29 lines
876 B
Nix
29 lines
876 B
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, ... }: with lib; let
|
|
cfg = config.faucet.boot;
|
|
in {
|
|
options.faucet.boot = {
|
|
enable = mkEnableOption "bootloader installation and maintenance" // { default = true; };
|
|
systemd-boot = mkEnableOption "generation selection via systemd-boot" // { default = !cfg.lanzaboote; };
|
|
lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
|
|
};
|
|
|
|
config = let
|
|
sbPath = "/nix/persist/lanzaboote";
|
|
in mkIf cfg.enable {
|
|
boot = {
|
|
initrd.systemd.enable = true;
|
|
lanzaboote.enable = cfg.lanzaboote;
|
|
lanzaboote.pkiBundle = sbPath;
|
|
loader.systemd-boot.enable = cfg.systemd-boot;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
};
|
|
|
|
# symlink for sbctl
|
|
environment.etc.secureboot = mkIf cfg.lanzaboote { source = sbPath; };
|
|
#environment.systemPackages = optional cfg.lanzaboote pkgs.sbctl;
|
|
};
|
|
}
|