diff options
| author | Alejandro Soto <alejandro@34project.org> | 2022-08-08 04:13:22 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2022-08-08 04:20:44 -0600 |
| commit | 45d3adf99b4fce0e850813579a47866b3ff835aa (patch) | |
| tree | 1f54e39487ad533fb5fbbe5cdb41a4865ad7ba88 | |
| parent | 45e6f5587faed8b8b1de59caffad5ad027bbb118 (diff) | |
sys/boot: move out of sys/default.nix
Diffstat (limited to '')
| -rw-r--r-- | sys/boot.nix | 103 | ||||
| -rw-r--r-- | sys/default.nix | 80 | ||||
| -rw-r--r-- | sys/options.nix | 20 |
3 files changed, 105 insertions, 98 deletions
diff --git a/sys/boot.nix b/sys/boot.nix new file mode 100644 index 0000000..9e1ef85 --- /dev/null +++ b/sys/boot.nix @@ -0,0 +1,103 @@ +{ lib, config, ... }: +with lib; let + cfg = config.local; +in { + options.local = with lib.types; { + loader = mkOption { + type = enum [ "grub" "systemd-boot" ]; + }; + + cpuVendor = mkOption { + type = enum [ "amd" "intel" ]; + }; + + canTouchEfiVariables = mkOption { + type = bool; + }; + + videoDrivers = mkOption { + type = listOf str; + }; + + initrdModules = mkOption { + type = listOf str; + }; + }; + + config = { + boot = { + loader = (if cfg.loader == "grub" then { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + }; + } else { + systemd-boot.enable = true; + }) // { + efi = { + inherit (cfg) canTouchEfiVariables; + }; + }; + + initrd = let + crypt = cfg.crypt.toplevel; + headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}"; + in { + availableKernelModules = cfg.initrdModules; + supportedFilesystems = [ "vfat" ]; + + preDeviceCommands = optionalString (crypt != null) '' + mkdir -p `dirname ${headerPathEscaped}` + touch ${headerPathEscaped} + ''; + + preLVMCommands = optionalString cfg.portable '' + sleep 2 #TODO + ''; + + postMountCommands = let + fromRoot = path: escapeShellArg "/mnt-root/${path}"; + auxOpen = aux: '' + cryptsetup -v open \ + --header ${fromRoot aux.header} \ + --key-file ${fromRoot aux.keyfile} \ + ${aux.device} ${aux.target} + ''; + in concatStringsSep "\n" (map auxOpen cfg.crypt.aux); + + luks.devices = mkIf (crypt != null) { + "${crypt.target}" = { + inherit (crypt) device; + header = "/initrd-boot/${crypt.headerFromBoot}"; + preLVM = false; + + preOpenCommands = '' + mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot + ''; + + postOpenCommands = '' + umount /initrd-boot + ''; + }; + }; + + #network = { + # enable = true; + + # ssh = { + # enable = true; + # port = 2234; + # }; + #}; + }; + }; + + hardware.cpu = let + ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + in { + amd = mkIf (cfg.cpuVendor == "amd") ucode; + intel = mkIf (cfg.cpuVendor == "intel") ucode; + }; + }; +} diff --git a/sys/default.nix b/sys/default.nix index 85b0e5a..215361e 100644 --- a/sys/default.nix +++ b/sys/default.nix @@ -1,11 +1,10 @@ { self }: { lib, config, pkgs, modulesPath, ... }: -with lib; let - cfg = config.local; -in { +{ imports = [ "${modulesPath}/installer/scan/not-detected.nix" ./auth.nix + ./boot.nix ./fs ./net.nix ./options.nix @@ -30,81 +29,6 @@ in { ''; }; - boot = { - loader = (if cfg.loader == "grub" then { - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - }; - } else { - systemd-boot.enable = true; - }) // { - efi = { - inherit (cfg) canTouchEfiVariables; - }; - }; - - initrd = let - crypt = cfg.crypt.toplevel; - headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}"; - in { - availableKernelModules = cfg.initrdModules; - supportedFilesystems = [ "vfat" ]; - - preDeviceCommands = optionalString (crypt != null) '' - mkdir -p `dirname ${headerPathEscaped}` - touch ${headerPathEscaped} - ''; - - preLVMCommands = optionalString cfg.portable '' - sleep 2 #TODO - ''; - - postMountCommands = let - fromRoot = path: escapeShellArg "/mnt-root/${path}"; - auxOpen = aux: '' - cryptsetup -v open \ - --header ${fromRoot aux.header} \ - --key-file ${fromRoot aux.keyfile} \ - ${aux.device} ${aux.target} - ''; - in concatStringsSep "\n" (map auxOpen cfg.crypt.aux); - - luks.devices = mkIf (crypt != null) { - "${crypt.target}" = { - inherit (crypt) device; - header = "/initrd-boot/${crypt.headerFromBoot}"; - preLVM = false; - - preOpenCommands = '' - mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot - ''; - - postOpenCommands = '' - umount /initrd-boot - ''; - }; - }; - - #network = { - # enable = true; - - # ssh = { - # enable = true; - # port = 2234; - # }; - #}; - }; - }; - - hardware.cpu = let - ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - in { - amd = mkIf (cfg.cpuVendor == "amd") ucode; - intel = mkIf (cfg.cpuVendor == "intel") ucode; - }; - time.timeZone = "America/Costa_Rica"; i18n.defaultLocale = "es_CR.UTF-8"; diff --git a/sys/options.nix b/sys/options.nix index e72b3fe..f719522 100644 --- a/sys/options.nix +++ b/sys/options.nix @@ -7,26 +7,6 @@ in { type = bool; }; - loader = mkOption { - type = enum [ "grub" "systemd-boot" ]; - }; - - cpuVendor = mkOption { - type = enum [ "amd" "intel" ]; - }; - - canTouchEfiVariables = mkOption { - type = bool; - }; - - videoDrivers = mkOption { - type = listOf str; - }; - - initrdModules = mkOption { - type = listOf str; - }; - crypt = { toplevel = mkOption { default = null; |