1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
pov,
config,
lib,
pkgs,
...
}:
let
inherit (lib) types;
cfg = lib.getAttrFromPath pov config;
in
{
option = {
type = types.bool;
default = false;
};
config = lib.mkIf (cfg.enable && (cfg.type == "uefi")) (
lib.mkMerge [
(lib.mkIf cfg.secureboot {
environment.systemPackages = with pkgs; [ sbctl ];
modules.filesystem.impermanence.system.dirs = [
"/var/lib/sbctl"
];
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
inherit (cfg) configurationLimit;
};
loader.systemd-boot.enable = lib.mkForce false;
};
})
(lib.mkIf (!cfg.secureboot) {
boot.loader.systemd-boot = {
enable = true;
inherit (cfg) configurationLimit;
};
})
]
);
}