Add 'modules/nixos-apple-silicon/' from commit '096dc63e5426e17f70b4a8bf7716c3dd3430ba8c'

git-subtree-dir: modules/nixos-apple-silicon
git-subtree-mainline: 2cc67706f134018c6876d57d619e3cda02286c0e
git-subtree-split: 096dc63e5426e17f70b4a8bf7716c3dd3430ba8c

2 files changed, 156 insertions, 0 deletions

diff --git a/modules/nixos-apple-silicon/iso-configuration/default.nix b/modules/nixos-apple-silicon/iso-configuration/default.nix
new file mode 100644
index 000000000000..b5700cbf3c66
--- /dev/null
+++ b/modules/nixos-apple-silicon/iso-configuration/default.nix
@@ -0,0 +1,25 @@
+# configuration that is specific to the ISO
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./installer-configuration.nix
+    ../apple-silicon-support
+  ];
+
+  # include those modules so the user can rebuild the install iso. that's not
+  # especially useful at this point, but the user will need the apple-silicon-support
+  # directory for their own config.
+  installer.cloneConfigIncludes = [
+    "./installer-configuration.nix"
+    "./apple-silicon-support"
+  ];
+
+  # copy the apple-silicon-support and installer configs into the iso
+  boot.postBootCommands = lib.optionalString config.installer.cloneConfig ''
+    if ! [ -e /etc/nixos/apple-silicon-support ]; then
+      mkdir -p /etc/nixos
+      cp ${./installer-configuration.nix} /etc/nixos/installer-configuration.nix
+      cp -r ${../apple-silicon-support} /etc/nixos/apple-silicon-support
+    fi
+  '';
+}
diff --git a/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix b/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix
new file mode 100644
index 000000000000..048d8beaecfd
--- /dev/null
+++ b/modules/nixos-apple-silicon/iso-configuration/installer-configuration.nix
@@ -0,0 +1,131 @@
+# this configuration is intended to have just enough stuff to get the disk,
+# display, USB input, and network up so the user can build a real config.
+# in the future we will just use the standard NixOS iso
+
+# based vaguely on
+# https://github.com/samueldr/cross-system/blob/master/configuration.nix
+
+{ config, pkgs, lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/minimal.nix")
+    (modulesPath + "/profiles/installation-device.nix")
+    (modulesPath + "/installer/cd-dvd/iso-image.nix")
+  ];
+
+  # Adds terminus_font for people with HiDPI displays
+  console.packages = [ pkgs.terminus_font ];
+
+  # ISO naming.
+  isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+
+  # EFI booting
+  isoImage.makeEfiBootable = true;
+
+  # An installation media cannot tolerate a host config defined file
+  # system layout on a fresh machine, before it has been formatted.
+  swapDevices = lib.mkOverride 60 [ ];
+  fileSystems = lib.mkOverride 60 config.lib.isoFileSystems;
+
+  boot.postBootCommands = let
+    inherit (config.hardware.asahi.pkgs) asahi-fwextract;
+  in ''
+    for o in $(</proc/cmdline); do
+      case "$o" in
+        live.nixos.passwd=*)
+          set -- $(IFS==; echo $o)
+          echo "nixos:$2" | ${pkgs.shadow}/bin/chpasswd
+          ;;
+      esac
+    done
+
+    echo Extracting Asahi firmware...
+    mkdir -p /tmp/.fwsetup/{esp,extracted}
+
+    mount /dev/disk/by-partuuid/`cat /proc/device-tree/chosen/asahi,efi-system-partition` /tmp/.fwsetup/esp
+    ${asahi-fwextract}/bin/asahi-fwextract /tmp/.fwsetup/esp/asahi /tmp/.fwsetup/extracted
+    umount /tmp/.fwsetup/esp
+
+    pushd /tmp/.fwsetup/
+    cat /tmp/.fwsetup/extracted/firmware.cpio | ${pkgs.cpio}/bin/cpio -id --quiet --no-absolute-filenames
+    mkdir -p /lib/firmware
+    mv vendorfw/* /lib/firmware
+    popd
+    rm -rf /tmp/.fwsetup
+  '';
+
+  # can't legally be incorporated into the installer image
+  # (and is automatically extracted at boot above)
+  hardware.asahi.extractPeripheralFirmware = false;
+
+  isoImage.squashfsCompression = "zstd -Xcompression-level 6";
+
+  environment.systemPackages = with pkgs; [
+    gptfdisk
+    parted
+    cryptsetup
+    curl
+    wget
+    wormhole-william
+  ];
+
+  # save space and compilation time. might revise?
+  hardware.enableAllFirmware = lib.mkForce false;
+  hardware.enableRedistributableFirmware = lib.mkForce false;
+  sound.enable = false;
+  # avoid including non-reproducible dbus docs
+  documentation.doc.enable = false;
+  documentation.info.enable = lib.mkForce false;
+  documentation.nixos.enable = lib.mkOverride 49 false;
+  system.extraDependencies = lib.mkForce [ ];
+
+  # Disable wpa_supplicant because it can't use WPA3-SAE on broadcom chips that are used on macs and it is harder to use and less mainained than iwd in general
+  networking.wireless.enable = false;
+  # Enable iwd
+  networking.wireless.iwd = {
+    enable = true;
+    settings.General.EnableNetworkConfiguration = true;
+  };
+  
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      # disabling pcsclite avoids the need to cross-compile gobject
+      # introspection stuff which works now but is slow and unnecessary
+      iwd = prev.iwd.override {
+        withPcsclite = false;
+      };
+      libfido2 = prev.libfido2.override {
+        withPcsclite = false;
+      };
+      openssh = prev.openssh.overrideAttrs (old: {
+        # we have to cross compile openssh ourselves for whatever reason
+        # but the tests take quite a long time to run
+        doCheck = false;
+      });
+
+      # avoids having to compile a bunch of big things (like texlive) to
+      # compute translations
+      util-linux = prev.util-linux.override {
+        translateManpages = false;
+      };
+    })
+  ];
+
+  # avoids the need to cross-compile gobject introspection stuff which works
+  # now but is slow and unnecessary
+  security.polkit.enable = false;
+
+  # bootspec generation is currently broken under cross-compilation
+  boot.bootspec.enable = false;
+
+  # get rid of warning about non-ideal mdam config file
+  # (we want to keep it enabled in case someone needs to use it)
+  boot.swraid.mdadmConf = ''
+    PROGRAM ${pkgs.coreutils}/bin/true
+  '';
+
+  # get rid of warning that stateVersion is unset
+  system.stateVersion = lib.mkDefault lib.trivial.release;
+}