diff options
| author | Silas Schöffel <sils@sils.li> | 2024-12-17 23:15:43 +0100 |
|---|---|---|
| committer | Silas Schöffel <sils@sils.li> | 2024-12-17 23:15:43 +0100 |
| commit | f7c6e04de69590a50211505107c9a5d0f7815e45 (patch) | |
| tree | 56d1d593283ee216a121e1d5ce2c3a5e506cebe5 | |
| parent | flake.lock: update (diff) | |
| download | nix-config-f7c6e04de69590a50211505107c9a5d0f7815e45.zip | |
make bootloader configurable
| -rw-r--r-- | hosts/hpserver.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/sils/basesystem.nix | 9 | ||||
| -rw-r--r-- | modules/nixos/sils/bootloader.nix | 30 | ||||
| -rw-r--r-- | modules/nixos/sils/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/sils/roles.nix | 3 |
5 files changed, 35 insertions, 9 deletions
diff --git a/hosts/hpserver.nix b/hosts/hpserver.nix index 47d3e25..97b3968 100644 --- a/hosts/hpserver.nix +++ b/hosts/hpserver.nix @@ -1,6 +1,7 @@ {...}: { role.sils = "workstation"; sils = { + bootloader = "grub"; disks.disk = "/dev/disk/by-id/wwn-0x600508b1001c0d733397035f990e3942"; meta = { globalDataDir = "/srv"; diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix index 93d681d..2862c85 100644 --- a/modules/nixos/sils/basesystem.nix +++ b/modules/nixos/sils/basesystem.nix @@ -21,15 +21,6 @@ in { kernelModules = ["kvm-intel"]; extraModulePackages = []; kernelPackages = pkgs.linuxPackages_latest; - lanzaboote = { - enable = false; - configurationLimit = 10; - pkiBundle = "/etc/secureboot"; - settings = { - editor = false; - }; - }; - loader.grub.enable = true; }; system.stateVersion = "23.05"; diff --git a/modules/nixos/sils/bootloader.nix b/modules/nixos/sils/bootloader.nix new file mode 100644 index 0000000..fc0e0f3 --- /dev/null +++ b/modules/nixos/sils/bootloader.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + ... +}: let + btl = config.sils.bootloader; +in { + options.sils.bootloader = lib.mkOption { + type = lib.types.enum ["lanzaboote" "grub"]; + default = "lanzaboote"; + description = "Which bootloader to use."; + }; + config.boot = + if btl == "lanzaboote" + then { + lanzaboote = { + enable = true; + configurationLimit = 10; + pkiBundle = "/etc/secureboot"; + settings = { + editor = false; + }; + }; + } + else if btl == "grub" + then { + loader.grub.enable = true; + } + else {}; +} diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix index 57188c1..826004f 100644 --- a/modules/nixos/sils/default.nix +++ b/modules/nixos/sils/default.nix @@ -3,6 +3,7 @@ ./apparmor.nix ./basesystem.nix ./bluetooth.nix + ./bootloader.nix ./disks.nix ./environment.nix ./firejail.nix diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix index 7c323b8..7c8f4f5 100644 --- a/modules/nixos/sils/roles.nix +++ b/modules/nixos/sils/roles.nix @@ -11,6 +11,7 @@ in { apparmor.enable = lib.mkDefault true; basesystem.enable = lib.mkDefault true; bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; disks.enable = lib.mkDefault true; graphics.enable = lib.mkDefault true; environment.enable = lib.mkDefault true; @@ -29,6 +30,7 @@ in { apparmor.enable = lib.mkDefault true; basesystem.enable = lib.mkDefault true; bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; disks.enable = lib.mkDefault true; graphics.enable = lib.mkDefault true; environment.enable = lib.mkDefault true; @@ -49,6 +51,7 @@ in { apparmor.enable = lib.mkDefault true; basesystem.enable = lib.mkDefault true; bluetooth.enable = lib.mkDefault true; + bootloader = lib.mkDefault "lanzaboote"; disks.enable = lib.mkDefault true; graphics.enable = lib.mkDefault true; environment.enable = lib.mkDefault true; |