diff options
| author | Alejandro Soto <alejandro@34project.org> | 2022-08-08 04:13:22 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2022-08-08 04:20:44 -0600 |
| commit | 45d3adf99b4fce0e850813579a47866b3ff835aa (patch) | |
| tree | 1f54e39487ad533fb5fbbe5cdb41a4865ad7ba88 /sys/boot.nix | |
| parent | 45e6f5587faed8b8b1de59caffad5ad027bbb118 (diff) | |
sys/boot: move out of sys/default.nix
Diffstat (limited to '')
| -rw-r--r-- | sys/boot.nix | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/sys/boot.nix b/sys/boot.nix new file mode 100644 index 0000000..9e1ef85 --- /dev/null +++ b/sys/boot.nix @@ -0,0 +1,103 @@ +{ lib, config, ... }: +with lib; let + cfg = config.local; +in { + options.local = with lib.types; { + loader = mkOption { + type = enum [ "grub" "systemd-boot" ]; + }; + + cpuVendor = mkOption { + type = enum [ "amd" "intel" ]; + }; + + canTouchEfiVariables = mkOption { + type = bool; + }; + + videoDrivers = mkOption { + type = listOf str; + }; + + initrdModules = mkOption { + type = listOf str; + }; + }; + + config = { + boot = { + loader = (if cfg.loader == "grub" then { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + }; + } else { + systemd-boot.enable = true; + }) // { + efi = { + inherit (cfg) canTouchEfiVariables; + }; + }; + + initrd = let + crypt = cfg.crypt.toplevel; + headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}"; + in { + availableKernelModules = cfg.initrdModules; + supportedFilesystems = [ "vfat" ]; + + preDeviceCommands = optionalString (crypt != null) '' + mkdir -p `dirname ${headerPathEscaped}` + touch ${headerPathEscaped} + ''; + + preLVMCommands = optionalString cfg.portable '' + sleep 2 #TODO + ''; + + postMountCommands = let + fromRoot = path: escapeShellArg "/mnt-root/${path}"; + auxOpen = aux: '' + cryptsetup -v open \ + --header ${fromRoot aux.header} \ + --key-file ${fromRoot aux.keyfile} \ + ${aux.device} ${aux.target} + ''; + in concatStringsSep "\n" (map auxOpen cfg.crypt.aux); + + luks.devices = mkIf (crypt != null) { + "${crypt.target}" = { + inherit (crypt) device; + header = "/initrd-boot/${crypt.headerFromBoot}"; + preLVM = false; + + preOpenCommands = '' + mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot + ''; + + postOpenCommands = '' + umount /initrd-boot + ''; + }; + }; + + #network = { + # enable = true; + + # ssh = { + # enable = true; + # port = 2234; + # }; + #}; + }; + }; + + hardware.cpu = let + ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + in { + amd = mkIf (cfg.cpuVendor == "amd") ucode; + intel = mkIf (cfg.cpuVendor == "intel") ucode; + }; + }; +} |