pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.boot.loader.systemd-boot;
7
8 efi = config.boot.loader.efi;
9
10 gummibootBuilder = pkgs.substituteAll {
11 src = ./systemd-boot-builder.py;
12
13 isExecutable = true;
14
15 inherit (pkgs) python3;
16
17 systemd = config.systemd.package;
18
19 nix = config.nix.package.out;
20
21 timeout = if config.boot.loader.timeout != null then config.boot.loader.timeout else "";
22
23 editor = if cfg.editor then "True" else "False";
24
25 inherit (efi) efiSysMountPoint canTouchEfiVariables;
26 };
27in {
28
29 imports =
30 [ (mkRenamedOptionModule [ "boot" "loader" "gummiboot" "enable" ] [ "boot" "loader" "systemd-boot" "enable" ])
31 ];
32
33 options.boot.loader.systemd-boot = {
34 enable = mkOption {
35 default = false;
36
37 type = types.bool;
38
39 description = "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager";
40 };
41
42 editor = mkOption {
43 default = true;
44
45 type = types.bool;
46
47 description = ''
48 Whether to allow editing the kernel command-line before
49 boot. It is recommended to set this to false, as it allows
50 gaining root access by passing init=/bin/sh as a kernel
51 parameter. However, it is enabled by default for backwards
52 compatibility.
53 '';
54 };
55 };
56
57 config = mkIf cfg.enable {
58 assertions = [
59 {
60 assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub;
61
62 message = "This kernel does not support the EFI boot stub";
63 }
64 ];
65
66 boot.loader.grub.enable = mkDefault false;
67
68 boot.loader.supportsInitrdSecrets = true;
69
70 system = {
71 build.installBootLoader = gummibootBuilder;
72
73 boot.loader.id = "systemd-boot";
74
75 requiredKernelConfig = with config.lib.kernelConfig; [
76 (isYes "EFI_STUB")
77 ];
78 };
79 };
80}