modularizing kernel and loader settings

2024-09-22 14:30:06 +02:00
parent 6f53da8393
commit 50d554b6f6
22 changed files with 294 additions and 84 deletions
--- a/system/modules/boot/kernel/default.nix
+++ b/system/modules/boot/kernel/default.nix
@@ -0,0 +1,72 @@
+# kernel.nix
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkOption;
+  cfg = config.modules.boot.kernel;
+in {
+  options = {
+    modules.boot.kernel = {
+      variant = mkOption {
+        type = lib.types.enum ["latest" "cachyos"];
+        default = "latest";
+        description = "Kernel variant to use.";
+      };
+
+      hardware = mkOption {
+        type = lib.types.enum ["amd" "nvidia"];
+        default = "amd";
+        description = "Hardware type (GPU) configuration.";
+      };
+
+      extraKernelParams = mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [];
+        description = "Additional kernel parameters.";
+      };
+
+      extraBlacklistedModules = mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [];
+        description = "Additional kernel modules to blacklist.";
+      };
+    };
+  };
+
+  config = {
+    boot = {
+      consoleLogLevel = 3;
+
+      kernelPackages = (
+        if cfg.variant == "latest"
+        then pkgs.linuxPackages_latest
+        else if cfg.variant == "cachyos"
+        then pkgs.linuxPackages_cachyos
+        else pkgs.linuxPackages
+      );
+
+      kernelParams =
+        [
+          "quiet"
+          "splash"
+        ]
+        ++ (
+          if cfg.hardware == "amd"
+          then ["amd_pstate=active"]
+          else []
+        )
+        ++ cfg.extraKernelParams;
+
+      blacklistedKernelModules =
+        (
+          if cfg.hardware == "nvidia"
+          then ["nouveau"]
+          else []
+        )
+        ++ cfg.extraBlacklistedModules;
+    };
+  };
+}
--- a/system/modules/boot/loader/default.nix
+++ b/system/modules/boot/loader/default.nix
@@ -0,0 +1,60 @@
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  inherit (lib) mkIf mkEnableOption mkMerge mkForce;
+  cfg = config.modules.boot.loader;
+in {
+  options = {
+    modules.boot.loader = {
+      default = {
+        enable = mkEnableOption "Enable default boot loader configuration.";
+      };
+      lanzaboote = {
+        enable = mkEnableOption "Enable Lanzaboote boot loader configuration.";
+      };
+    };
+  };
+
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  config = mkMerge [
+    {
+      assertions = [
+        {
+          assertion = !(cfg.default.enable && cfg.lanzaboote.enable);
+          message = "Only one of modules.boot.loader.default.enable and modules.boot.loader.lanzaboote.enable can be set to true.";
+        }
+      ];
+    }
+
+    (mkIf cfg.default.enable {
+      # Default boot loader configuration
+      boot.loader = {
+        systemd-boot.enable = true;
+        systemd-boot.graceful = true;
+        efi.canTouchEfiVariables = false;
+      };
+    })
+
+    (mkIf cfg.lanzaboote.enable {
+      # Lanzaboote boot loader configuration
+      boot = {
+        lanzaboote = {
+          enable = true;
+          pkiBundle = "/etc/secureboot";
+        };
+
+        # We let Lanzaboote install systemd-boot
+        loader.systemd-boot.enable = mkForce false;
+      };
+
+      environment.systemPackages = [pkgs.sbctl];
+    })
+  ];
+}