nix-dotfiles/modules/boot.nix

{ config, lib, libS, ... }:

let cfg = config.boot;
in {
  options = {
    boot = {
      default = libS.mkOpinionatedOption "enable the boot builder";
      cpuType = lib.mkOption {
        type = lib.types.str;
        example = "amd";
        default = "";
        description = "The cpu-type installed on the server.";
      };
      amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
      filesystem = lib.mkOption {
        type = lib.types.str;
        example = "btrfs";
        default = "ext4";
        description = "The filesystem installed.";
      };
      fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encrytion";
      useSystemdBoot = libS.mkOpinionatedOption "use systemd boot";
    };
  };

  config.boot = lib.mkIf cfg.default {
    initrd = {
      # networking for netcard kernelModules = [ "e1000e" ];
      kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];

      network = lib.mkIf cfg.fullDiskEncryption {
        enable = true;
        ssh = {
          enable = true;
          port = 2222;
        };
      };
    };

    supportedFilesystems = [ cfg.filesystem ];
    tmp.useTmpfs = true;
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
    kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";

    zfs = lib.mkIf (cfg.filesystem == "zfs") {
      enableUnstable = true;
      devNodes = "/dev/disk/by-id/";
      forceImportRoot = true;
    };

    loader = {
      efi = { canTouchEfiVariables = false; };
      generationsDir.copyKernels = true;
      systemd-boot.enable = lib.mkIf cfg.useSystemdBoot true;
      grub = lib.mkIf (!cfg.useSystemdBoot) {
        enable = true;
        copyKernels = true;
        zfsSupport = lib.mkIf (cfg.filesystem == "zfs") true;
        efiSupport = true;
        efiInstallAsRemovable = true;
        fsIdentifier = "uuid";
        enableCryptodisk = lib.mkIf cfg.fullDiskEncryption true;
      };
    };
  };
}
first usable configuration 2023-12-24 20:09:35 +01:00			`{ config, lib, libS, ... }:`

enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`let cfg = config.boot;`
			`in {`
Feature email server (#14) * formatting * update * add mailserver * flake update 2024-01-02 16:30:08 +01:00			`options = {`
			`boot = {`
			`default = libS.mkOpinionatedOption "enable the boot builder";`
add home-manager 2023-12-25 03:39:20 +01:00			`cpuType = lib.mkOption {`
			`type = lib.types.str;`
			`example = "amd";`
			`default = "";`
			`description = "The cpu-type installed on the server.";`
			`};`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";`
add boot filesystem option 2023-12-26 03:20:07 +01:00			`filesystem = lib.mkOption {`
			`type = lib.types.str;`
			`example = "btrfs";`
add grub bootloader device 2023-12-26 04:07:18 +01:00			`default = "ext4";`
add boot filesystem option 2023-12-26 03:20:07 +01:00			`description = "The filesystem installed.";`
			`};`
fix user public keys 2023-12-25 18:54:38 +01:00			`fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encrytion";`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`useSystemdBoot = libS.mkOpinionatedOption "use systemd boot";`
first usable configuration 2023-12-24 20:09:35 +01:00			`};`
			`};`

			`config.boot = lib.mkIf cfg.default {`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`initrd = {`
			`# networking for netcard kernelModules = [ "e1000e" ];`
			`kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];`

fix user public keys 2023-12-25 18:54:38 +01:00			`network = lib.mkIf cfg.fullDiskEncryption {`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`enable = true;`
fix user public keys 2023-12-25 18:54:38 +01:00			`ssh = {`
			`enable = true;`
			`port = 2222;`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`};`
			`};`
			`};`

add boot filesystem option 2023-12-26 03:20:07 +01:00			`supportedFilesystems = [ cfg.filesystem ];`
first usable configuration 2023-12-24 20:09:35 +01:00			`tmp.useTmpfs = true;`
			`kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";`
add fulldiskencryption 2023-12-25 04:27:28 +01:00
add boot filesystem option 2023-12-26 03:20:07 +01:00			`zfs = lib.mkIf (cfg.filesystem == "zfs") {`
first usable configuration 2023-12-24 20:09:35 +01:00			`enableUnstable = true;`
			`devNodes = "/dev/disk/by-id/";`
			`forceImportRoot = true;`
			`};`
add fulldiskencryption 2023-12-25 04:27:28 +01:00
first usable configuration 2023-12-24 20:09:35 +01:00			`loader = {`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`efi = { canTouchEfiVariables = false; };`
first usable configuration 2023-12-24 20:09:35 +01:00			`generationsDir.copyKernels = true;`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`systemd-boot.enable = lib.mkIf cfg.useSystemdBoot true;`
			`grub = lib.mkIf (!cfg.useSystemdBoot) {`
			`enable = true;`
			`copyKernels = true;`
			`zfsSupport = lib.mkIf (cfg.filesystem == "zfs") true;`
			`efiSupport = true;`
			`efiInstallAsRemovable = true;`
			`fsIdentifier = "uuid";`
			`enableCryptodisk = lib.mkIf cfg.fullDiskEncryption true;`
first usable configuration 2023-12-24 20:09:35 +01:00			`};`
			`};`
			`};`
Switch to systemd-boot Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 22:59:17 -05:00			`}`