diff options
author | Joachim F <joachifm@users.noreply.github.com> | 2018-06-06 19:05:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-06 19:05:54 +0000 |
commit | c06d7950f1b97abf510bc70bd2a2b0445e8d36f2 (patch) | |
tree | dcf8240d7766258861a605d1deb17d486207b2d1 /nixos/modules/system/boot/loader/grub/grub.nix | |
parent | 4c25fbe338212f498a34d2a9b4c2072ac96c0e31 (diff) | |
parent | a75aee39236d5e343fcc8bfa3602a7e1b9ee30c9 (diff) | |
download | nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar.gz nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar.bz2 nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar.lz nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar.xz nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.tar.zst nixlib-c06d7950f1b97abf510bc70bd2a2b0445e8d36f2.zip |
Merge pull request #38263 from lopsided98/grub-initrd-secrets
grub: support initrd secrets
Diffstat (limited to 'nixos/modules/system/boot/loader/grub/grub.nix')
-rw-r--r-- | nixos/modules/system/boot/loader/grub/grub.nix | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 2e497ff9f2c4..350ad162da63 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -35,6 +35,7 @@ let let efiSysMountPoint = if args.efiSysMountPoint == null then args.path else args.efiSysMountPoint; efiSysMountPoint' = replaceChars [ "/" ] [ "-" ] efiSysMountPoint; + initrdSecrets = config.boot.initrd.secrets != {}; in pkgs.writeText "grub-config.xml" (builtins.toXML { splashImage = f cfg.splashImage; @@ -49,12 +50,12 @@ let storePath = config.boot.loader.grub.storePath; bootloaderId = if args.efiBootloaderId == null then "NixOS${efiSysMountPoint'}" else args.efiBootloaderId; timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout; - inherit efiSysMountPoint; + inherit efiSysMountPoint initrdSecrets; inherit (args) devices; inherit (efi) canTouchEfiVariables; inherit (cfg) version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber - extraEntriesBeforeNixOS extraPrepareConfig extraInitrd configurationLimit copyKernels + extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios; path = (makeBinPath ([ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.btrfs-progs @@ -284,19 +285,6 @@ in ''; }; - extraInitrd = mkOption { - type = types.nullOr types.path; - default = null; - example = "/boot/extra_initramfs.gz"; - description = '' - The path to a second initramfs to be supplied to the kernel. - This ramfs will not be copied to the store, so that it can - contain secrets such as LUKS keyfiles or ssh keys. - This implies that rolling back to a previous configuration - won't rollback the state of this file. - ''; - }; - useOSProber = mkOption { default = false; type = types.bool; @@ -541,6 +529,8 @@ in { path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; } ]; + boot.loader.supportsInitrdSecrets = true; + system.build.installBootLoader = let install-grub-pl = pkgs.substituteAll { |