mkopt systemd vs grub

2025-09-06 09:47:27 -04:00 · 2025-09-06 09:47:27 -04:00 · f6dbe8ad1d
commit f6dbe8ad1d
parent 26f32d3225
4 changed files with 29 additions and 11 deletions
--- a/modules/nixos/services/rke2/default.nix
+++ b/modules/nixos/services/rke2/default.nix
@ -9,7 +9,7 @@ in
  options.${namespace}.services.rke2 = with types; {
    enable = lib.mkEnableOption "Enable RKE2";
    disable = mkOpt (listOf str) [ ] "Disable services";
-    openFirewall = mkBoolOpt true "Open firewall";
+    openFirewall = mkBoolOpt false "Open firewall";
  };

  config = mkIf cfg.enable {
@ -32,8 +32,6 @@ in
      7946 # memberlist
    ];

-    environment.systemPackages = with pkgs; [ nfs-utils ];
-
    networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [
      # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
      8472 # Canal CNI with VXLAN
@ -49,5 +47,7 @@ in
      after = [ "cloud-final.service" ];
      requires = [ "cloud-final.service" ];
    };
+
+    environment.systemPackages = with pkgs; [ nfs-utils k9s ];
  };
 }
--- a/modules/nixos/system/boot/default.nix
+++ b/modules/nixos/system/boot/default.nix
@ -1,18 +1,29 @@
 { config, lib, namespace, ... }:
 let
  inherit (lib) mkIf mkDefault;
+  inherit (lib.${namespace}) mkBoolOpt;

  cfg = config.${namespace}.system.boot;
 in
 {
  options.${namespace}.system.boot = {
    enable = lib.mkEnableOption "Enable Boot";
-    xenGuest = lib.mkEnableOption "Enable Xen Guest";
+    enableGrub = mkBoolOpt true "Enable GRUB";
+    enableSystemd = mkBoolOpt false "Enable systemd";
+
+    xenGuest = lib.mkEnableOption "Xen guest support";
    showNotch = lib.mkEnableOption "Show macOS Notch";
    silentBoot = lib.mkEnableOption "Silent Boot";
  };

  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !(cfg.enableGrub && cfg.enableSystemd);
+        message = "Cannot enable both GRUB and systemd-boot";
+      }
+    ];
+
    services.xe-guest-utilities.enable = mkIf cfg.xenGuest true;

    boot = {
@ -33,13 +44,13 @@ in
          canTouchEfiVariables = false;
        };

-        # systemd-boot = {
-        #   enable = true;
-        #   configurationLimit = 20;
-        #   editor = false;
-        # };
+        systemd-boot = mkIf cfg.enableSystemd {
+          enable = true;
+          configurationLimit = 20;
+          editor = false;
+        };

-        grub = {
+        grub = mkIf cfg.enableGrub {
          enable = true;
          efiSupport = true;
          efiInstallAsRemovable = true;
--- a/systems/x86_64-linux/lin-cloud-kube1/default.nix
+++ b/systems/x86_64-linux/lin-cloud-kube1/default.nix
@ -1,4 +1,4 @@
-{ namespace, config, lib, modulesPath, ... }:
+{ namespace, config, pkgs, lib, modulesPath, ... }:
 let
  inherit (lib.${namespace}) enabled;

@ -58,4 +58,10 @@ in
      ];
    };
  };
+
+  environment.systemPackages = with pkgs; [
+    btop
+    tmux
+    vim
+  ];
 }
--- a/systems/x86_64-vmware/lin-va-rke2/default.nix
+++ b/systems/x86_64-vmware/lin-va-rke2/default.nix
@ -33,6 +33,7 @@ in
        cloud-init = enabled;
        rke2 = {
          enable = true;
+          openFirewall = true;
          disable = [ "rke2-ingress-nginx" ];
        };
        openiscsi = {