nixdots/system/shared/boot/loaders/systemd-boot.nix

23 lines
731 B
Nix
Raw Normal View History

2024-07-26 23:07:07 +00:00
{
config,
lib,
...
}: let
2024-04-12 18:57:52 +00:00
cfg = config.myOptions.system.boot;
in {
boot.loader.systemd-boot = {
enable = true;
memtest86.enable = true;
# Enabling the editor will allow anyone to change the kernel params.
# This can be useful for debugging, however it is a potential security hole
# as this allows setting init=/bin/bash, which will boot directly into bash
# as root, bypassing any need for authentication.
#
# If you're using an encrypted setup, and you can't get into the system without
# entering a decryption password (or have TPM release it conditionally, only if
# the kernel parameters remain the same), this can safely be enabled.
editor = lib.mkDefault false;
};
}