diff options
| -rw-r--r-- | sys/default.nix | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/sys/default.nix b/sys/default.nix index 3c3ab69..7636e91 100644 --- a/sys/default.nix +++ b/sys/default.nix @@ -14,6 +14,10 @@ in { type = bool; }; + loader = mkOption { + type = enum [ "grub" "systemd-boot" ]; + }; + canTouchEfiVariables = mkOption { type = bool; }; @@ -28,7 +32,7 @@ in { }; initrdModules = mkOption { - type = str; + type = listOf str; }; crypt = mkOption { @@ -153,8 +157,15 @@ in { # !!! tmpOnTmpfs = true; - loader = { + loader = (if cfg.loader == "grub" then { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + }; + } else { systemd-boot.enable = true; + }) // { efi = { inherit (cfg) canTouchEfiVariables; }; @@ -176,6 +187,16 @@ in { sleep 2 #TODO ''; + postMountCommands = let + fromRoot = path: escapeShellArg "/mnt-root/${path}"; + auxOpen = aux: '' + cryptsetup -v open \ + --header ${fromRoot aux.header} \ + --key-file ${fromRoot aux.keyfile} \ + ${aux.device} ${aux.target} + ''; + in concatStringsSep "\n" (map auxOpen cfg.crypt.aux); + luks.devices."${crypt.target}" = { inherit (crypt) device; header = "/initrd-boot/${crypt.headerFromBoot}"; @@ -185,17 +206,9 @@ in { mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot ''; - postOpenCommands = let - fromRoot = path: escapeShellArg "/mnt-root/${path}"; - auxOpen = aux: '' - cryptsetup open \ - --header ${fromRoot aux.header} \ - --key-file ${fromRoot aux.keyfile} \ - ${aux.device} ${aux.target} - ''; - in '' + postOpenCommands = '' umount /initrd-boot - '' + concatStringsSep "\n" (map auxOpen cfg.crypt.aux); + ''; }; #network = { |