From c74171a54347afb6f77ccb9f46179ba2cbd0e353 Mon Sep 17 00:00:00 2001
From: Frantisek Bohacek <rutherther@proton.me>
Date: Thu, 12 Oct 2023 21:49:25 +0200
Subject: [PATCH] feat: disable editor in systemd boot

---
 hosts/desktop/default.nix | 1 +
 hosts/laptop/default.nix  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 0e2698a..0812903 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -43,6 +43,7 @@
       systemd-boot = {
         enable = true;
         configurationLimit = 5;                 # Limit the amount of configurations
+        editor = false;                         # Better security, disallows passing /bin/sh to start as root
       };
       efi.canTouchEfiVariables = true;
       timeout = 1;                              # Grub auto select time
diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix
index 45d547c..06d1b4c 100644
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -41,6 +41,7 @@
       };
       systemd-boot = {
         enable = true;
+        editor = false;                     # Better security, disallows passing /bin/sh to start as root
         configurationLimit = 5;
       };
       timeout = 1;                          # Grub auto select time
-- 
2.48.1