First implementation for hermes

2025-12-13 20:14:02 +01:00 · 2025-12-13 20:14:02 +01:00 · 45992b10ae
commit 45992b10ae
parent 03f9a9de88
16 changed files with 535 additions and 409 deletions
--- a/machines/hermes/bootloader.nix
+++ b/machines/hermes/bootloader.nix
@ -0,0 +1,50 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  environment.systemPackages = with pkgs; [
+    sbctl
+  ];
+
+  boot.bootspec.enable = true;
+
+  boot.initrd = {
+    availableKernelModules = [
+      "xhci_pci"
+      "thunderbolt"
+      "nvme"
+      "ahci"
+      "usbhid"
+      "sd_mod"
+    ];
+    kernelModules = [ ];
+    systemd.enable = true;
+  };
+
+  boot.extraModulePackages = [ ];
+
+  boot.kernelModules = [ "kvm-intel" ];
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+
+  boot.loader.efi = {
+    canTouchEfiVariables = true;
+    efiSysMountPoint = "efi";
+  };
+
+  boot.loader.systemd-boot = {
+    enable = lib.mkForce false;
+    xbootldrMountPoint = "/boot";
+  };
+}