded secret path.
This commit is contained in:
parent
bc22db3e1b
commit
e6ec065b3e
1 changed files with 7 additions and 6 deletions
|
@ -1,15 +1,16 @@
|
|||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
let
|
||||
cfg = config.machine;
|
||||
in {
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
boot = {
|
||||
loader.systemd-boot = {
|
||||
enable = true;
|
||||
signed = true;
|
||||
signing-key = "/secret/secureboot/db.key";
|
||||
signing-certificate = "/secret/secureboot/db.crt";
|
||||
signing-key = "${cfg.secretPath}/secureboot/db.key";
|
||||
signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
|
||||
};
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
cleanTmpDir = true;
|
||||
|
|
Loading…
Reference in a new issue