83 lines
2.4 KiB
Nix
83 lines
2.4 KiB
Nix
{ modulesPath, pkgs, ... }:
|
|
{
|
|
|
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
|
|
security.tpm2.enable = true;
|
|
environment.systemPackages = with pkgs; [ tpm2-tss ];
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
kernelModules = [ "kvm-intel" ];
|
|
kernelParams = [ "audit=1" ];
|
|
extraModulePackages = [ ];
|
|
initrd = {
|
|
availableKernelModules = [
|
|
"xhci_pci"
|
|
"thunderbolt"
|
|
"vmd"
|
|
"nvme"
|
|
"usbhid"
|
|
"rtsx_pci_sdmmc"
|
|
];
|
|
systemd = {
|
|
enable = true;
|
|
enableTpm2 = true;
|
|
initrdBin = [
|
|
pkgs.libuuid
|
|
pkgs.gawk
|
|
];
|
|
services.rollback = {
|
|
description = "Rollback btrfs root subvolume";
|
|
wantedBy = [ "initrd.target" ];
|
|
before = [ "sysroot.mount" ];
|
|
after = [ "initrd-root-device.target" ];
|
|
unitConfig.DefaultDependencies = "no";
|
|
serviceConfig.Type = "oneshot";
|
|
script = ''
|
|
mkdir -p /mnt
|
|
DISK_LABEL="NixOS-Primary"
|
|
FOUND_DISK=0
|
|
ATTEMPTS=50
|
|
printf "Attempting to find disk with label '%s'\n" "$DISK_LABEL"
|
|
while ((ATTEMPTS > 0)); do
|
|
if findfs LABEL="$DISK_LABEL"; then
|
|
FOUND_DISK=1
|
|
printf "Found disk!\n"
|
|
break;
|
|
fi
|
|
((ATTEMPTS--))
|
|
sleep .1
|
|
printf "Remaining disk discovery attempts: %s\n" "$ATTEMPTS"
|
|
done
|
|
if (( FOUND_DISK == 0 )); then
|
|
printf "Discovery of disk with label '%s' failed! Cannot rollback!\n" "$DISK_LABEL"
|
|
exit 1
|
|
fi
|
|
|
|
mount -t btrfs -o subvol=/ $(findfs LABEL="$DISK_LABEL") /mnt
|
|
btrfs subvolume list -to /mnt/root \
|
|
| awk 'NR>2 { printf $4"\n" }' \
|
|
| while read subvol; do
|
|
printf "Removing Subvolume: %s\n" "$subvol";
|
|
btrfs subvolume delete "/mnt/$subvol"
|
|
done
|
|
|
|
printf "Removing /root subvolume\n"
|
|
btrfs subvolume delete /mnt/root
|
|
|
|
printf "Restoring base /root subvolume\n"
|
|
btrfs subvolume snapshot /mnt/root-base /mnt/root
|
|
|
|
umount /mnt
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|