blob: e5d05f31e98d38b277ce15a184a6d4c383df0ee6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
{
pkgs,
lib,
config,
...
}: let
cfg = config.boot.loader.systemd-boot;
inherit (config.boot.loader) efi;
esa = n: lib.strings.escapeShellArg n;
bootMountPoint =
if cfg.xbootldrMountPoint != null
then cfg.xbootldrMountPoint
else efi.efiSysMountPoint;
nixosDir = "/EFI/nixos";
# FIXME: This system has two big problems:
# 1. It does not updated files, which still have the same name
# 2. It forgets about files, which were 'deleted' in this configuration (these just
# stay on disk forever) <2024-05-11>
copyExtraFiles = ''
echo "[systemd-boot] copying files to ${bootMountPoint}"
empty_file=$(mktemp)
${lib.concatStrings (lib.mapAttrsToList (n: v:
/*
bash
*/
''
if ! [ -e ${esa "${bootMountPoint}/${n}"} ]; then
install -Dp "${v}" ${esa "${bootMountPoint}/${n}"}
install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/${n}"}
fi
'')
cfg.extraFiles)}
${lib.concatStrings (lib.mapAttrsToList (n: v:
/*
bash
*/
''
# if ! [ -e ${esa "${bootMountPoint}/loader/entries/${n}"} ]; then
install -Dp "${pkgs.writeText n v}" ${esa "${bootMountPoint}/loader/entries/${n}"}
install -D "$empty_file" ${esa "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/${n}"}
# fi
'')
cfg.extraEntries)}
'';
in {
# FIXME: Reactviate this whole iso thing when a disko redeploy is done.
# (and switch to tails instead of arch)<2024-05-12>
# system.activationScripts = {
# copyExtraFilesForBoot = copyExtraFiles;
# };
boot = {
initrd = {
#compressor = "lz4";
#compressorArgs = ["-9"];
kernelModules = ["nvme" "btrfs"];
};
kernelPackages = pkgs.linuxPackages_latest;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
# Disable editing the kernel command line (which could allow someone to become root)
editor = false;
};
};
loader = {
systemd-boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
enable = false;
extraEntries = {
"live.conf" = ''
title Archlinux Live ISO
linux /live/vmlinuz-linux
initrd /live/initramfs-linux.img
options img_dev=${config.soispha.disks.disk} img_loop=/archlinux.iso copytoram
'';
};
extraFiles = let
iso = import ./archlive_iso.nix {inherit pkgs;};
in {
"archlinux.iso" = "${iso}/archlinux.iso";
"live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img";
"live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux";
};
};
grub = {
enable = false;
# theme = pkgs.nixos-grub2-theme;
splashImage = ./boot_pictures/gnu.png;
efiSupport = true;
device = "nodev"; # only for efi
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
}
|