-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbootloader.nix
47 lines (39 loc) · 1.41 KB
/
bootloader.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{ inputs, pkgs, lib, config, ... }: {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
options.hostOptions.bootloader = with lib; mkOption {
type = types.enum [ "grub" "systemd-boot" "lanzaboote" ];
description = "The type of bootloader to use";
};
config =
let
cfg = config.hostOptions;
in
{
# Use the GRUB bootloader.
boot.loader.grub = lib.mkIf (cfg.bootloader == "grub") {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
};
boot.loader.systemd-boot.enable = cfg.bootloader == "systemd-boot";
# Use lanzaboote as the bootloader to allow the use of Secure Boot.
boot.lanzaboote = lib.mkIf (cfg.bootloader == "lanzaboote") {
enable = true;
pkiBundle = "/etc/secureboot";
};
# Use the EFI bootloader.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
# Enable Plymouth for GUI boot screen.
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = [ "quiet" ];
# Allow emulating ARM (for building RPi images).
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Install `sbctl`, a Secure Boot key manager if lanzaboote is enabled
home-manager.users.${cfg.user}.home.packages = lib.optional (cfg.bootloader == "lanzaboote") pkgs.sbctl;
};
}