{ config, lib, pkgs, ... }: let cfg = config.soispha.boot; in { options.soispha.boot = { enable = lib.mkEnableOption "Bootloader configuration"; # TODO: Add this option <2024-05-16> # enableIsoEntry = lib.mkEnableOption "an tails iso boot entry"; }; config = lib.mkIf cfg.enable ( # let # cfg = config.boot.loader.systemd-boot; # inherit (config.boot.loader) efi; # # esa = n: lib.strings.escapeShellArg n; # # bootMountPoint = # if cfg.xbootldrMountPoint != null # then cfg.xbootldrMountPoint # else efi.efiSysMountPoint; # # nixosDir = "/EFI/nixos"; # # # FIXME: This system has two big problems: # # 1. It does not updated files, which still have the same name # # 2. It forgets about files, which were 'deleted' in this configuration (these just # # stay on disk forever) <2024-05-11> # copyExtraFiles = '' # echo "[systemd-boot] copying files to ${bootMountPoint}" # empty_file=$(mktemp) # # ${lib.concatStrings (lib.mapAttrsToList (n: v: # /* # bash # */ # '' # if ! [ -e ${esa "${bootMountPoint}/${n}"} ]; then # install -Dp "${v}" ${esa "${bootMountPoint}/${n}"} # install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/${n}"} # fi # '') # cfg.extraFiles)} # # ${lib.concatStrings (lib.mapAttrsToList (n: v: # /* # bash # */ # '' # # if ! [ -e ${esa "${bootMountPoint}/loader/entries/${n}"} ]; then # install -Dp "${pkgs.writeText n v}" ${esa "${bootMountPoint}/loader/entries/${n}"} # install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/${n}"} # # fi # '') # cfg.extraEntries)} # ''; # in { # FIXME: Reactviate this whole iso thing when a disko redeploy is done. # (and switch to tails instead of arch) <2024-05-12> # # system.activationScripts = { # copyExtraFilesForBoot = copyExtraFiles; # }; # This should only be necessary for `lanzaboote`, but that is the current default in # this module. soispha.impermanence.directories = [ "/etc/secureboot" ]; boot = { initrd = { kernelModules = ["nvme" "btrfs"]; }; kernelPackages = pkgs.linuxPackages_latest; lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; settings = { # Disable editing the kernel command line (which could allow someone to become root) editor = false; default = "@saved"; }; }; loader = { systemd-boot = { # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false # for now. enable = false; # extraEntries = { # "live.conf" = '' # title Archlinux Live ISO # linux /live/vmlinuz-linux # initrd /live/initramfs-linux.img # options img_dev=${config.soispha.disks.disk} img_loop=/archlinux.iso copytoram # ''; # }; # # extraFiles = let # iso = import ./archlive_iso.nix {inherit pkgs;}; # in { # "archlinux.iso" = "${iso}/archlinux.iso"; # "live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img"; # "live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux"; # }; }; grub = { enable = false; # theme = pkgs.nixos-grub2-theme; splashImage = ./boot_pictures/gnu.png; efiSupport = true; device = "nodev"; # only for efi }; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; }; }; } ); }