diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-06 07:04:03 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-06 07:04:03 -0700 |
commit | 679497cf607e59cb4c62d80174228e776369751f (patch) | |
tree | 21e0f1e9436f1aabfe146d9aaec0dd36fbb06dd5 /modules/system/boot | |
parent | refactor configuration for AMD (diff) | |
download | world-679497cf607e59cb4c62d80174228e776369751f.tar.gz |
refactor boot configuration to a module
We don't need the previous `hosts/common/system` configs anymore, as everything has been moved out. We keep some boot configuration for carmel in the host configuration for now, but I need to check why I don't have similar settings for tahoe (since I also need to unlock the host remotely).
Diffstat (limited to 'modules/system/boot')
-rw-r--r-- | modules/system/boot/default.nix | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix new file mode 100644 index 0000000..b037f63 --- /dev/null +++ b/modules/system/boot/default.nix @@ -0,0 +1,44 @@ +{ pkgs, config, lib, ... }: +let cfg = config.my.system.boot; +in { + options.my.system.boot = with lib; { + tmp = { clean = mkEnableOption "clean `/tmp` on boot."; }; + initrd = { + network = { enable = mkEnableOption "enable SSH with initrd"; }; + }; + }; + + config = { + boot = { + loader = { + # Use the systemd-boot EFI boot loader. + systemd-boot.enable = true; + # Prohibits gaining root access by passing init=/bin/sh as a kernel parameter + systemd-boot.editor = false; + efi.canTouchEfiVariables = true; + }; + + kernelPackages = pkgs.linuxPackages_latest; + cleanTmpDir = cfg.tmp.clean; + tmpOnTmpfs = true; + + initrd = { + luks.devices."system".allowDiscards = true; + network = lib.mkIf cfg.initrd.network.enable { + enable = true; + postCommands = '' + echo "cryptsetup-askpass; exit" > /root/.profile + ''; + ssh = { + enable = true; + port = 2222; + hostKeys = + [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ]; + authorizedKeys = + config.users.users.fcuny.openssh.authorizedKeys.keys; + }; + }; + }; + }; + }; +} |