Added secure boot

Added a Windows boot entry
2026-03-10 00:09:46 +01:00 · 2026-03-01 12:12:14 +01:00 · 2026-03-01 12:08:27 +01:00 · 2026-03-01 12:01:45 +01:00
7 changed files with 153 additions and 2 deletions
--- a/flake.lock
+++ b/flake.lock
@ -55,6 +55,21 @@
        "url": "https://codeberg.org/LGFae/awww"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1771796463,
        "narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "3d3de3313e263e04894f284ac18177bd26169bad",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -87,6 +102,22 @@
        "type": "github"
      }
    },
    "flake-compat_3": {
      "flake": false,
      "locked": {
        "lastModified": 1767039857,
        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
        "owner": "NixOS",
        "repo": "flake-compat",
        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -169,6 +200,28 @@
        "type": "github"
      }
    },
    "gitignore_2": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -510,6 +563,30 @@
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit": "pre-commit",
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
        "lastModified": 1772216104,
        "narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "master",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nix-citizen": {
      "inputs": {
        "flake-parts": "flake-parts",
@ -668,6 +745,29 @@
        "type": "github"
      }
    },
    "pre-commit": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "gitignore": "gitignore_2",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1771858127,
        "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": "flake-compat_2",
@ -716,6 +816,7 @@
        "awww": "awww",
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "lanzaboote": "lanzaboote",
        "nix-citizen": "nix-citizen",
        "nix-darwin": "nix-darwin",
        "nixos-hardware": "nixos-hardware",
@ -748,6 +849,27 @@
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1771988922,
        "narHash": "sha256-Fc6FHXtfEkLtuVJzd0B6tFYMhmcPLuxr90rWfb/2jtQ=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "f4443dc3f0b6c5e6b77d923156943ce816d1fcb9",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@ -7,6 +7,11 @@
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    lanzaboote = {
      url = "github:nix-community/lanzaboote/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Hyprland
    hyprland = {
      url = "github:hyprwm/Hyprland";
@ -78,6 +83,7 @@
      specialArgs = { inherit inputs; };
      modules = [
      	inputs.nixos-hardware.nixosModules.framework-16-7040-amd
        inputs.lanzaboote.nixosModules.lanzaboote
        ./hosts/framework/configuration.nix
        inputs.home-manager.nixosModules.default
        inputs.sops-nix.nixosModules.sops
--- a/hosts/framework/modules.nix
+++ b/hosts/framework/modules.nix
@ -6,6 +6,7 @@ in
  imports = [
    ./hardware-configuration.nix
    inputs.sops-nix.nixosModules.sops
    modules.nixos.secureboot
    modules.common.module
    modules.nixos.secrets
    modules.nixos.gaming.amd
--- a/modules/common/environment.nix
+++ b/modules/common/environment.nix
@ -21,6 +21,7 @@
          gnupg
          cmatrix
          gh
 	  # Browser
 	  inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default
    ];
--- a/modules/default.nix
+++ b/modules/default.nix
@ -37,6 +37,7 @@
    };
    bootloader = ./nixos/bootloader.nix;
    secureboot = ./nixos/secureboot.nix;
    locale = ./nixos/locale.nix;
    secrets = ./nixos/secrets.nix;
    swap = ./nixos/swap.nix;
--- a/modules/nixos/bootloader.nix
+++ b/modules/nixos/bootloader.nix
@ -2,8 +2,14 @@
  boot = {
    loader = {
      systemd-boot = {
-          enable = true;
+        enable = true;
-          configurationLimit = 2;
+        configurationLimit = 2;
        extraEntries = {
          "winslop.conf" = ''
            title Winslop 
            efi /EFI/Microsoft/Boot/bootmgfw.efi
          '';
        };  
      };
      efi = {
          canTouchEfiVariables = true;
--- a/modules/nixos/secureboot.nix
+++ b/modules/nixos/secureboot.nix
@ -0,0 +1,14 @@
 { pkgs, lib, input, ...}:
 {
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };
  environment.systemPackages = [pkgs.sbctl];
 }
Author	SHA1	Message	Date
Alexandre	1cd3723eba	Added secure boot	2026-03-01 12:12:14 +01:00
Alexandre	445856d98a	Added secure boot	2026-03-01 12:08:27 +01:00
Alexandre	a278c49f32	Added a Windows boot entry	2026-03-01 12:01:45 +01:00