43 lines
1.1 KiB
Nix
43 lines
1.1 KiB
Nix
{ lib, pkgs, config, inputs, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.n.host.bootloader;
|
|
in {
|
|
options.n.host.bootloader = mkOption { type = types.str; };
|
|
|
|
imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
|
|
config = mkMerge [
|
|
(mkIf (cfg == "lanzaboote") {
|
|
environment.systemPackages = [ pkgs.sbctl ];
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = lib.mkForce false;
|
|
grub.enable = lib.mkForce false;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
bootspec.enable = true;
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
};
|
|
|
|
imp.dirs = [ { directory = "/var/lib/sbctl"; mode = "0400"; } ];
|
|
})
|
|
|
|
(mkIf (cfg == "grub") {
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
efiSupport = lib.mkDefault false;
|
|
# efiInstallAsRemovable = true; # TODO: what's it?
|
|
device = "nodev";
|
|
};
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
})
|
|
(mkIf (cfg == "sysdboot") {
|
|
boot.loader.systemd-boot.enable = true;
|
|
})
|
|
];
|
|
}
|