pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / loader / systemd-boot / systemd-boot.nix
at 24.11-pre 15 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.boot.loader.systemd-boot; 7 8 efi = config.boot.loader.efi; 9 10 # We check the source code in a derivation that does not depend on the 11 # system configuration so that most users don't have to redo the check and require 12 # the necessary dependencies. 13 checkedSource = pkgs.runCommand "systemd-boot" { 14 preferLocalBuild = true; 15 } '' 16 install -m755 -D ${./systemd-boot-builder.py} $out 17 ${lib.getExe pkgs.buildPackages.mypy} \ 18 --no-implicit-optional \ 19 --disallow-untyped-calls \ 20 --disallow-untyped-defs \ 21 $out 22 ''; 23 24 systemdBootBuilder = pkgs.substituteAll rec { 25 src = checkedSource; 26 27 isExecutable = true; 28 29 inherit (pkgs) python3; 30 31 systemd = config.systemd.package; 32 33 bootspecTools = pkgs.bootspec; 34 35 nix = config.nix.package.out; 36 37 timeout = optionalString (config.boot.loader.timeout != null) config.boot.loader.timeout; 38 39 configurationLimit = if cfg.configurationLimit == null then 0 else cfg.configurationLimit; 40 41 inherit (cfg) consoleMode graceful editor; 42 43 inherit (efi) efiSysMountPoint canTouchEfiVariables; 44 45 bootMountPoint = if cfg.xbootldrMountPoint != null 46 then cfg.xbootldrMountPoint 47 else efi.efiSysMountPoint; 48 49 nixosDir = "/EFI/nixos"; 50 51 inherit (config.system.nixos) distroName; 52 53 memtest86 = optionalString cfg.memtest86.enable pkgs.memtest86plus; 54 55 netbootxyz = optionalString cfg.netbootxyz.enable pkgs.netbootxyz-efi; 56 57 checkMountpoints = pkgs.writeShellScript "check-mountpoints" '' 58 fail() { 59 echo "$1 = '$2' is not a mounted partition. Is the path configured correctly?" >&2 60 exit 1 61 } 62 ${pkgs.util-linuxMinimal}/bin/findmnt ${efiSysMountPoint} > /dev/null || fail efiSysMountPoint ${efiSysMountPoint} 63 ${lib.optionalString 64 (cfg.xbootldrMountPoint != null) 65 "${pkgs.util-linuxMinimal}/bin/findmnt ${cfg.xbootldrMountPoint} > /dev/null || fail xbootldrMountPoint ${cfg.xbootldrMountPoint}"} 66 ''; 67 68 copyExtraFiles = pkgs.writeShellScript "copy-extra-files" '' 69 empty_file=$(${pkgs.coreutils}/bin/mktemp) 70 71 ${concatStrings (mapAttrsToList (n: v: '' 72 ${pkgs.coreutils}/bin/install -Dp "${v}" "${bootMountPoint}/"${escapeShellArg n} 73 ${pkgs.coreutils}/bin/install -D $empty_file "${bootMountPoint}/${nixosDir}/.extra-files/"${escapeShellArg n} 74 '') cfg.extraFiles)} 75 76 ${concatStrings (mapAttrsToList (n: v: '' 77 ${pkgs.coreutils}/bin/install -Dp "${pkgs.writeText n v}" "${bootMountPoint}/loader/entries/"${escapeShellArg n} 78 ${pkgs.coreutils}/bin/install -D $empty_file "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/"${escapeShellArg n} 79 '') cfg.extraEntries)} 80 ''; 81 }; 82 83 finalSystemdBootBuilder = pkgs.writeScript "install-systemd-boot.sh" '' 84 #!${pkgs.runtimeShell} 85 ${systemdBootBuilder} "$@" 86 ${cfg.extraInstallCommands} 87 ''; 88in { 89 90 meta.maintainers = with lib.maintainers; [ julienmalka ]; 91 92 imports = 93 [ (mkRenamedOptionModule [ "boot" "loader" "gummiboot" "enable" ] [ "boot" "loader" "systemd-boot" "enable" ]) 94 (lib.mkChangedOptionModule 95 [ "boot" "loader" "systemd-boot" "memtest86" "entryFilename" ] 96 [ "boot" "loader" "systemd-boot" "memtest86" "sortKey" ] 97 (config: lib.strings.removeSuffix ".conf" config.boot.loader.systemd-boot.memtest86.entryFilename) 98 ) 99 (lib.mkChangedOptionModule 100 [ "boot" "loader" "systemd-boot" "netbootxyz" "entryFilename" ] 101 [ "boot" "loader" "systemd-boot" "netbootxyz" "sortKey" ] 102 (config: lib.strings.removeSuffix ".conf" config.boot.loader.systemd-boot.netbootxyz.entryFilename) 103 ) 104 ]; 105 106 options.boot.loader.systemd-boot = { 107 enable = mkOption { 108 default = false; 109 110 type = types.bool; 111 112 description = '' 113 Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager. 114 For more information about systemd-boot: 115 https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/ 116 ''; 117 }; 118 119 sortKey = mkOption { 120 default = "nixos"; 121 type = lib.types.str; 122 description = '' 123 The sort key used for the NixOS bootloader entries. 124 This key determines sorting relative to non-NixOS entries. 125 See also https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting 126 127 This option can also be used to control the sorting of NixOS specialisations. 128 129 By default, specialisations inherit the sort key of their parent generation 130 and will have the same value for both the sort-key and the version (i.e. the generation number), 131 systemd-boot will therefore sort them based on their file name, meaning that 132 in your boot menu you will have each main generation directly followed by 133 its specialisations sorted alphabetically by their names. 