From e6ec065b3ed005f9ef8ffe1b13ae38cf5fb35c08 Mon Sep 17 00:00:00 2001 From: derped Date: Tue, 8 Oct 2019 15:36:47 +0200 Subject: [PATCH] Remove hardcoded secret path. --- machines/Lilim/hardware-configuration.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/machines/Lilim/hardware-configuration.nix b/machines/Lilim/hardware-configuration.nix index dc2c66b..e3fe615 100644 --- a/machines/Lilim/hardware-configuration.nix +++ b/machines/Lilim/hardware-configuration.nix @@ -1,15 +1,16 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: -{ - imports = [ - ]; +let + cfg = config.machine; +in { + imports = [ ]; boot = { loader.systemd-boot = { enable = true; signed = true; - signing-key = "/secret/secureboot/db.key"; - signing-certificate = "/secret/secureboot/db.crt"; + signing-key = "${cfg.secretPath}/secureboot/db.key"; + signing-certificate = "${cfg.secretPath}/secureboot/db.crt"; }; loader.efi.canTouchEfiVariables = true; cleanTmpDir = true;