nix-dotfiles/modules/boot.nix

{
  config,
  lib,
  libS,
  pkgs,
  ...
}:

let
  cfg = config.boot;
in
{
  options = {
    boot = {
      default = libS.mkOpinionatedOption "enable the boot builder";
      fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encryption";
      useSystemdBoot = libS.mkOpinionatedOption "use systemd boot";
      cpuType = lib.mkOption {
        type = lib.types.str;
        example = "amd";
        default = "";
        description = "The cpu-type installed on the server.";
      };

      amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
      filesystem = lib.mkOption {
        type = lib.types.str;
        example = "btrfs";
        default = "ext4";
        description = "The filesystem installed.";
      };
    };
  };

  config.boot = lib.mkIf cfg.default {
    supportedFilesystems = [ cfg.filesystem ];
    tmp.useTmpfs = true;
    kernelParams = [
      "nordrand"
    ]
    ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
    ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
    initrd = {
      kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
      network = lib.mkIf cfg.fullDiskEncryption {
        enable = true;
        ssh = {
          enable = true;
          port = 2222;
        };
      };
    };

    zfs = lib.mkIf (cfg.filesystem == "zfs") {
      devNodes = "/dev/disk/by-id/";
      forceImportRoot = true;
    };

    loader = {
      efi.canTouchEfiVariables = false;
      generationsDir.copyKernels = true;
      systemd-boot = lib.mkIf cfg.useSystemdBoot {
        enable = true;
        configurationLimit = 10;
      };
      grub = lib.mkIf (!cfg.useSystemdBoot) {
        enable = lib.mkForce true;
        copyKernels = true;
        zfsSupport = lib.mkIf (cfg.filesystem == "zfs") true;
        efiSupport = true;
        efiInstallAsRemovable = true;
        fsIdentifier = "uuid";
        enableCryptodisk = lib.mkIf cfg.fullDiskEncryption true;
      };
    };
  };
}
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`{`
			`config,`
			`lib,`
			`libS,`
flip back to unstable, fix kernel warning 2024-10-08 23:39:17 -04:00			`pkgs,`
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`...`
			`}:`
first usable configuration 2023-12-24 20:09:35 +01:00
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`let`
			`cfg = config.boot;`
			`in`
			`{`
Feature email server (#14) * formatting * update * add mailserver * flake update 2024-01-02 16:30:08 +01:00			`options = {`
			`boot = {`
			`default = libS.mkOpinionatedOption "enable the boot builder";`
updated default boot limit config 2024-05-05 11:44:03 -04:00			`fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encryption";`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`useSystemdBoot = libS.mkOpinionatedOption "use systemd boot";`
add home-manager 2023-12-25 03:39:20 +01:00			`cpuType = lib.mkOption {`
			`type = lib.types.str;`
			`example = "amd";`
			`default = "";`
			`description = "The cpu-type installed on the server.";`
			`};`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";`
add boot filesystem option 2023-12-26 03:20:07 +01:00			`filesystem = lib.mkOption {`
			`type = lib.types.str;`
			`example = "btrfs";`
add grub bootloader device 2023-12-26 04:07:18 +01:00			`default = "ext4";`
add boot filesystem option 2023-12-26 03:20:07 +01:00			`description = "The filesystem installed.";`
			`};`
first usable configuration 2023-12-24 20:09:35 +01:00			`};`
			`};`

			`config.boot = lib.mkIf cfg.default {`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`supportedFilesystems = [ cfg.filesystem ];`
			`tmp.useTmpfs = true;`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`kernelParams = [`
			`"nordrand"`
			`]`
			`++ lib.optional (cfg.cpuType == "amd") "kvm-amd"`
			`++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`initrd = {`
			`kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];`
fix user public keys 2023-12-25 18:54:38 +01:00			`network = lib.mkIf cfg.fullDiskEncryption {`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`enable = true;`
fix user public keys 2023-12-25 18:54:38 +01:00			`ssh = {`
			`enable = true;`
			`port = 2222;`
add fulldiskencryption 2023-12-25 04:27:28 +01:00			`};`
			`};`
			`};`

add boot filesystem option 2023-12-26 03:20:07 +01:00			`zfs = lib.mkIf (cfg.filesystem == "zfs") {`
first usable configuration 2023-12-24 20:09:35 +01:00			`devNodes = "/dev/disk/by-id/";`
			`forceImportRoot = true;`
			`};`
add fulldiskencryption 2023-12-25 04:27:28 +01:00
first usable configuration 2023-12-24 20:09:35 +01:00			`loader = {`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`efi.canTouchEfiVariables = false;`
first usable configuration 2023-12-24 20:09:35 +01:00			`generationsDir.copyKernels = true;`
updated default boot limit config 2024-05-05 11:44:03 -04:00			`systemd-boot = lib.mkIf cfg.useSystemdBoot {`
			`enable = true;`
			`configurationLimit = 10;`
			`};`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`grub = lib.mkIf (!cfg.useSystemdBoot) {`
Created fabius user (raspberry pi 5). Changed flake.nix. (#76) * Created fabius user (raspberry pi 5). Changed flake.nix. * add custom iso type * change to crossPkgs * add crossCompile aarch64 2024-02-06 20:35:02 +01:00			`enable = lib.mkForce true;`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`copyKernels = true;`
			`zfsSupport = lib.mkIf (cfg.filesystem == "zfs") true;`
			`efiSupport = true;`
			`efiInstallAsRemovable = true;`
			`fsIdentifier = "uuid";`
			`enableCryptodisk = lib.mkIf cfg.fullDiskEncryption true;`
first usable configuration 2023-12-24 20:09:35 +01:00			`};`
			`};`
			`};`
Switch to systemd-boot Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 22:59:17 -05:00			`}`