45 lines
918 B
Nix
45 lines
918 B
Nix
{
|
|
config,
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.${namespace}.bootloader.lanzaboote;
|
|
inherit (lib.${namespace}) mkOpt;
|
|
in
|
|
{
|
|
options.${namespace}.bootloader.lanzaboote = {
|
|
enable = mkEnableOption "enable lanzaboote";
|
|
|
|
configLimit = mkOpt types.int 10 "Number of boot items to keep";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
assertion = cfg.configLimit > 0;
|
|
message = "mjallen.bootloader.lanzaboote.configLimit must be a positive integer (got ${toString cfg.configLimit}).";
|
|
}
|
|
];
|
|
|
|
boot = {
|
|
loader = {
|
|
efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "/boot";
|
|
};
|
|
};
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/etc/secureboot";
|
|
settings = {
|
|
console-mode = "max";
|
|
};
|
|
configurationLimit = cfg.configLimit;
|
|
};
|
|
};
|
|
};
|
|
}
|