dotfiles/system-modules/boot.nix

{ config, pkgs, host, inputs, ... }: 
  let 
    grub-theme-ascii-diana = (pkgs.fetchFromGitea {
       domain = "git.nx2.site";
       owner = "nx2";
       repo = "grub-theme-ascii-diana";
       rev = "0.5.0";
       hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g=";
     });
  in 
{
  imports = [
    inputs.lanzaboote.nixosModules.lanzaboote
  ];


  config = if host == "NxXPS" then {
    boot.loader.efi.canTouchEfiVariables = true;
    boot.loader.grub = {
      enable = true;
      configurationLimit = 30;
  #    device = "/dev/nvme0n1p1";
      device = "nodev";
      # useOSProber = true;
      efiSupport = true;
      # theme = pkgs.sleek-grub-theme;
      theme = grub-theme-ascii-diana;
      font = "${grub-theme-ascii-diana}/unicode.pf2";
      fontSize = 50;
      splashImage = null;
  
      extraEntries = ''
        menuentry 'Windows 11' --class windows --class os $menuentry_id_option 'osprober-efi-0A97-7A2D' {
          insmod part_gpt
          insmod fat
          search --no-floppy --fs-uuid --set=root 0A97-7A2D
          chainloader /EFI/Microsoft/Boot/bootmgfw.efi
        }
      '';
    };
  } else {
    # boot.loader = {
    #   systemd-boot = {
    #     enable = true;
    #     configurationLimit = 10;
    #   };
    #   timeout = 30;
    # };



    # I have to boot with secureboot becasue of the chineese spyware called Vanguard


    environment.systemPackages = with pkgs; [
      sbctl
    ];
    boot = {
      lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
      };

      # we let lanzaboote install systemd-boot
      loader.systemd-boot.enable = false;
    };
  };
}