diff options
Diffstat (limited to 'labsrv01/configuration.nix')
| -rw-r--r-- | labsrv01/configuration.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/labsrv01/configuration.nix b/labsrv01/configuration.nix index 9d37f38..81dae08 100644 --- a/labsrv01/configuration.nix +++ b/labsrv01/configuration.nix @@ -10,6 +10,7 @@ imports = [ ./disk-config.nix ]; + hardware.facter.reportPath = ./facter.json; nix = { extraOptions = '' @@ -134,4 +135,29 @@ RemainAfterExit = true; }; }; + + # Create and enroll Secure Boot keys on first boot + systemd.services.sbctl-setup = { + description = "Create and enroll Secure Boot keys"; + wantedBy = [ "multi-user.target" ]; + unitConfig.ConditionPathExists = "!/var/lib/sbctl/GUID"; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + script = '' + echo "Creating Secure Boot keys..." + ${pkgs.sbctl}/bin/sbctl create-keys + + # Check if we're in Setup Mode + if ${pkgs.sbctl}/bin/sbctl status | grep -q "Setup Mode"; then + echo "UEFI is in Setup Mode, enrolling keys..." + ${pkgs.sbctl}/bin/sbctl enroll-keys --microsoft + else + echo "WARNING: UEFI is not in Setup Mode. Please clear Secure Boot keys in UEFI and reboot." + fi + ''; + }; } |