Merge pull request #282022 from ElvishJerricco/gpt-auto-root

nixos: Support systemd-gpt-auto-root
This commit is contained in:
nikstur 2024-03-18 10:27:22 +01:00 committed by GitHub
commit a1c4f0a754
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 69 additions and 9 deletions

View File

@ -688,7 +688,7 @@ in
config = mkIf config.boot.initrd.enable {
assertions = [
{ assertion = any (fs: fs.mountPoint == "/") fileSystems;
{ assertion = !config.boot.initrd.systemd.enable -> any (fs: fs.mountPoint == "/") fileSystems;
message = "The fileSystems option does not specify your root file system.";
}
{ assertion = let inherit (config.boot) resumeDevice; in

View File

@ -212,6 +212,19 @@ in {
default = [];
};
root = lib.mkOption {
type = lib.types.enum [ "fstab" "gpt-auto" ];
default = "fstab";
example = "gpt-auto";
description = ''
Controls how systemd will interpret the root FS in initrd. See
{manpage}`kernel-command-line(7)`. NixOS currently does not
allow specifying the root file system itself this
way. Instead, the `fstab` value is used in order to interpret
the root file system specified with the `fileSystems` option.
'';
};
emergencyAccess = mkOption {
type = with types; oneOf [ bool (nullOr (passwdEntry str)) ];
description = lib.mdDoc ''
@ -342,7 +355,12 @@ in {
};
config = mkIf (config.boot.initrd.enable && cfg.enable) {
assertions = map (name: {
assertions = [
{
assertion = cfg.root == "fstab" -> any (fs: fs.mountPoint == "/") (builtins.attrValues config.fileSystems);
message = "The fileSystems option does not specify your root file system.";
}
] ++ map (name: {
assertion = lib.attrByPath name (throw "impossible") config.boot.initrd == "";
message = ''
systemd stage 1 does not support 'boot.initrd.${lib.concatStringsSep "." name}'. Please
@ -371,7 +389,12 @@ in {
"autofs"
# systemd-cryptenroll
] ++ lib.optional cfg.enableTpm2 "tpm-tis"
++ lib.optional (cfg.enableTpm2 && !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)) "tpm-crb";
++ lib.optional (cfg.enableTpm2 && !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)) "tpm-crb"
++ lib.optional cfg.package.withEfi "efivarfs";
boot.kernelParams = [
"root=${config.boot.initrd.systemd.root}"
] ++ lib.optional (config.boot.resumeDevice != "") "resume=${config.boot.resumeDevice}";
boot.initrd.systemd = {
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package];
@ -554,7 +577,5 @@ in {
serviceConfig.Type = "oneshot";
};
};
boot.kernelParams = lib.mkIf (config.boot.resumeDevice != "") [ "resume=${config.boot.resumeDevice}" ];
};
}

View File

@ -24,8 +24,8 @@ makeTest {
virtualisation.useNixStoreImage = true;
swapDevices = lib.mkOverride 0 [ { device = "/dev/vdc"; options = [ "x-systemd.makefs" ]; } ];
boot.resumeDevice = "/dev/vdc";
boot.initrd.systemd.enable = systemdStage1;
virtualisation.useEFIBoot = true;
};
};

View File

@ -37,6 +37,7 @@
clevisLuksFallback
clevisZfs
clevisZfsFallback
gptAutoRoot
;
}

View File

@ -82,6 +82,7 @@ let
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier
, postInstallCommands, preBootCommands, postBootCommands, extraConfig
, testSpecialisationConfig, testFlakeSwitch, clevisTest, clevisFallbackTest
, disableFileSystems
}:
let
qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; };
@ -163,7 +164,7 @@ let
${createPartitions}
with subtest("Create the NixOS configuration"):
machine.succeed("nixos-generate-config --root /mnt")
machine.succeed("nixos-generate-config ${optionalString disableFileSystems "--no-filesystems"} --root /mnt")
machine.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2")
machine.copy_from_host(
"${ makeConfig {
@ -433,6 +434,7 @@ let
, testFlakeSwitch ? false
, clevisTest ? false
, clevisFallbackTest ? false
, disableFileSystems ? false
}:
makeTest {
inherit enableOCR;
@ -541,7 +543,8 @@ let
testScript = testScriptFun {
inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands
grubDevice grubIdentifier grubUseEfi extraConfig
testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest;
testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest
disableFileSystems;
};
};
@ -1414,4 +1417,39 @@ in {
};
};
};
gptAutoRoot = let
rootPartType = {
ia32 = "44479540-F297-41B2-9AF7-D131D5F0458A";
x64 = "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709";
arm = "69DAD710-2CE4-4E3C-B16C-21A1D49ABED3";
aa64 = "B921B045-1DF0-41C3-AF44-4C6F280D3FAE";
}.${pkgs.stdenv.hostPlatform.efiArch};
in makeInstallerTest "gptAutoRoot" {
disableFileSystems = true;
createPartitions = ''
machine.succeed(
"sgdisk --zap-all /dev/vda",
"sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot
"sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap
"sgdisk --new=3:0:+5G --typecode=0:${rootPartType} /dev/vda", # /
"udevadm settle",
"mkfs.vfat /dev/vda1",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"mkfs.ext4 -L root /dev/vda3",
"udevadm settle",
"mount /dev/vda3 /mnt",
"mkdir -p /mnt/boot",
"mount /dev/vda1 /mnt/boot"
)
'';
bootLoader = "systemd-boot";
extraConfig = ''
boot.initrd.systemd.root = "gpt-auto";
boot.initrd.supportedFilesystems = ["ext4"];
'';
};
}

View File

@ -866,7 +866,7 @@ stdenv.mkDerivation (finalAttrs: {
# needed - and therefore `interfaceVersion` should be incremented.
interfaceVersion = 2;
inherit withBootloader withCryptsetup withHostnamed withImportd withKmod
inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod
withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd;
tests = {