modules/boot/iso_entry: Correct the boot options

I've taken these directly from the grub.cfg and the /usr/init-tools/init
files.

2 files changed, 47 insertions, 15 deletions

diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix
index 6a0c0cf7..ebf58a97 100644
--- a/modules/by-name/bo/boot/module.nix
+++ b/modules/by-name/bo/boot/module.nix
@@ -20,6 +20,36 @@
   cfg = config.soispha.boot;
 
   tailsPrefix = "EFI/tails";
+  iso = import ./tails_iso.nix {inherit pkgs;};
+
+  iso_options = [
+    "initrd=/${tailsPrefix}/initrd.img"
+    "boot=live"
+    "config"
+    "live-media=removable"
+    "nopersistence"
+    "noprompt"
+    "timezone=Etc/UTC"
+    "splash"
+    "noautologin"
+    "module=Tails"
+    "slab_nomerge"
+    "slub_debug=FZ"
+    "mce=0"
+    "vsyscall=none"
+    "init_on_free=1"
+    "mds=full,nosmt"
+    "page_alloc.shuffle=1"
+    "randomize_kstack_offset=on"
+    "efi_pstore.pstore_disable=1"
+    "erst_disable"
+    "spec_store_bypass_disable=on"
+    "systemd.condition_needs_update=no"
+    "quiet"
+
+    "rootflags=loop"
+    "root=/${tailsPrefix}/filesystem.squashfs"
+  ];
 in {
   options.soispha.boot = {
     enable = lib.mkEnableOption "Bootloader configuration";
@@ -133,19 +163,17 @@ in {
 
           extraEntries = {
             "live.conf" = ''
-              title Tails Live ISO
-              linux /${tailsPrefix}/vmlinuz-linux
-              initrd /${tailsPrefix}/initramfs-linux.img
-              options root=/${tailsPrefix}/tails.iso
+              title Tails ${iso.passthru.version} Live ISO
+              linux /${tailsPrefix}/vmlinuz
+              initrd /${tailsPrefix}/initrd.img
+              options ${builtins.concatStringsSep " " iso_options}
             '';
           };
 
-          extraFiles = let
-            iso = import ./tails_iso.nix {inherit pkgs;};
-          in {
-            "/${tailsPrefix}/tails.iso" = "${iso}/tails.iso";
-            "/${tailsPrefix}/vmlinuz-linux" = "${iso}/live/vmlinuz-linux";
-            "/${tailsPrefix}/initramfs-linux.img" = "${iso}/live/initramfs-linux.img";
+          extraFiles = {
+            "/${tailsPrefix}/filesystem.squashfs" = "${iso}/live/filesystem.squashfs";
+            "/${tailsPrefix}/vmlinuz" = "${iso}/live/vmlinuz";
+            "/${tailsPrefix}/initrd.img" = "${iso}/live/initrd.img";
           };
         };
 
diff --git a/modules/by-name/bo/boot/tails_iso.nix b/modules/by-name/bo/boot/tails_iso.nix
index ec2b740b..03f97577 100644
--- a/modules/by-name/bo/boot/tails_iso.nix
+++ b/modules/by-name/bo/boot/tails_iso.nix
@@ -8,9 +8,10 @@
 # You should have received a copy of the License along with this program.
 # If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
 {pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let
+  version = "7.8";
   checked_iso = pkgs.stdenv.mkDerivation (finalAttrs: {
     pname = "tails-iso";
-    version = "amd64-7.8";
+    version = "amd64-${version}";
 
     srcs = [
       (pkgs.fetchurl {
@@ -69,10 +70,13 @@ in
       bsdtar -xf "$src" -C iso
     '';
 
-    installPhase = ''
-      install -D ./iso/live/initrd.img "$out/live/initramfs-linux.img"
-      install -D ./iso/live/vmlinuz "$out/live/vmlinuz-linux"
+    passthru = {
+      inherit version;
+    };
 
-      install -D "$src" "$out/tails.iso"
+    installPhase = ''
+      install -D ./iso/live/initrd.img "$out/live/initrd.img"
+      install -D ./iso/live/vmlinuz "$out/live/vmlinuz"
+      install -D ./iso/live/filesystem.squashfs "$out/live/filesystem.squashfs"
     '';
   }