.github
.vscode
docs
hydra
keys
lib
modules
autopull.nix
base.nix
boot.nix
docker.nix
endlessh.nix
fail2ban.nix
generators.nix
kub_net.nix
libs.nix
locale.nix
nix.nix
openssh.nix
pam-fingerprint-swap.nix
plocate.nix
programs.nix
update.nix
systems
users
.envrc
.gitconfig
.gitignore
.sops.yaml
checks.nix
flake.lock
flake.nix
shell.nix
sops-mergetool.sh
statix.toml
treefmt.toml
77 lines
2.0 KiB
Nix
77 lines
2.0 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
libS,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.boot;
|
|
in
|
|
{
|
|
options = {
|
|
boot = {
|
|
default = libS.mkOpinionatedOption "enable the boot builder";
|
|
fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encryption";
|
|
useSystemdBoot = libS.mkOpinionatedOption "use systemd boot";
|
|
cpuType = lib.mkOption {
|
|
type = lib.types.str;
|
|
example = "amd";
|
|
default = "";
|
|
description = "The cpu-type installed on the server.";
|
|
};
|
|
|
|
amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
|
|
filesystem = lib.mkOption {
|
|
type = lib.types.str;
|
|
example = "btrfs";
|
|
default = "ext4";
|
|
description = "The filesystem installed.";
|
|
};
|
|
};
|
|
};
|
|
|
|
config.boot = lib.mkIf cfg.default {
|
|
supportedFilesystems = [ cfg.filesystem ];
|
|
tmp.useTmpfs = true;
|
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
kernelParams =
|
|
[ "nordrand" ]
|
|
++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
|
|
++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
|
|
initrd = {
|
|
kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
|
|
network = lib.mkIf cfg.fullDiskEncryption {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
port = 2222;
|
|
};
|
|
};
|
|
};
|
|
|
|
zfs = lib.mkIf (cfg.filesystem == "zfs") {
|
|
devNodes = "/dev/disk/by-id/";
|
|
forceImportRoot = true;
|
|
};
|
|
|
|
loader = {
|
|
efi.canTouchEfiVariables = false;
|
|
generationsDir.copyKernels = true;
|
|
systemd-boot = lib.mkIf cfg.useSystemdBoot {
|
|
enable = true;
|
|
configurationLimit = 10;
|
|
};
|
|
grub = lib.mkIf (!cfg.useSystemdBoot) {
|
|
enable = lib.mkForce true;
|
|
copyKernels = true;
|
|
zfsSupport = lib.mkIf (cfg.filesystem == "zfs") true;
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
fsIdentifier = "uuid";
|
|
enableCryptodisk = lib.mkIf cfg.fullDiskEncryption true;
|
|
};
|
|
};
|
|
};
|
|
}
|