From 782f4add01f2fd56dc4bc6a665310a8ed1fc3fe4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 22 Oct 2021 14:04:17 +0200 Subject: [PATCH 1/2] cron: reset origin remote url, so that next step's git fetch works --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 89514d6c..8a5adad1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,6 +22,7 @@ steps: - git checkout -b devos --track origin/devos - git merge -X theirs devos/main - git push origin devos + - git remote set-url origin https://git.b12f.io/pub-solar/os.git - name: "Sync $BRANCH with upstream" image: alpine/git From c35a38f8348292fa135949738e147c886e3da585 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 01:18:33 +0200 Subject: [PATCH 2/2] x-os: prepare booting from unencrypted /boot partition --- modules/x-os/boot.nix | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 5068590e..51cd5b4b 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -3,40 +3,19 @@ let cfg = config.pub-solar.x-os; in -with lib; { - options = { - pub-solar.x-os.keyfile = mkOption { - type = types.str; - description = "Keyfile location"; - }; - }; - +{ config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; - # Use Keyfile to unlock the root partition to avoid keying in twice. + # Mount / luks device in initrd # Allow fstrim to work on it. boot.initrd = { - secrets = { "/keyfile.bin" = cfg.keyfile; }; luks.devices."cryptroot" = { - keyFile = "/keyfile.bin"; allowDiscards = true; - fallbackToPassword = true; }; }; - # Use GRUB with encrypted /boot under EFI env. - boot.loader = { - efi.efiSysMountPoint = "/boot/efi"; - - grub = { - enable = true; - version = 2; - device = "nodev"; - efiSupport = true; - enableCryptodisk = true; - }; - }; + boot.loader.systemd-boot.enable = true; }; }