From 45d3adf99b4fce0e850813579a47866b3ff835aa Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Mon, 8 Aug 2022 04:13:22 -0600
Subject: sys/boot: move out of sys/default.nix

---
 sys/boot.nix | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 sys/boot.nix

(limited to 'sys/boot.nix')

diff --git a/sys/boot.nix b/sys/boot.nix
new file mode 100644
index 0000000..9e1ef85
--- /dev/null
+++ b/sys/boot.nix
@@ -0,0 +1,103 @@
+{ lib, config, ... }:
+with lib; let
+  cfg = config.local;
+in {
+  options.local = with lib.types; {
+    loader = mkOption {
+      type = enum [ "grub" "systemd-boot" ];
+    };
+
+    cpuVendor = mkOption {
+      type = enum [ "amd" "intel" ];
+    };
+
+    canTouchEfiVariables = mkOption {
+      type = bool;
+    };
+
+    videoDrivers = mkOption {
+      type = listOf str;
+    };
+
+    initrdModules = mkOption {
+      type = listOf str;
+    };
+  };
+
+  config = {
+    boot = {
+      loader = (if cfg.loader == "grub" then {
+        grub = {
+          enable = true;
+          device = "nodev";
+          efiSupport = true;
+        };
+      } else {
+        systemd-boot.enable = true;
+      }) // {
+        efi = {
+          inherit (cfg) canTouchEfiVariables;
+        };
+      };
+
+      initrd = let
+        crypt = cfg.crypt.toplevel;
+        headerPathEscaped = escapeShellArg "/initrd-boot/${crypt.headerFromBoot}";
+      in {
+        availableKernelModules = cfg.initrdModules;
+        supportedFilesystems = [ "vfat" ];
+
+        preDeviceCommands = optionalString (crypt != null) ''
+          mkdir -p `dirname ${headerPathEscaped}`
+          touch ${headerPathEscaped}
+        '';
+ 
+        preLVMCommands = optionalString cfg.portable ''
+          sleep 2 #TODO
+        '';
+
+        postMountCommands = let
+          fromRoot = path: escapeShellArg "/mnt-root/${path}";
+          auxOpen = aux: ''
+            cryptsetup -v open \
+              --header ${fromRoot aux.header} \
+              --key-file ${fromRoot aux.keyfile} \
+              ${aux.device} ${aux.target}
+          '';
+        in concatStringsSep "\n" (map auxOpen cfg.crypt.aux);
+
+        luks.devices = mkIf (crypt != null) {
+          "${crypt.target}" = {
+            inherit (crypt) device;
+            header = "/initrd-boot/${crypt.headerFromBoot}";
+            preLVM = false;
+
+            preOpenCommands = ''
+              mount -o ro -t vfat ${escapeShellArg cfg.fs.boot.device} /initrd-boot
+            '';
+
+            postOpenCommands = ''
+              umount /initrd-boot
+            '';
+          };
+        };
+
+        #network = {
+        #  enable = true;
+
+        #  ssh = {
+        #    enable = true;
+        #    port = 2234;
+        #  };
+        #};
+      };
+    };
+
+    hardware.cpu = let
+      ucode.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    in {
+      amd = mkIf (cfg.cpuVendor == "amd") ucode;
+      intel = mkIf (cfg.cpuVendor == "intel") ucode;
+    };
+  };
+}
-- 
cgit v1.2.3