Remove hardcoded secret path.

This commit is contained in:
Kevin Baensch 2019-10-08 15:36:47 +02:00
parent bc22db3e1b
commit e6ec065b3e

View file

@ -1,15 +1,16 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
let
cfg = config.machine;
in {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = {
loader.systemd-boot = {
enable = true;
signed = true;
signing-key = "/secret/secureboot/db.key";
signing-certificate = "/secret/secureboot/db.crt";
signing-key = "${cfg.secretPath}/secureboot/db.key";
signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
};
loader.efi.canTouchEfiVariables = true;
cleanTmpDir = true;