blob: 1e6fa99b02ca85ea4a055a6e9cfb702ab3e7d4dd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
{
config,
lib,
pkgs,
...
}: let
cfg = config.soispha.boot;
in {
options.soispha.boot = {
enable = lib.mkEnableOption "Bootloader configuration";
# TODO: Add this option <2024-05-16>
# enableIsoEntry = lib.mkEnableOption "an tails iso boot entry";
};
config = lib.mkIf cfg.enable (
# let
# cfg = config.boot.loader.systemd-boot;
# inherit (config.boot.loader) efi;
#
# esa = n: lib.strings.escapeShellArg n;
#
# bootMountPoint =
# if cfg.xbootldrMountPoint != null
# then cfg.xbootldrMountPoint
# else efi.efiSysMountPoint;
#
# nixosDir = "/EFI/nixos";
#
# # FIXME: This system has two big problems:
# # 1. It does not updated files, which still have the same name
# # 2. It forgets about files, which were 'deleted' in this configuration (these just
# # stay on disk forever) <2024-05-11>
# copyExtraFiles = ''
# echo "[systemd-boot] copying files to ${bootMountPoint}"
# empty_file=$(mktemp)
#
# ${lib.concatStrings (lib.mapAttrsToList (n: v:
# /*
# bash
# */
# ''
# if ! [ -e ${esa "${bootMountPoint}/${n}"} ]; then
# install -Dp "${v}" ${esa "${bootMountPoint}/${n}"}
# install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/${n}"}
# fi
# '')
# cfg.extraFiles)}
#
# ${lib.concatStrings (lib.mapAttrsToList (n: v:
# /*
# bash
# */
# ''
# # if ! [ -e ${esa "${bootMountPoint}/loader/entries/${n}"} ]; then
# install -Dp "${pkgs.writeText n v}" ${esa "${bootMountPoint}/loader/entries/${n}"}
# install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/${n}"}
# # fi
# '')
# cfg.extraEntries)}
# '';
# in
{
# FIXME: Reactviate this whole iso thing when a disko redeploy is done.
# (and switch to tails instead of arch) <2024-05-12>
#
# system.activationScripts = {
# copyExtraFilesForBoot = copyExtraFiles;
# };
boot = {
initrd = {
kernelModules = ["nvme" "btrfs"];
};
kernelPackages = pkgs.linuxPackages_latest;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
# Disable editing the kernel command line (which could allow someone to become root)
editor = false;
};
};
loader = {
systemd-boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
enable = false;
# extraEntries = {
# "live.conf" = ''
# title Archlinux Live ISO
# linux /live/vmlinuz-linux
# initrd /live/initramfs-linux.img
# options img_dev=${config.soispha.disks.disk} img_loop=/archlinux.iso copytoram
# '';
# };
#
# extraFiles = let
# iso = import ./archlive_iso.nix {inherit pkgs;};
# in {
# "archlinux.iso" = "${iso}/archlinux.iso";
# "live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img";
# "live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux";
# };
};
grub = {
enable = false;
# theme = pkgs.nixos-grub2-theme;
splashImage = ./boot_pictures/gnu.png;
efiSupport = true;
device = "nodev"; # only for efi
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
}
);
}
|
