2024-07-28 11:15:10 +02:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
2023-10-22 17:12:42 +02:00
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
luksDevicesModule = types.submodule {
|
|
|
|
options.name = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
The partition name.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
options.deviceUUID = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
The partition device UUID.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
options.isPreLVM = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
example = true;
|
|
|
|
description = ''
|
|
|
|
Whether the decrypted partition will be a LVM device.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
2024-07-28 11:15:10 +02:00
|
|
|
options.enableSystemdBoot = mkOption {
|
2023-10-22 17:12:42 +02:00
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
example = false;
|
|
|
|
description = ''
|
2024-07-28 11:15:10 +02:00
|
|
|
Whether or not enable the default systemd boot system.
|
2023-10-22 17:12:42 +02:00
|
|
|
Can be useful for devices using u-boot.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
options.luksDevices = mkOption {
|
|
|
|
type = types.listOf luksDevicesModule;
|
|
|
|
default = [ ];
|
|
|
|
description = ''
|
|
|
|
List of LUKS devices.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
2024-04-11 20:15:47 +02:00
|
|
|
boot.initrd.luks.devices = builtins.listToAttrs (
|
|
|
|
map (fs: {
|
2023-10-22 17:12:42 +02:00
|
|
|
name = fs.name;
|
|
|
|
value = {
|
|
|
|
device = "/dev/disk/by-uuid/${fs.deviceUUID}";
|
|
|
|
preLVM = fs.isPreLVM;
|
|
|
|
};
|
2024-04-11 20:15:47 +02:00
|
|
|
}) config.luksDevices
|
|
|
|
);
|
2023-10-22 17:12:42 +02:00
|
|
|
|
2024-07-28 11:15:10 +02:00
|
|
|
boot.loader.systemd-boot.enable = false;
|
|
|
|
boot.lanzaboote = lib.mkIf config.enableSystemdBoot {
|
|
|
|
enable = true;
|
|
|
|
pkiBundle = "/etc/secureboot";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = lib.mkIf config.enableSystemdBoot [ pkgs.sbctl ];
|
2023-10-22 17:12:42 +02:00
|
|
|
};
|
|
|
|
}
|