diff options
author | Shea Levy <shea@shealevy.com> | 2017-04-02 14:51:09 -0400 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2017-04-02 16:33:37 -0400 |
commit | b09490a3229dd5ac4169248ee38ca22e357c0aa2 (patch) | |
tree | ed2331fbc59debbaa19dd15026edef0ba9690717 /nixos/modules/system/boot/loader/systemd-boot | |
parent | 59c097730030f12398fb9d8c70f93571f589e694 (diff) | |
download | nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar.gz nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar.bz2 nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar.lz nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar.xz nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.tar.zst nixpkgs-b09490a3229dd5ac4169248ee38ca22e357c0aa2.zip |
systemd-boot: Support initrd secrets
Diffstat (limited to 'nixos/modules/system/boot/loader/systemd-boot')
-rw-r--r-- | nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py | 10 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index 04cf17c1b0b..d5e00129a82 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -32,8 +32,11 @@ def write_loader_conf(generation): f.write("editor 0"); os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf") +def profile_path(generation, name): + return os.readlink("%s/%s" % (system_dir(generation), name)) + def copy_from_profile(generation, name, dry_run=False): - store_file_path = os.readlink("%s/%s" % (system_dir(generation), name)) + store_file_path = profile_path(generation, name) suffix = os.path.basename(store_file_path) store_dir = os.path.basename(os.path.dirname(store_file_path)) efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix) @@ -44,6 +47,11 @@ def copy_from_profile(generation, name, dry_run=False): def write_entry(generation, machine_id): kernel = copy_from_profile(generation, "kernel") initrd = copy_from_profile(generation, "initrd") + try: + append_initrd_secrets = profile_path(generation, "append-initrd-secrets") + subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)]) + except FileNotFoundError: + pass entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation) generation_dir = os.readlink(system_dir(generation)) tmp_path = "%s.tmp" % (entry_file) diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index ec02f73cada..a5a88a99be8 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -65,6 +65,8 @@ in { boot.loader.grub.enable = mkDefault false; + boot.loader.supportsInitrdSecrets = true; + system = { build.installBootLoader = gummibootBuilder; |