diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-09-29 23:22:43 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-10-01 11:50:33 +0000 |
commit | ee0e200a153cf8cccf3027e417012d0e03f4d81a (patch) | |
tree | e6805d024aee5dea7084859724fe6ab51b9e1d5e /modules/nixos-apple-silicon/iso-configuration | |
parent | 2cc67706f134018c6876d57d619e3cda02286c0e (diff) | |
parent | 096dc63e5426e17f70b4a8bf7716c3dd3430ba8c (diff) | |
download | nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar.gz nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar.bz2 nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar.lz nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar.xz nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.tar.zst nixlib-ee0e200a153cf8cccf3027e417012d0e03f4d81a.zip |
Add 'modules/nixos-apple-silicon/' from commit '096dc63e5426e17f70b4a8bf7716c3dd3430ba8c'
git-subtree-dir: modules/nixos-apple-silicon git-subtree-mainline: 2cc67706f134018c6876d57d619e3cda02286c0e git-subtree-split: 096dc63e5426e17f70b4a8bf7716c3dd3430ba8c
Diffstat (limited to 'modules/nixos-apple-silicon/iso-configuration')
-rw-r--r-- | modules/nixos-apple-silicon/iso-configuration/default.nix | 25 | ||||
-rw-r--r-- | modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix | 131 |
2 files changed, 156 insertions, 0 deletions
diff --git a/modules/nixos-apple-silicon/iso-configuration/default.nix b/modules/nixos-apple-silicon/iso-configuration/default.nix new file mode 100644 index 000000000000..b5700cbf3c66 --- /dev/null +++ b/modules/nixos-apple-silicon/iso-configuration/default.nix @@ -0,0 +1,25 @@ +# configuration that is specific to the ISO +{ config, pkgs, lib, ... }: +{ + imports = [ + ./installer-configuration.nix + ../apple-silicon-support + ]; + + # include those modules so the user can rebuild the install iso. that's not + # especially useful at this point, but the user will need the apple-silicon-support + # directory for their own config. + installer.cloneConfigIncludes = [ + "./installer-configuration.nix" + "./apple-silicon-support" + ]; + + # copy the apple-silicon-support and installer configs into the iso + boot.postBootCommands = lib.optionalString config.installer.cloneConfig '' + if ! [ -e /etc/nixos/apple-silicon-support ]; then + mkdir -p /etc/nixos + cp ${./installer-configuration.nix} /etc/nixos/installer-configuration.nix + cp -r ${../apple-silicon-support} /etc/nixos/apple-silicon-support + fi + ''; +} diff --git a/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix b/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix new file mode 100644 index 000000000000..048d8beaecfd --- /dev/null +++ b/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix @@ -0,0 +1,131 @@ +# this configuration is intended to have just enough stuff to get the disk, +# display, USB input, and network up so the user can build a real config. +# in the future we will just use the standard NixOS iso + +# based vaguely on +# https://github.com/samueldr/cross-system/blob/master/configuration.nix + +{ config, pkgs, lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/minimal.nix") + (modulesPath + "/profiles/installation-device.nix") + (modulesPath + "/installer/cd-dvd/iso-image.nix") + ]; + + # Adds terminus_font for people with HiDPI displays + console.packages = [ pkgs.terminus_font ]; + + # ISO naming. + isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso"; + + # EFI booting + isoImage.makeEfiBootable = true; + + # An installation media cannot tolerate a host config defined file + # system layout on a fresh machine, before it has been formatted. + swapDevices = lib.mkOverride 60 [ ]; + fileSystems = lib.mkOverride 60 config.lib.isoFileSystems; + + boot.postBootCommands = let + inherit (config.hardware.asahi.pkgs) asahi-fwextract; + in '' + for o in $(</proc/cmdline); do + case "$o" in + live.nixos.passwd=*) + set -- $(IFS==; echo $o) + echo "nixos:$2" | ${pkgs.shadow}/bin/chpasswd + ;; + esac + done + + echo Extracting Asahi firmware... + mkdir -p /tmp/.fwsetup/{esp,extracted} + + mount /dev/disk/by-partuuid/`cat /proc/device-tree/chosen/asahi,efi-system-partition` /tmp/.fwsetup/esp + ${asahi-fwextract}/bin/asahi-fwextract /tmp/.fwsetup/esp/asahi /tmp/.fwsetup/extracted + umount /tmp/.fwsetup/esp + + pushd /tmp/.fwsetup/ + cat /tmp/.fwsetup/extracted/firmware.cpio | ${pkgs.cpio}/bin/cpio -id --quiet --no-absolute-filenames + mkdir -p /lib/firmware + mv vendorfw/* /lib/firmware + popd + rm -rf /tmp/.fwsetup + ''; + + # can't legally be incorporated into the installer image + # (and is automatically extracted at boot above) + hardware.asahi.extractPeripheralFirmware = false; + + isoImage.squashfsCompression = "zstd -Xcompression-level 6"; + + environment.systemPackages = with pkgs; [ + gptfdisk + parted + cryptsetup + curl + wget + wormhole-william + ]; + + # save space and compilation time. might revise? + hardware.enableAllFirmware = lib.mkForce false; + hardware.enableRedistributableFirmware = lib.mkForce false; + sound.enable = false; + # avoid including non-reproducible dbus docs + documentation.doc.enable = false; + documentation.info.enable = lib.mkForce false; + documentation.nixos.enable = lib.mkOverride 49 false; + system.extraDependencies = lib.mkForce [ ]; + + # Disable wpa_supplicant because it can't use WPA3-SAE on broadcom chips that are used on macs and it is harder to use and less mainained than iwd in general + networking.wireless.enable = false; + # Enable iwd + networking.wireless.iwd = { + enable = true; + settings.General.EnableNetworkConfiguration = true; + }; + + + nixpkgs.overlays = [ + (final: prev: { + # disabling pcsclite avoids the need to cross-compile gobject + # introspection stuff which works now but is slow and unnecessary + iwd = prev.iwd.override { + withPcsclite = false; + }; + libfido2 = prev.libfido2.override { + withPcsclite = false; + }; + openssh = prev.openssh.overrideAttrs (old: { + # we have to cross compile openssh ourselves for whatever reason + # but the tests take quite a long time to run + doCheck = false; + }); + + # avoids having to compile a bunch of big things (like texlive) to + # compute translations + util-linux = prev.util-linux.override { + translateManpages = false; + }; + }) + ]; + + # avoids the need to cross-compile gobject introspection stuff which works + # now but is slow and unnecessary + security.polkit.enable = false; + + # bootspec generation is currently broken under cross-compilation + boot.bootspec.enable = false; + + # get rid of warning about non-ideal mdam config file + # (we want to keep it enabled in case someone needs to use it) + boot.swraid.mdadmConf = '' + PROGRAM ${pkgs.coreutils}/bin/true + ''; + + # get rid of warning that stateVersion is unset + system.stateVersion = lib.mkDefault lib.trivial.release; +} |