1 files changed, 51 insertions, 30 deletions

diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix
index 673faf70..2667b385 100644
--- a/modules/by-name/bo/boot/module.nix
+++ b/modules/by-name/bo/boot/module.nix
@@ -22,41 +22,62 @@
   tails = let
     tailsPrefix = "/EFI/tails";
   in {
-    root = "${tailsPrefix}/filesystem.squashfs";
+    root = "${tailsPrefix}/tails.iso";
     initrd = "${tailsPrefix}/initrd.img";
     vmlinuz = "${tailsPrefix}/vmlinuz-linux";
   };
 
   iso = pkgs.tails-iso;
 
-  iso_options = [
-    "initrd=${tails.initrd}"
-    "boot=live"
-    "config"
-    "live-media=removable"
-    "nopersistence"
-    "noprompt"
-    "timezone=Etc/UTC"
-    "splash"
-    "noautologin"
-    "module=Tails"
-    "slab_nomerge"
-    "slub_debug=FZ"
-    "mce=0"
-    "vsyscall=none"
-    "init_on_free=1"
-    "mds=full,nosmt"
-    "page_alloc.shuffle=1"
-    "randomize_kstack_offset=on"
-    "efi_pstore.pstore_disable=1"
-    "erst_disable"
-    "spec_store_bypass_disable=on"
-    "systemd.condition_needs_update=no"
-    "quiet"
+  # From:
+  # - The extracted ISO's boot dir
+  # - Reverse engineered from:
+  #     - `<tails iso squashfs>/usr/share/initramfs-tools/init`
+  #     - `<tails iso squashfs>/usr/lib/live/boot/`
+  iso_options =
+    ## General options?
+    [
+      "initrd=${tails.initrd}"
+      "noprompt"
+      "timezone=Etc/UTC"
+      "config"
+      "noautologin"
+      "slab_nomerge"
+      "slub_debug=FZ"
+      "mce=0"
+      "vsyscall=none"
+      "init_on_free=1"
+      "mds=full,nosmt"
+      "page_alloc.shuffle=1"
+      "randomize_kstack_offset=on"
+      "efi_pstore.pstore_disable=1"
+      "erst_disable"
+      "spec_store_bypass_disable=on"
+      "systemd.condition_needs_update=no"
+    ]
+    ## Options for the first `init` script
+    ++ [
+      # Use the `*-live` scripts
+      "boot=live"
 
-    "rootflags=loop"
-    "root=${tails.root}"
-  ];
+      # "splash"
+      "plymouth.enable=0"
+
+      # "quiet"
+      "debug"
+    ]
+    ## Options for the `*-live` `init` scripts
+    ++ [
+      "module=Tails"
+
+      # TODO: RO-makes the fromiso not work <2026-06-08>
+      # "live-boot.read-only=/dev/nvme0*"
+
+      # Don't store things persistently
+      "nopersistence"
+
+      "fromiso=/dev/nvme0n1p1/${tails.root}"
+    ];
 in {
   options.soispha.boot = {
     enable = lib.mkEnableOption "Bootloader configuration";
@@ -178,8 +199,8 @@ in {
           };
 
           extraFiles = {
-            "${tails.root}" = "${iso}/live/filesystem.squashfs";
-            "${tails.vmlinuz}" = "${iso}/live/vmlinuz";
+            "${tails.root}" = "${iso}/tails.iso";
+            "${tails.vmlinuz}" = "${iso}/live/vmlinuz-linux";
             "${tails.initrd}" = "${iso}/live/initrd.img";
           };
         };