diff options
Diffstat (limited to 'sys/boot/default.nix')
| -rw-r--r-- | sys/boot/default.nix | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/sys/boot/default.nix b/sys/boot/default.nix index 9606c7b3..625394e8 100644 --- a/sys/boot/default.nix +++ b/sys/boot/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - lib, - ... -}: { +{pkgs, ...}: { boot = { initrd = { #compressor = "lz4"; @@ -15,14 +11,39 @@ lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; + + settings = { + }; }; loader = { - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - systemd-boot.enable = lib.mkForce false; + systemd-boot = { + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + enable = false; + + # Disable editing the kernel command line (which could allow someone to become root) + editor = false; + + extraEntries = { + "live.conf" = '' + title Archlinux Live ISO + linux /live/vmlinuz-linux + initrd /live/initramfs-linux.img + options img_loop=/archlinux.iso copytoram + ''; + }; + + extraFiles = let + iso = import ./archlive_iso.nix {inherit pkgs;}; + in { + "archlinux.iso" = "${iso}/archlinux.iso"; + "live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img"; + "live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux"; + }; + }; grub = { enable = false; |