diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2026-05-31 14:07:48 +0200 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2026-05-31 14:07:48 +0200 |
| commit | 074d5edcbc991e653f79738d675c8358a684bb23 (patch) | |
| tree | c305d8e863becceb2150916bf28743aa85d98e49 /modules/by-name/bo/boot/tails_iso.nix | |
| parent | modules/legacy/gtk: Re-enable the nordic theme (diff) | |
| download | nixos-config-074d5edcbc991e653f79738d675c8358a684bb23.zip | |
modules/{disks,boot}: Prepare re-deploy of apzu
This includes a separate partition of /nix, and a tails ISO as boot
target.
Diffstat (limited to 'modules/by-name/bo/boot/tails_iso.nix')
| -rw-r--r-- | modules/by-name/bo/boot/tails_iso.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/modules/by-name/bo/boot/tails_iso.nix b/modules/by-name/bo/boot/tails_iso.nix new file mode 100644 index 00000000..ec2b740b --- /dev/null +++ b/modules/by-name/bo/boot/tails_iso.nix @@ -0,0 +1,78 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let + checked_iso = pkgs.stdenv.mkDerivation (finalAttrs: { + pname = "tails-iso"; + version = "amd64-7.8"; + + srcs = [ + (pkgs.fetchurl { + url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig"; + hash = "sha256-58vDQdXQYYqeVUHzupmDPtVVpSrxtT25+gwHe2OfvkA="; + }) + (pkgs.fetchurl { + url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso"; + hash = "sha256-ewLHQ+3iI3aHgvKdBgysQ9QAudQ7AM83WP+VdYFmxt0="; + }) + (pkgs.fetchurl { + url = "https://tails.net/tails-signing.key"; + hash = "sha256-OwdqyM7o7K6F5Km0U1RU3hzsnaT+Yw0sjQk/thMeq1k="; + }) + ]; + + dontUnpack = true; + + nativeBuildInputs = [ + pkgs.sequoia-sq + ]; + + buildPhase = + /* + bash + */ + '' + for src in $srcs; do + cp --recursive "$src" "$(stripHash "$src")" + done + + sq verify \ + --signer-file=tails-signing.key \ + --signature-file=tails-${finalAttrs.version}.iso.sig \ + tails-${finalAttrs.version}.iso + ''; + + installPhase = '' + cp tails-${finalAttrs.version}.iso "$out"; + ''; + }); +in + pkgs.stdenv.mkDerivation { + name = "live_iso_boot_entry"; + + src = checked_iso; + + dontUnpack = true; + + nativeBuildInputs = with pkgs; [ + libarchive # for bsdtar + ]; + + buildPhase = '' + mkdir iso + bsdtar -xf "$src" -C iso + ''; + + installPhase = '' + install -D ./iso/live/initrd.img "$out/live/initramfs-linux.img" + install -D ./iso/live/vmlinuz "$out/live/vmlinuz-linux" + + install -D "$src" "$out/tails.iso" + ''; + } |