Initial commit

2025-08-20 18:24:02 +03:00
commit 2dec42d487
116 changed files with 6591 additions and 0 deletions
--- a/modules/n/bootloader.nix
+++ b/modules/n/bootloader.nix
@@ -0,0 +1,42 @@
+{ lib, pkgs, config, inputs, ... }:
+with lib;
+let
+  cfg = config.n.host.bootloader;
+in {
+  options.n.host.bootloader = mkOption { type = types.str; };
+
+  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
+  config = mkMerge [
+    (mkIf (cfg == "lanzaboote") {
+      environment.systemPackages = [ pkgs.sbctl ];
+
+      boot = {
+        loader = {
+          systemd-boot.enable = lib.mkForce false;
+          grub.enable = lib.mkForce false;
+          efi.canTouchEfiVariables = true;
+        };
+        bootspec.enable = true;
+        lanzaboote = {
+          enable = true;
+          pkiBundle = "/var/lib/sbctl";
+        };
+      };
+
+      imp.dirs = [ { directory = "/var/lib/sbctl"; mode = "0400"; } ];
+    })
+
+    (mkIf (cfg == "grub") {
+      boot.loader.grub = {
+        enable = true;
+        efiSupport = lib.mkDefault false;
+        # efiInstallAsRemovable = true; # TODO: what's it?
+        device = "nodev";
+      };
+      boot.loader.systemd-boot.enable = lib.mkForce false;
+    })
+    (mkIf (cfg == "sysdboot") {
+      boot.loader.systemd-boot.enable = true;
+    })
+  ];
+}