summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--hosts/hpserver.nix1
-rw-r--r--modules/nixos/sils/basesystem.nix9
-rw-r--r--modules/nixos/sils/bootloader.nix30
-rw-r--r--modules/nixos/sils/default.nix1
-rw-r--r--modules/nixos/sils/roles.nix3
5 files changed, 35 insertions, 9 deletions
diff --git a/hosts/hpserver.nix b/hosts/hpserver.nix
index 47d3e25..97b3968 100644
--- a/hosts/hpserver.nix
+++ b/hosts/hpserver.nix
@@ -1,6 +1,7 @@
 {...}: {
   role.sils = "workstation";
   sils = {
+    bootloader = "grub";
     disks.disk = "/dev/disk/by-id/wwn-0x600508b1001c0d733397035f990e3942";
     meta = {
       globalDataDir = "/srv";
diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix
index 93d681d..2862c85 100644
--- a/modules/nixos/sils/basesystem.nix
+++ b/modules/nixos/sils/basesystem.nix
@@ -21,15 +21,6 @@ in {
       kernelModules = ["kvm-intel"];
       extraModulePackages = [];
       kernelPackages = pkgs.linuxPackages_latest;
-      lanzaboote = {
-        enable = false;
-        configurationLimit = 10;
-        pkiBundle = "/etc/secureboot";
-        settings = {
-          editor = false;
-        };
-      };
-      loader.grub.enable = true;
     };
 
     system.stateVersion = "23.05";
diff --git a/modules/nixos/sils/bootloader.nix b/modules/nixos/sils/bootloader.nix
new file mode 100644
index 0000000..fc0e0f3
--- /dev/null
+++ b/modules/nixos/sils/bootloader.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  btl = config.sils.bootloader;
+in {
+  options.sils.bootloader = lib.mkOption {
+    type = lib.types.enum ["lanzaboote" "grub"];
+    default = "lanzaboote";
+    description = "Which bootloader to use.";
+  };
+  config.boot =
+    if btl == "lanzaboote"
+    then {
+      lanzaboote = {
+        enable = true;
+        configurationLimit = 10;
+        pkiBundle = "/etc/secureboot";
+        settings = {
+          editor = false;
+        };
+      };
+    }
+    else if btl == "grub"
+    then {
+      loader.grub.enable = true;
+    }
+    else {};
+}
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix
index 57188c1..826004f 100644
--- a/modules/nixos/sils/default.nix
+++ b/modules/nixos/sils/default.nix
@@ -3,6 +3,7 @@
     ./apparmor.nix
     ./basesystem.nix
     ./bluetooth.nix
+    ./bootloader.nix
     ./disks.nix
     ./environment.nix
     ./firejail.nix
diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix
index 7c323b8..7c8f4f5 100644
--- a/modules/nixos/sils/roles.nix
+++ b/modules/nixos/sils/roles.nix
@@ -11,6 +11,7 @@ in {
       apparmor.enable = lib.mkDefault true;
       basesystem.enable = lib.mkDefault true;
       bluetooth.enable = lib.mkDefault true;
+      bootloader = lib.mkDefault "lanzaboote";
       disks.enable = lib.mkDefault true;
       graphics.enable = lib.mkDefault true;
       environment.enable = lib.mkDefault true;
@@ -29,6 +30,7 @@ in {
       apparmor.enable = lib.mkDefault true;
       basesystem.enable = lib.mkDefault true;
       bluetooth.enable = lib.mkDefault true;
+      bootloader = lib.mkDefault "lanzaboote";
       disks.enable = lib.mkDefault true;
       graphics.enable = lib.mkDefault true;
       environment.enable = lib.mkDefault true;
@@ -49,6 +51,7 @@ in {
       apparmor.enable = lib.mkDefault true;
       basesystem.enable = lib.mkDefault true;
       bluetooth.enable = lib.mkDefault true;
+      bootloader = lib.mkDefault "lanzaboote";
       disks.enable = lib.mkDefault true;
       graphics.enable = lib.mkDefault true;
       environment.enable = lib.mkDefault true;