From b3200ec3811236263ab47c892e73e7fc6f408a28 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Fri, 20 Dec 2024 21:31:05 -0500 Subject: [PATCH] flake: add lanzaboote and systemd-boot modules; hosts: move bootloader settings to modules (#198) --- common/lanzaboote.nix | 15 +++++++++++++++ common/systemd-boot.nix | 10 ++++++++++ flake.nix | 2 ++ hosts/fallarbor/default.nix | 6 +----- hosts/lavaridge/default.nix | 15 +-------------- hosts/mauville/default.nix | 21 +++------------------ hosts/rustboro/default.nix | 15 +-------------- 7 files changed, 33 insertions(+), 51 deletions(-) create mode 100644 common/lanzaboote.nix create mode 100644 common/systemd-boot.nix diff --git a/common/lanzaboote.nix b/common/lanzaboote.nix new file mode 100644 index 00000000..460bc53a --- /dev/null +++ b/common/lanzaboote.nix @@ -0,0 +1,15 @@ +{lib, ...}: { + boot = { + initrd.systemd.enable = true; + + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = lib.mkForce false; + }; + }; +} diff --git a/common/systemd-boot.nix b/common/systemd-boot.nix new file mode 100644 index 00000000..ab6ab3e5 --- /dev/null +++ b/common/systemd-boot.nix @@ -0,0 +1,10 @@ +{...}: { + boot = { + initrd.systemd.enable = true; + + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + }; +} diff --git a/flake.nix b/flake.nix index a507d134..ec32be6b 100644 --- a/flake.nix +++ b/flake.nix @@ -160,10 +160,12 @@ nixosModules = { common-auto-upgrade = import ./common/autoUpgrade.nix; common-base = import ./common/base.nix; + common-lanzaboote = import ./common/lanzaboote.nix; common-locale = import ./common/locale.nix; common-mauville-share = import ./common/samba.nix; common-nix = import ./common/nix.nix; common-pkgs = import ./common/pkgs.nix; + common-systemd-boot = import ./common/systemd-boot.nix; common-tailscale = import ./common/tailscale.nix; common-wifi-profiles = import ./common/wifi.nix; diff --git a/hosts/fallarbor/default.nix b/hosts/fallarbor/default.nix index c9f97faf..0f77e5e5 100644 --- a/hosts/fallarbor/default.nix +++ b/hosts/fallarbor/default.nix @@ -15,15 +15,11 @@ self.nixosModules.common-mauville-share self.nixosModules.common-nix self.nixosModules.common-pkgs + self.nixosModules.common-systemd-boot self.nixosModules.common-wifi-profiles self.nixosModules.hw-framework-13-intel-11th ]; - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - environment.variables.GDK_SCALE = "1.5"; networking.hostName = "fallarbor"; system.stateVersion = "24.05"; diff --git a/hosts/lavaridge/default.nix b/hosts/lavaridge/default.nix index e9363f29..20ca3673 100644 --- a/hosts/lavaridge/default.nix +++ b/hosts/lavaridge/default.nix @@ -13,6 +13,7 @@ (import ./../../disko/luks-btrfs-subvolumes.nix {disks = ["/dev/nvme0n1"];}) self.nixosModules.common-auto-upgrade self.nixosModules.common-base + self.nixosModules.common-lanzaboote self.nixosModules.common-locale self.nixosModules.common-mauville-share self.nixosModules.common-nix @@ -23,20 +24,6 @@ self.nixosModules.hw-framework-13-amd-7000 ]; - boot = { - initrd.systemd.enable = true; - - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = lib.mkForce false; - }; - }; - environment.variables.GDK_SCALE = "2"; networking.hostName = "lavaridge"; diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix index fc95a90c..e00ea044 100644 --- a/hosts/mauville/default.nix +++ b/hosts/mauville/default.nix @@ -17,6 +17,7 @@ in { ./stylix.nix self.nixosModules.common-auto-upgrade self.nixosModules.common-base + self.nixosModules.common-lanzaboote self.nixosModules.common-locale self.nixosModules.common-nix self.nixosModules.common-pkgs @@ -26,27 +27,11 @@ in { self.nixosModules.hw-common-amd-cpu self.nixosModules.hw-common-amd-gpu self.nixosModules.hw-common-bluetooth - self.nixosModules.hw-common-ssd self.nixosModules.hw-common-gaming + self.nixosModules.hw-common-ssd ]; - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"]; - systemd.enable = true; - }; - - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = lib.mkForce false; - }; - }; - + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"]; networking.hostName = "mauville"; services = { diff --git a/hosts/rustboro/default.nix b/hosts/rustboro/default.nix index dc3498c8..09008ffe 100644 --- a/hosts/rustboro/default.nix +++ b/hosts/rustboro/default.nix @@ -12,6 +12,7 @@ (import ./../../disko/luks-btrfs-subvolumes.nix {disks = ["/dev/sda"];}) self.nixosModules.common-auto-upgrade self.nixosModules.common-base + self.nixosModules.common-lanzaboote self.nixosModules.common-locale self.nixosModules.common-mauville-share self.nixosModules.common-nix @@ -21,20 +22,6 @@ self.nixosModules.hw-thinkpad-t440p ]; - boot = { - initrd.systemd.enable = true; - - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = lib.mkForce false; - }; - }; - environment.variables.GDK_SCALE = "1.25"; networking.hostName = "rustboro"; system.stateVersion = "24.05";