nixos/global/boot/default.nix

{
  pkgs,
  lib,
  config,
  ...
}:
with lib;
let
  cfg = config.global.boot;
in
{
  options.global.boot = {
    enable = mkEnableOption "bootloader installation and maintenance" // {
      default = true;
    };
    systemd-boot = mkEnableOption "generation selection via systemd-boot" // {
      default = !cfg.lanzaboote;
    };
    lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
    memtest = mkOption {
      type = with types; nullOr int;
      default = null;
      description = "memtest passes to perform on boot";
    };
  };

  config =
    let
      sbPath = "/nix/persist/lanzaboote";
    in
    mkIf cfg.enable {
      boot = {
        initrd.systemd.enable = true;
        lanzaboote.enable = cfg.lanzaboote;
        lanzaboote.pkiBundle = sbPath;
        loader.systemd-boot.enable = cfg.systemd-boot;
        loader.efi.canTouchEfiVariables = true;
        tmp.cleanOnBoot = true;
        kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
      };

      # symlink for sbctl
      environment.etc.secureboot.source = sbPath;
      environment.systemPackages = [ pkgs.sbctl ];
    };
}
chore: nix fmt 2025-01-13 11:52:09 +08:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`...`
			`}:`
			`with lib;`
			`let`
refactor: rename global from faucet 2024-01-07 22:01:31 +08:00			`cfg = config.global.boot;`
chore: nix fmt 2025-01-13 11:52:09 +08:00			`in`
			`{`
refactor: rename global from faucet 2024-01-07 22:01:31 +08:00			`options.global.boot = {`
chore: nix fmt 2025-01-13 11:52:09 +08:00			`enable = mkEnableOption "bootloader installation and maintenance" // {`
			`default = true;`
			`};`
			`systemd-boot = mkEnableOption "generation selection via systemd-boot" // {`
			`default = !cfg.lanzaboote;`
			`};`
feat(boot): systemd-boot and lanzaboote toggles Secure boot is not applicable in every use case. 2024-01-02 14:44:00 +08:00			`lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";`
feat(boot): add memtest option 2024-02-04 22:17:19 +08:00			`memtest = mkOption {`
			`type = with types; nullOr int;`
			`default = null;`
			`description = "memtest passes to perform on boot";`
			`};`
feat(boot): systemd-boot and lanzaboote toggles Secure boot is not applicable in every use case. 2024-01-02 14:44:00 +08:00			`};`

chore: nix fmt 2025-01-13 11:52:09 +08:00			`config =`
			`let`
			`sbPath = "/nix/persist/lanzaboote";`
			`in`
			`mkIf cfg.enable {`
			`boot = {`
			`initrd.systemd.enable = true;`
			`lanzaboote.enable = cfg.lanzaboote;`
			`lanzaboote.pkiBundle = sbPath;`
			`loader.systemd-boot.enable = cfg.systemd-boot;`
			`loader.efi.canTouchEfiVariables = true;`
			`tmp.cleanOnBoot = true;`
			`kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";`
			`};`
feat(boot): systemd-boot and lanzaboote toggles Secure boot is not applicable in every use case. 2024-01-02 14:44:00 +08:00
chore: nix fmt 2025-01-13 11:52:09 +08:00			`# symlink for sbctl`
			`environment.etc.secureboot.source = sbPath;`
			`environment.systemPackages = [ pkgs.sbctl ];`
			`};`
feat(boot): systemd-boot and lanzaboote toggles Secure boot is not applicable in every use case. 2024-01-02 14:44:00 +08:00			`}`