134 135 If you want a different ordering for a specialisation, you can override 136 its sort-key which will cause the specialisation to be uncoupled from its 137 parent generation. It will then be sorted by its new sort-key just like 138 any other boot entry. 139 140 The sort-key is stored in the generation's bootspec, which means that 141 generations keep their sort-keys even if the original definition of the 142 generation was removed from the NixOS configuration. 143 It also means that updating the sort-key will only affect new generations, 144 while old ones will keep the sort-key that they were originally built with. 145 ''; 146 }; 147 148 editor = mkOption { 149 default = true; 150 151 type = types.bool; 152 153 description = '' 154 Whether to allow editing the kernel command-line before 155 boot. It is recommended to set this to false, as it allows 156 gaining root access by passing init=/bin/sh as a kernel 157 parameter. However, it is enabled by default for backwards 158 compatibility. 159 ''; 160 }; 161 162 xbootldrMountPoint = mkOption { 163 default = null; 164 type = types.nullOr types.str; 165 description = '' 166 Where the XBOOTLDR partition is mounted. 167 168 If set, this partition will be used as $BOOT to store boot loader entries and extra files 169 instead of the EFI partition. As per the bootloader specification, it is recommended that 170 the EFI and XBOOTLDR partitions be mounted at `/efi` and `/boot`, respectively. 171 ''; 172 }; 173 174 configurationLimit = mkOption { 175 default = null; 176 example = 120; 177 type = types.nullOr types.int; 178 description = '' 179 Maximum number of latest generations in the boot menu. 180 Useful to prevent boot partition running out of disk space. 181 182 `null` means no limit i.e. all generations 183 that have not been garbage collected yet. 184 ''; 185 }; 186 187 extraInstallCommands = mkOption { 188 default = ""; 189 example = '' 190 default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}') 191 init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}') 192 sed -i "s|@INIT@|$init_value|g" /boot/custom/config_with_placeholder.conf 193 ''; 194 type = types.lines; 195 description = '' 196 Additional shell commands inserted in the bootloader installer 197 script after generating menu entries. It can be used to expand 198 on extra boot entries that cannot incorporate certain pieces of 199 information (such as the resulting `init=` kernel parameter). 200 ''; 201 }; 202 203 consoleMode = mkOption { 204 default = "keep"; 205 206 type = types.enum [ "0" "1" "2" "auto" "max" "keep" ]; 207 208 description = '' 209 The resolution of the console. The following values are valid: 210 211 - `"0"`: Standard UEFI 80x25 mode 212 - `"1"`: 80x50 mode, not supported by all devices 213 - `"2"`: The first non-standard mode provided by the device firmware, if any 214 - `"auto"`: Pick a suitable mode automatically using heuristics 215 - `"max"`: Pick the highest-numbered available mode 216 - `"keep"`: Keep the mode selected by firmware (the default) 217 ''; 218 }; 219 220 memtest86 = { 221 enable = mkOption { 222 default = false; 223 type = types.bool; 224 description = '' 225 Make Memtest86+ available from the systemd-boot menu. Memtest86+ is a 226 program for testing memory. 227 ''; 228 }; 229 230 sortKey = mkOption { 231 default = "o_memtest86"; 232 type = types.str; 233 description = '' 234 `systemd-boot` orders the menu entries by their sort keys, 235 so if you want something to appear after all the NixOS entries, 236 it should start with {file}`o` or onwards. 237 238 See also {option}`boot.loader.systemd-boot.sortKey`. 239 ''; 240 }; 241 }; 242 243 netbootxyz = { 244 enable = mkOption { 245 default = false; 246 type = types.bool; 247 description = '' 248 Make `netboot.xyz` available from the 249 `systemd-boot` menu. `netboot.xyz` 250 is a menu system that allows you to boot OS installers and 251 utilities over the network. 252 ''; 253 }; 254 255 sortKey = mkOption { 256 default = "o_netbootxyz"; 257 type = types.str; 258 description = '' 259 `systemd-boot` orders the menu entries by their sort keys, 260 so if you want something to appear after all the NixOS entries, 261 it should start with {file}`o` or onwards. 262 263 See also {option}`boot.loader.systemd-boot.sortKey`. 