Begin the move to the import all, activate by config model

2024-11-04 22:41:38 -05:00 · 2024-11-04 22:41:38 -05:00 · 07cb2d67a2
commit 07cb2d67a2
parent 7397b614de
97 changed files with 776 additions and 633 deletions
--- a/modules/system/devices/boot/lanzaboote/default.nix
+++ b/modules/system/devices/boot/lanzaboote/default.nix
@ -1,15 +1,25 @@
-{ lanzaboote, pkgs, ... }:
+{ lanzaboote, lib, config, pkgs, ... }:
 {
-  imports = [
-    lanzaboote.nixosModules.lanzaboote
-  ];
+  imports = [ lanzaboote.nixosModules.lanzaboote ];

-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/etc/secureboot";
+  options.system.lanzaboote = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable Lanzaboote and force disable Systemd-boot";
+    };
  };

-  environment.systemPackages = with pkgs; [
-    sbctl
-  ];
+  config = lib.mkIf config.system.lanzaboote.enable {
+    boot = {
+      loader.systemd-boot.enable = lib.mkForce false;
+
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+      };
+    };
+
+    environment.systemPackages = with pkgs; [ sbctl ];
+  };
 }