blob: ab83bdf9e460116f2a6f38264d737c9c91275de4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# this configuration is intended to have just enough stuff to get the disk,
# display, USB input, and network up so the user can build a real config.
# in the future we will just use the standard NixOS iso
# based vaguely on
# https://github.com/samueldr/cross-system/blob/master/configuration.nix
{ config, pkgs, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/installation-device.nix")
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
# Adds terminus_font for people with HiDPI displays
console.packages = [ pkgs.terminus_font ];
# ISO naming.
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
# EFI booting
isoImage.makeEfiBootable = true;
# An installation media cannot tolerate a host config defined file
# system layout on a fresh machine, before it has been formatted.
swapDevices = lib.mkOverride 60 [ ];
fileSystems = lib.mkOverride 60 config.lib.isoFileSystems;
boot.postBootCommands = let
inherit (config.hardware.asahi.pkgs) asahi-fwextract;
in ''
for o in $(</proc/cmdline); do
case "$o" in
live.nixos.passwd=*)
set -- $(IFS==; echo $o)
echo "nixos:$2" | ${pkgs.shadow}/bin/chpasswd
;;
esac
done
echo Extracting Asahi firmware...
mkdir -p /tmp/.fwsetup/{esp,extracted}
mount /dev/disk/by-partuuid/`cat /proc/device-tree/chosen/asahi,efi-system-partition` /tmp/.fwsetup/esp
${asahi-fwextract}/bin/asahi-fwextract /tmp/.fwsetup/esp/asahi /tmp/.fwsetup/extracted
umount /tmp/.fwsetup/esp
pushd /tmp/.fwsetup/
cat /tmp/.fwsetup/extracted/firmware.cpio | ${pkgs.cpio}/bin/cpio -id --quiet --no-absolute-filenames
mkdir -p /lib/firmware
mv vendorfw/* /lib/firmware
popd
rm -rf /tmp/.fwsetup
'';
# can't legally be incorporated into the installer image
# (and is automatically extracted at boot above)
hardware.asahi.extractPeripheralFirmware = false;
isoImage.squashfsCompression = "zstd -Xcompression-level 6";
environment.systemPackages = with pkgs; [
gptfdisk
parted
cryptsetup
curl
wget
wormhole-william
];
# save space and compilation time. might revise?
hardware.enableAllFirmware = lib.mkForce false;
hardware.enableRedistributableFirmware = lib.mkForce false;
sound.enable = false;
# avoid including non-reproducible dbus docs
documentation.doc.enable = false;
documentation.info.enable = lib.mkForce false;
documentation.nixos.enable = lib.mkOverride 49 false;
system.extraDependencies = lib.mkForce [ ];
# Disable wpa_supplicant because it can't use WPA3-SAE on broadcom chips that are used on macs and it is harder to use and less mainained than iwd in general
networking.wireless.enable = false;
# Enable iwd
networking.wireless.iwd = {
enable = true;
settings.General.EnableNetworkConfiguration = true;
};
nixpkgs.overlays = [
(final: prev: {
# disabling pcsclite avoids the need to cross-compile gobject
# introspection stuff which works now but is slow and unnecessary
libfido2 = prev.libfido2.override {
withPcsclite = false;
};
openssh = prev.openssh.overrideAttrs (old: {
# we have to cross compile openssh ourselves for whatever reason
# but the tests take quite a long time to run
doCheck = false;
});
# avoids having to compile a bunch of big things (like texlive) to
# compute translations
util-linux = prev.util-linux.override {
translateManpages = false;
};
# fix for gnupg cross-compilation:
# https://github.com/NixOS/nixpkgs/pull/298001
gnupg = prev.gnupg.overrideAttrs (old: {
configureFlags = (old.configureFlags or []) ++ [
"GPGRT_CONFIG=${final.lib.getDev final.libgpg-error}/bin/gpgrt-config"
];
});
})
];
# avoids the need to cross-compile gobject introspection stuff which works
# now but is slow and unnecessary
security.polkit.enable = lib.mkForce false;
# bootspec generation is currently broken under cross-compilation
boot.bootspec.enable = false;
# get rid of warning about non-ideal mdam config file
# (we want to keep it enabled in case someone needs to use it)
boot.swraid.mdadmConf = ''
PROGRAM ${pkgs.coreutils}/bin/true
'';
# avoid error that flakes must be enabled when nixos-install uses <nixpkgs>
nixpkgs.flake.setNixPath = false;
nixpkgs.flake.setFlakeRegistry = false;
# get rid of warning that stateVersion is unset
system.stateVersion = lib.mkDefault lib.trivial.release;
}
|