{ config, pkgs, system, lib, namespace, ... }: with lib; let inherit (lib.${namespace}) mkOpt mkBoolOpt; cfg = config.${namespace}.boot.common; isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system); in { options.${namespace}.boot.common = { enable = mkBoolOpt true "Enable common boot stuff"; yubikeyEncryption = mkBoolOpt false "Enable Yubikey root encryption"; yubikeyGracePeriod = mkOpt types.int 180 "Time to wait for yubikey in seconds"; }; config = mkIf cfg.enable { boot = { kernelModules = [ "kvm" ]; kernelParams = lib.mkDefault [ "quiet" "splash" "udev.log_level=3" ]; binfmt = lib.mkIf isArm { registrations."x86_64-linux" = { magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00''; mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff''; openBinary = true; interpreter = "${lib.getExe pkgs.box64}"; preserveArgvZero = true; matchCredentials = true; fixBinary = false; }; }; supportedFilesystems = { bcachefs = lib.mkOverride 90 true; btrfs = lib.mkOverride 90 true; }; consoleLogLevel = lib.mkDefault 0; bootspec.enable = (!isArm); initrd = { verbose = lib.mkDefault false; availableKernelModules = { bcachefs = lib.mkOverride 90 true; btrfs = lib.mkOverride 90 true; }; kernelModules = { bcachefs = lib.mkOverride 90 true; btrfs = lib.mkOverride 90 true; }; systemd.storePaths = with pkgs; [ bcachefs-tools ]; luks = mkIf cfg.yubikeyEncryption { devices = { "${config.disko.devices.disk.main.content.partitions.root.name}" = { yubikey = { storage = { device = "/dev/disk/by-label/${config.disko.devices.disk.main.content.partitions.root.name}"; fsType = config.${namespace}.hardware.disko.filesystem; path = "/"; }; slot = 2; twoFactor = false; gracePeriod = yubikeyGracePeriod; }; }; }; }; }; }; zramSwap.enable = lib.mkDefault true; }; }