From c52c7f314ccadcc2fcd91e28c8fd1b88f6d5ce0c Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Fri, 18 Oct 2024 17:07:46 +0200 Subject: refactor(modules): Move all system modules to `by-name` From now on all modules should be added to the new `by-name` directory. This should help remove the (superficial and utterly useless) distinction between `home-manager` and `NixOS` modules. --- modules/system/boot/boot_pictures/gnu.png | Bin 327518 -> 0 bytes modules/system/boot/boot_pictures/gnulin_emb_1.png | Bin 207444 -> 0 bytes modules/system/boot/boot_pictures/gnulin_emb_2.png | Bin 208347 -> 0 bytes modules/system/boot/default.nix | 130 --------------------- modules/system/boot/iso_entry/archlive_iso.nix | 77 ------------ modules/system/boot/iso_entry/signing_key.nix | 18 --- 6 files changed, 225 deletions(-) delete mode 100755 modules/system/boot/boot_pictures/gnu.png delete mode 100755 modules/system/boot/boot_pictures/gnulin_emb_1.png delete mode 100755 modules/system/boot/boot_pictures/gnulin_emb_2.png delete mode 100644 modules/system/boot/default.nix delete mode 100644 modules/system/boot/iso_entry/archlive_iso.nix delete mode 100644 modules/system/boot/iso_entry/signing_key.nix (limited to 'modules/system/boot') diff --git a/modules/system/boot/boot_pictures/gnu.png b/modules/system/boot/boot_pictures/gnu.png deleted file mode 100755 index d07dee3e..00000000 Binary files a/modules/system/boot/boot_pictures/gnu.png and /dev/null differ diff --git a/modules/system/boot/boot_pictures/gnulin_emb_1.png b/modules/system/boot/boot_pictures/gnulin_emb_1.png deleted file mode 100755 index 483f2681..00000000 Binary files a/modules/system/boot/boot_pictures/gnulin_emb_1.png and /dev/null differ diff --git a/modules/system/boot/boot_pictures/gnulin_emb_2.png b/modules/system/boot/boot_pictures/gnulin_emb_2.png deleted file mode 100755 index 48cd6ad7..00000000 Binary files a/modules/system/boot/boot_pictures/gnulin_emb_2.png and /dev/null differ diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix deleted file mode 100644 index 711e9d23..00000000 --- a/modules/system/boot/default.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.soispha.boot; -in { - options.soispha.boot = { - enable = lib.mkEnableOption "Bootloader configuration"; - # TODO: Add this option <2024-05-16> - # enableIsoEntry = lib.mkEnableOption "an tails iso boot entry"; - }; - - config = lib.mkIf cfg.enable ( - # let - # cfg = config.boot.loader.systemd-boot; - # inherit (config.boot.loader) efi; - # - # esa = n: lib.strings.escapeShellArg n; - # - # bootMountPoint = - # if cfg.xbootldrMountPoint != null - # then cfg.xbootldrMountPoint - # else efi.efiSysMountPoint; - # - # nixosDir = "/EFI/nixos"; - # - # # FIXME: This system has two big problems: - # # 1. It does not updated files, which still have the same name - # # 2. It forgets about files, which were 'deleted' in this configuration (these just - # # stay on disk forever) <2024-05-11> - # copyExtraFiles = '' - # echo "[systemd-boot] copying files to ${bootMountPoint}" - # empty_file=$(mktemp) - # - # ${lib.concatStrings (lib.mapAttrsToList (n: v: - # /* - # bash - # */ - # '' - # if ! [ -e ${esa "${bootMountPoint}/${n}"} ]; then - # install -Dp "${v}" ${esa "${bootMountPoint}/${n}"} - # install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/${n}"} - # fi - # '') - # cfg.extraFiles)} - # - # ${lib.concatStrings (lib.mapAttrsToList (n: v: - # /* - # bash - # */ - # '' - # # if ! [ -e ${esa "${bootMountPoint}/loader/entries/${n}"} ]; then - # install -Dp "${pkgs.writeText n v}" ${esa "${bootMountPoint}/loader/entries/${n}"} - # install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/${n}"} - # # fi - # '') - # cfg.extraEntries)} - # ''; - # in - { - # FIXME: Reactviate this whole iso thing when a disko redeploy is done. - # (and switch to tails instead of arch) <2024-05-12> - # - # system.activationScripts = { - # copyExtraFilesForBoot = copyExtraFiles; - # }; - - boot = { - initrd = { - kernelModules = ["nvme" "btrfs"]; - }; - - kernelPackages = pkgs.linuxPackages_latest; - - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - - settings = { - # Disable editing the kernel command line (which could allow someone to become root) - editor = false; - default = "@saved"; - }; - }; - - loader = { - systemd-boot = { - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - enable = false; - - # extraEntries = { - # "live.conf" = '' - # title Archlinux Live ISO - # linux /live/vmlinuz-linux - # initrd /live/initramfs-linux.img - # options img_dev=${config.soispha.disks.disk} img_loop=/archlinux.iso copytoram - # ''; - # }; - # - # extraFiles = let - # iso = import ./archlive_iso.nix {inherit pkgs;}; - # in { - # "archlinux.iso" = "${iso}/archlinux.iso"; - # "live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img"; - # "live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux"; - # }; - }; - - grub = { - enable = false; - # theme = pkgs.nixos-grub2-theme; - splashImage = ./boot_pictures/gnu.png; - efiSupport = true; - device = "nodev"; # only for efi - }; - - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - }; - } - ); -} diff --git a/modules/system/boot/iso_entry/archlive_iso.nix b/modules/system/boot/iso_entry/archlive_iso.nix deleted file mode 100644 index d19a4a87..00000000 --- a/modules/system/boot/iso_entry/archlive_iso.nix +++ /dev/null @@ -1,77 +0,0 @@ -{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let - signing_key = import ./signing_key.nix {inherit pkgs;}; - - checked_iso = pkgs.stdenv.mkDerivation { - pname = "archlinux-iso"; - version = "2024.05.01"; - - srcs = [ - (pkgs.fetchurl { - url = "https://archlinux.org/iso/2024.05.01/archlinux-2024.05.01-x86_64.iso.sig"; - hash = "sha256-QOGYng6a7zA5EJKGotDccJ7fD2MmPPXQEdVr1kjJvi4="; - }) - (pkgs.fetchurl { - url = "https://mirror.informatik.tu-freiberg.de/arch/iso/latest/archlinux-2024.05.01-x86_64.iso"; - hash = "sha256-G0oE74pzUIUqEwcO5JhEKwh6YHoYhAtN19mYZ+tfakw="; - }) - (pkgs.fetchurl { - url = "https://archlinux.org/iso/2024.05.01/b2sums.txt"; - hash = "sha256-HSMS13hHXFKKQsCA8spa7XtirHCBTmePwhOsStVPbHw="; - }) - ]; - - dontUnpack = true; - - nativeBuildInputs = with pkgs; [ - sequoia-sq - ]; - - buildPhase = - /* - bash - */ - '' - cp -r "${signing_key}" ./release-key.pgp - for src in $srcs; do - cp -r "$src" "$(stripHash "$src")" - done - - sed '2d;3d;4d' b2sums.txt > b2sums_clean.txt - - # As per the directions from: https://archlinux.org/download/ - - # blake hash check - b2sum -c ./b2sums_clean.txt - - # pgp signature check - sq verify --signer-file release-key.pgp --detached archlinux-2024.05.01-x86_64.iso.sig archlinux-2024.05.01-x86_64.iso - ''; - - installPhase = '' - cp archlinux-2024.05.01-x86_64.iso "$out"; - ''; - }; -in - pkgs.stdenv.mkDerivation { - name = "live_iso_boot_entry"; - - src = checked_iso; - - dontUnpack = true; - - nativeBuildInputs = with pkgs; [ - libarchive # for bsdtar - ]; - - buildPhase = '' - mkdir iso - bsdtar -xf "$src" -C iso - ''; - - installPhase = '' - install -D ./iso/arch/boot/x86_64/initramfs-linux.img "$out/live/initramfs-linux.img" - install -D ./iso/arch/boot/x86_64/vmlinuz-linux "$out/live/vmlinuz-linux" - - install -D "$src" "$out/archlinux.iso" - ''; - } diff --git a/modules/system/boot/iso_entry/signing_key.nix b/modules/system/boot/iso_entry/signing_key.nix deleted file mode 100644 index 788447be..00000000 --- a/modules/system/boot/iso_entry/signing_key.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: -pkgs.stdenv.mkDerivation { - name = "archlinux_signing_keys"; - - outputHash = "sha256-evGWzkxMaZw3rlixKsyWCS/ZvNuZ+OfXQb6sgiHz9XY="; - outputHashAlgo = "sha256"; - NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - - nativeBuildInputs = with pkgs; [ - sequoia-sq - ]; - - dontUnpack = true; - - buildPhase = '' - sq --verbose --no-cert-store --no-key-store network wkd fetch pierre@archlinux.org --output "$out" - ''; -} -- cgit 1.4.1