diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/by-name/bo/boot/module.nix | 88 |
1 files changed, 76 insertions, 12 deletions
diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix index 6a0c0cf7..4dc9130a 100644 --- a/modules/by-name/bo/boot/module.nix +++ b/modules/by-name/bo/boot/module.nix @@ -19,7 +19,73 @@ }: let cfg = config.soispha.boot; - tailsPrefix = "EFI/tails"; + tails = let + tailsPrefix = "/EFI/tails"; + in { + root = "${tailsPrefix}/tails.iso"; + initrd = "${tailsPrefix}/initrd.img"; + vmlinuz = "${tailsPrefix}/vmlinuz-linux"; + }; + + iso = pkgs.tails-iso; + + # From: + # - The extracted ISO's boot dir + # - Reverse engineered from: + # - `<tails iso squashfs>/usr/share/initramfs-tools/init` + # - `<tails iso squashfs>/usr/lib/live/boot/` + iso_options = + ## General options? + [ + "initrd=${tails.initrd}" + # "noprompt" + # "timezone=Etc/UTC" + # "config" + # "noautologin" + # "slab_nomerge" + # "slub_debug=FZ" + # "mce=0" + # "vsyscall=none" + # "init_on_free=1" + # "mds=full,nosmt" + # "page_alloc.shuffle=1" + # "randomize_kstack_offset=on" + # "efi_pstore.pstore_disable=1" + # "erst_disable" + # "spec_store_bypass_disable=on" + # "systemd.condition_needs_update=no" + ] + ## Systemd log options + ++ [ + "systemd.log_level=debug" + "systemd.log_target=console" + "console=tty1" + "systemd.journald.forward_to_console=1" + "systemd.unit=rescue.target" + ] + ## Options for the first `init` script + ++ [ + # Use the `*-live` scripts + "boot=live" + + # "splash" + "plymouth.enable=0" + + # "quiet" + "debug" + ] + ## Options for the `*-live` `init` scripts + ++ [ + "module=Tails" + + # TODO: RO-makes the fromiso not work <2026-06-08> + # "live-boot.read-only=/dev/nvme0*" + + # Don't store things persistently + "nopersistence" + + "fromiso=/dev/nvme0n1p1/${tails.root}" + ]; in { options.soispha.boot = { enable = lib.mkEnableOption "Bootloader configuration"; @@ -113,7 +179,7 @@ in { systemdCfg.extraFiles )} - ${lib.getExe pkgs.sbctl} sign "${bootMountPoint}/${tailsPrefix}/vmlinuz-linux" + ${lib.getExe pkgs.sbctl} sign "${bootMountPoint}/${tails.vmlinuz}" ${concatStrings ( mapAttrsToList (n: v: '' @@ -133,19 +199,17 @@ in { extraEntries = { "live.conf" = '' - title Tails Live ISO - linux /${tailsPrefix}/vmlinuz-linux - initrd /${tailsPrefix}/initramfs-linux.img - options root=/${tailsPrefix}/tails.iso + title Tails ${iso.passthru.version} Live ISO + linux ${tails.vmlinuz} + initrd ${tails.initrd} + options ${builtins.concatStringsSep " " iso_options} ''; }; - extraFiles = let - iso = import ./tails_iso.nix {inherit pkgs;}; - in { - "/${tailsPrefix}/tails.iso" = "${iso}/tails.iso"; - "/${tailsPrefix}/vmlinuz-linux" = "${iso}/live/vmlinuz-linux"; - "/${tailsPrefix}/initramfs-linux.img" = "${iso}/live/initramfs-linux.img"; + extraFiles = { + "${tails.root}" = "${iso}/tails.iso"; + "${tails.vmlinuz}" = "${iso}/live/vmlinuz-linux"; + "${tails.initrd}" = "${iso}/live/initrd.img"; }; }; |