From cfeee8b55944e66b0158c2ba492184ad177b80d3 Mon Sep 17 00:00:00 2001
From: 514fpv <koishi@514fpv.one>
Date: Tue, 2 Jan 2024 14:44:00 +0800
Subject: [PATCH] faucet(boot): add systemd-boot and lanzaboote toggles

---
 faucet/boot/default.nix | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 faucet/boot/default.nix

diff --git a/faucet/boot/default.nix b/faucet/boot/default.nix
new file mode 100644
index 00000000..4df70fd5
--- /dev/null
+++ b/faucet/boot/default.nix
@@ -0,0 +1,28 @@
+{ pkgs
+, lib
+, config
+, ... }: with lib; let
+  cfg = config.faucet.boot;
+in {
+  options.faucet.boot = {
+    enable = mkEnableOption "bootloader installation and maintenance" // { default = true; };
+    systemd-boot = mkEnableOption "generation selection via systemd-boot" // { default = !cfg.lanzaboote; };
+    lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
+  };
+
+  config = let
+    sbPath = "/nix/persist/lanzaboote";
+  in mkIf cfg.enable {
+    boot = {
+      initrd.systemd.enable = true;
+      lanzaboote.enable = cfg.lanzaboote;
+      lanzaboote.pkiBundle = sbPath;
+      loader.systemd-boot.enable = cfg.systemd-boot;
+      loader.efi.canTouchEfiVariables = true;
+    };
+
+    # symlink for sbctl
+    environment.etc.secureboot = mkIf cfg.lanzaboote { source = sbPath; };
+    #environment.systemPackages = optional cfg.lanzaboote pkgs.sbctl;
+  };
+}