264 ''; 265 }; 266 }; 267 268 extraEntries = mkOption { 269 type = types.attrsOf types.lines; 270 default = {}; 271 example = literalExpression '' 272 { "memtest86.conf" = ''' 273 title Memtest86+ 274 efi /efi/memtest86/memtest.efi 275 sort-key z_memtest 276 '''; } 277 ''; 278 description = '' 279 Any additional entries you want added to the `systemd-boot` menu. 280 These entries will be copied to {file}`$BOOT/loader/entries`. 281 Each attribute name denotes the destination file name, 282 and the corresponding attribute value is the contents of the entry. 283 284 To control the ordering of the entry in the boot menu, use the sort-key 285 field, see 286 https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting 287 and {option}`boot.loader.systemd-boot.sortKey`. 288 ''; 289 }; 290 291 extraFiles = mkOption { 292 type = types.attrsOf types.path; 293 default = {}; 294 example = literalExpression '' 295 { "efi/memtest86/memtest.efi" = "''${pkgs.memtest86plus}/memtest.efi"; } 296 ''; 297 description = '' 298 A set of files to be copied to {file}`$BOOT`. 299 Each attribute name denotes the destination file name in 300 {file}`$BOOT`, while the corresponding 301 attribute value specifies the source file. 302 ''; 303 }; 304 305 graceful = mkOption { 306 default = false; 307 308 type = types.bool; 309 310 description = '' 311 Invoke `bootctl install` with the `--graceful` option, 312 which ignores errors when EFI variables cannot be written or when the EFI System Partition 313 cannot be found. Currently only applies to random seed operations. 314 315 Only enable this option if `systemd-boot` otherwise fails to install, as the 316 scope or implication of the `--graceful` option may change in the future. 317 ''; 318 }; 319 320 }; 321 322 config = mkIf cfg.enable { 323 assertions = [ 324 { 325 assertion = (hasPrefix "/" efi.efiSysMountPoint); 326 message = "The ESP mount point '${efi.efiSysMountPoint}' must be an absolute path"; 327 } 328 { 329 assertion = cfg.xbootldrMountPoint == null || (hasPrefix "/" cfg.xbootldrMountPoint); 330 message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' must be an absolute path"; 331 } 332 { 333 assertion = cfg.xbootldrMountPoint != efi.efiSysMountPoint; 334 message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' cannot be the same as the ESP mount point '${efi.efiSysMountPoint}'"; 335 } 336 { 337 assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub; 338 message = "This kernel does not support the EFI boot stub"; 339 } 340 ] ++ concatMap (filename: [ 341 { 342 assertion = !(hasInfix "/" filename); 343 message = "boot.loader.systemd-boot.extraEntries.${lib.strings.escapeNixIdentifier filename} is invalid: entries within folders are not supported"; 344 } 345 { 346 assertion = hasSuffix ".conf" filename; 347 message = "boot.loader.systemd-boot.extraEntries.${lib.strings.escapeNixIdentifier filename} is invalid: entries must have a .conf file extension"; 348 } 349 ]) (builtins.attrNames cfg.extraEntries) 350 ++ concatMap (filename: [ 351 { 352 assertion = !(hasPrefix "/" filename); 353 message = "boot.loader.systemd-boot.extraFiles.${lib.strings.escapeNixIdentifier filename} is invalid: paths must not begin with a slash"; 354 } 355 { 356 assertion = !(hasInfix ".." filename); 357 message = "boot.loader.systemd-boot.extraFiles.${lib.strings.escapeNixIdentifier filename} is invalid: paths must not reference the parent directory"; 358 } 359 { 360 assertion = !(hasInfix "nixos/.extra-files" (toLower filename)); 361 message = "boot.loader.systemd-boot.extraFiles.${lib.strings.escapeNixIdentifier filename} is invalid: files cannot be placed in the nixos/.extra-files directory"; 362 } 363 ]) (builtins.attrNames cfg.extraFiles); 364 365 boot.loader.grub.enable = mkDefault false; 366 367 boot.loader.supportsInitrdSecrets = true; 368 369 boot.loader.systemd-boot.extraFiles = mkMerge [ 370 (mkIf cfg.memtest86.enable { 371 "efi/memtest86/memtest.efi" = "${pkgs.memtest86plus.efi}"; 372 }) 373 (mkIf cfg.netbootxyz.enable { 374 "efi/netbootxyz/netboot.xyz.efi" = "${pkgs.netbootxyz-efi}"; 375 }) 376 ]; 377 378 boot.loader.systemd-boot.extraEntries = mkMerge [ 379 (mkIf cfg.memtest86.enable { 380 "memtest86.conf" = '' 381 title Memtest86+ 382 efi /efi/memtest86/memtest.efi 383 sort-key ${cfg.memtest86.sortKey} 384 ''; 385 }) 386 (mkIf cfg.netbootxyz.enable { 387 "netbootxyz.conf" = '' 388 title netboot.xyz 389 efi /efi/netbootxyz/netboot.xyz.efi 390 sort-key ${cfg.netbootxyz.sortKey} 391 ''; 392 }) 393 ]; 394 395 boot.bootspec.extensions."org.nixos.systemd-boot" = { 396 inherit (config.boot.loader.systemd-boot) sortKey; 397 }; 398 399 system = { 400 build.installBootLoader = finalSystemdBootBuilder; 401 402 boot.loader.id = "systemd-boot"; 403 404 requiredKernelConfig = with config.lib.kernelConfig; [ 405 (isYes "EFI_STUB") 406 ]; 407 }; 408 }; 409}