derped/nixos
1
0
Fork 0
Code Releases Activity

Remove hardcoded secret path.

Browse source
This commit is contained in:
Kevin Baensch 2019-10-08 15:36:47 +02:00
parent bc22db3e1b
commit e6ec065b3e
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
machines/Lilim/hardware-configuration.nix
View file

@ -1,15 +1,16 @@
{ pkgs, ... }: { config, pkgs, ... }:
{ let
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> cfg = config.machine;
]; in {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot = { boot = {
loader.systemd-boot = { loader.systemd-boot = {
enable = true; enable = true;
signed = true; signed = true;
signing-key = "/secret/secureboot/db.key"; signing-key = "${cfg.secretPath}/secureboot/db.key";
signing-certificate = "/secret/secureboot/db.crt"; signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
}; };
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
cleanTmpDir = true; cleanTmpDir = true;