codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix/modules/nixos/hardware/default.nix
Ameya Shenoy 4998e822a7 feat: init 
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
2024-11-11 01:48:40 +05:30

75 lines
2.3 KiB
Nix
Raw Blame History

{ config, lib, ... }: {
options.snowflake.hardware = {
isEfi =
lib.mkEnableOption "pick systemd-boot if an EFI system or grub otherwise";
diskDevice = lib.mkOption {
type = lib.types.str;
description = "path to disk device eg. /dev/sda";
};
isInitrdLuksUnlockingEnabled =
lib.mkEnableOption "enable SSH in initrd to remotely unlock LUKS device";
xbootldrMountPoint = lib.mkOption {
type = lib.types.str;
default = "";
description = "mount point for boot";
};
efiSysMountPoint = lib.mkOption {
type = lib.types.str;
default = "";
description = "mount point for efi";
};
};
config = {
boot = {
loader = if config.snowflake.hardware.isEfi then {
systemd-boot = {
enable = true;
xbootldrMountPoint =
if config.snowflake.hardware.xbootldrMountPoint != "" then
config.snowflake.hardware.xbootldrMountPoint
else
null;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint =
if config.snowflake.hardware.efiSysMountPoint != "" then
config.snowflake.hardware.efiSysMountPoint
else
"/boot";
};
} else {
grub = {
enable = true;
device = config.snowflake.hardware.diskDevice;
useOSProber = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
};
# Enable remote LUKS unlocking. This allows remote SSH to unlock LUKS
# encrypted root. $ ssh root@<ip> While in the shell, run
# `cryptsetup-askpass` to trigger the unlock prompt.
initrd = lib.mkIf config.snowflake.hardware.isInitrdLuksUnlockingEnabled {
network = {
flushBeforeStage2 = true;
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
# Use DHCP to figure out the IP address.
kernelParams =
lib.mkIf config.snowflake.hardware.isInitrdLuksUnlockingEnabled
[ "ip=dhcp" ];
};
};
}
Reference in a new issue View git blame Copy permalink