Implement kernel signing

recipes/base/nvidia.yml

@@ -1,17 +1,20 @@
 ---
 # yaml-language-server: $schema=https://schema.blue-build.org/module-list-v1.json
 modules:
-  - type: dnf
-    repos:
-      cleanup: true
-      nonfree: rpmfusion
-    install:
-      packages:
-        - akmod-nvidia
   - type: script
-    snippets:
-      - echo "%_with_kmod_nvidia_open 1" > /etc/rpm/macros.nvidia-kmod
-      - akmods --kernels "$(rpm -q "kernel" --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" --rebuild
+    env:
+      PUBLIC_KEY_DER_PATH: /etc/pki/akmods/certs/akmods-wunker-bunker.der
+    secrets:
+      - type: file
+        source: ./.secure-files/MOK.priv
+        mount:
+          type: file
+          destination: /tmp/certs/private_key.priv
+    scripts:
+      - installnvidiakmod.sh
+  - type: script
+    scripts:
+      - installnvidiapackages.sh
   - type: files
     files:
       - source: nvidia-kargs