From cb3389bce6e7babb17284eb20a3ed138260861ea Mon Sep 17 00:00:00 2001 From: tux Date: Sun, 10 May 2026 04:54:52 +0530 Subject: [PATCH] feat(boot): configure systemd-boot and GRUB based on options --- modules/nixos/boot/loader.nix | 31 +++++++++++++++++++++++++----- modules/nixos/boot/secure-boot.nix | 11 ++++++++--- 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/modules/nixos/boot/loader.nix b/modules/nixos/boot/loader.nix index 1b72e14..1823475 100644 --- a/modules/nixos/boot/loader.nix +++ b/modules/nixos/boot/loader.nix @@ -1,8 +1,29 @@ { - flake.modules.nixos.boot = { - boot.loader = { - timeout = 1; - efi.canTouchEfiVariables = true; + flake.modules.nixos.boot = + { config, lib, ... }: + let + cfg = config.tnix.boot; + in + { + options.tnix.boot.legacy = { + enable = lib.mkEnableOption "legacy boot (GRUB) instead of systemd-boot"; + }; + + config = lib.mkMerge [ + { + boot.loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + }; + } + + (lib.mkIf (!cfg.legacy.enable && !cfg.secure-boot.enable) { + boot.loader.systemd-boot.enable = true; + }) + + (lib.mkIf cfg.legacy.enable { + boot.loader.grub.enable = true; + }) + ]; }; - }; } diff --git a/modules/nixos/boot/secure-boot.nix b/modules/nixos/boot/secure-boot.nix index 1f319ab..49065e7 100644 --- a/modules/nixos/boot/secure-boot.nix +++ b/modules/nixos/boot/secure-boot.nix @@ -18,11 +18,16 @@ }; config = lib.mkIf cfg.secure-boot.enable { - environment.systemPackages = [ - pkgs.sbctl + assertions = [ + { + assertion = !cfg.legacy.enable; + message = "secure-boot and legacy boot (GRUB) cannot be enabled at the same time"; + } ]; - # Lanzaboote currently replaces the systemd-boot module. + environment.systemPackages = [ pkgs.sbctl ]; + + # Lanzaboote replaces systemd-boot, so force it off boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote = {