Remove hardcoded secret path.

2019-10-08 15:36:47 +02:00 · 2019-10-08 15:36:47 +02:00 · e6ec065b3e
commit e6ec065b3e
parent bc22db3e1b
1 changed files with 7 additions and 6 deletions
--- a/machines/Lilim/hardware-configuration.nix
+++ b/machines/Lilim/hardware-configuration.nix
@ -1,15 +1,16 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:

-{
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-            ];
+let
+  cfg = config.machine;
+in {
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];

  boot = {
    loader.systemd-boot = {
      enable = true;
      signed = true;
-      signing-key = "/secret/secureboot/db.key";
-      signing-certificate = "/secret/secureboot/db.crt";
+      signing-key = "${cfg.secretPath}/secureboot/db.key";
+      signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
    };
    loader.efi.canTouchEfiVariables = true;
    cleanTmpDir = true;