{ config, lib, pkgs, ... }: let inherit (lib.modules) mkForce; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) int; cfg = config.modules.system.boot; in { options.modules.system.boot = { grub.enable = mkEnableOption "Grub, a bloated boot loader"; systemd-boot.enable = mkEnableOption "Poetteringboot"; timeout = mkOption { description = '' Set the boot loader's timeout. This is 0 by default, but preferably longer on remote servers to make switching to previous generations easier. ''; type = int; # I love spamming space default = 0; }; }; config = { assertions = [ { assertion = cfg.systemd-boot.enable || cfg.grub.enable; message = "No bootloader is enabled."; } { assertion = cfg.systemd-boot.enable -> !cfg.grub.enable && cfg.grub.enable -> !cfg.systemd-boot.enable; message = "Please enable only ONE of systemd-boot or grub."; } ]; boot = { tmp.useTmpfs = true; initrd = { verbose = false; systemd.enable = true; }; loader = { efi.canTouchEfiVariables = true; timeout = cfg.timeout; systemd-boot = { enable = cfg.systemd-boot.enable; # INFO: Leaving this enabled is a security vulneratibility, # since we can just start /bin/sh from there and get root access. # Since I have FDE, this isn't _as_ critical, but it would still be # a bad idea to leave it enabled editor = mkForce false; consoleMode = "auto"; configurationLimit = 5; }; grub = { enable = cfg.grub.enable; efiSupport = true; device = "nodev"; configurationLimit = 5; }; }; plymouth = { enable = true; themePackages = [ (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "hud_3" ]; }) ]; theme = "hud_3"; }; }; powerManagement = { powerDownCommands = '' ${pkgs.plymouth} --show-splash ''; resumeCommands = '' ${pkgs.plymouth} --quit ''; }; }; }