feat: enable factory reset

2025-03-17 22:22:35 +01:00 · 2025-03-17 22:22:35 +01:00 · dc8ed2a774
commit dc8ed2a774
parent df3a42da4b
3 changed files with 34 additions and 11 deletions
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@ -27,7 +27,7 @@ runCommand pname {
  kernelCmdLine = "console=ttyS0";
 }
 ''
-mkdir -p $out/init.repart.d $out/final.repart.d $out/boot
+mkdir -p $out/init.repart.d $out/final.repart.d
 pushd $out

 # Don't seem to work just to create a symlink to rootfs derivation?
@ -106,9 +106,28 @@ SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root .
  --secure-boot-auto-enroll=true --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem
 echo "timeout 2" > rootfs/boot/loader/loader.conf

+# setup factory reset
+mkdir -p rootfs/boot/EFI/tools
+cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+
+cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
+setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
+reset
+EOF
+
+cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
+title Enable Factory Reset
+options -nostartup -nomap
+options \EFI\tools\factoryreset.nsh L"t"
+efi EFI/tools/shell.efi
+EOF
+
 # sign EFIs
 ${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
-  rootfs/boot/EFI/BOOT/BOOTX64.EFI  --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI
+  rootfs/boot/EFI/tools/shell.efi --output=rootfs/boot/EFI/tools/shell.efi
+
+${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
+  rootfs/boot/EFI/BOOT/BOOTX64.EFI --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI

 ${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
  patos_${version}.efi --output=patos_${version}.efi
@ -123,8 +142,8 @@ cat <<EOF > final.repart.d/10-esp.conf
 [Partition]
 Type=esp
 Format=vfat
-SizeMinBytes=160M
-SizeMaxBytes=160M
+SizeMinBytes=96M
+SizeMaxBytes=96M
 CopyFiles=/rootfs/boot:/
 EOF

--- a/pkgs/rootfs/mkinitrd.nix
+++ b/pkgs/rootfs/mkinitrd.nix
@ -57,6 +57,7 @@ Environment=SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard
 ExecStart=
 ExecStart=systemd-repart --dry-run=no --generate-crypttab=/run/crypttab --generate-fstab=/run/fstab
 EOF
+ln -sf ../systemd-repart.service ./usr/lib/systemd/system/initrd-root-fs.target.wants/systemd-repart.service

 # gen initrd
 find . -print0 | cpio --null --owner=root:root -o --format=newc | xz -9 --check=crc32 > ../initrd.xz
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@ -3,7 +3,6 @@
  patosPkgs,
  version,
  runCommand,
-  ...
 }:
 let
  defaultPassword = "patos";
@ -13,10 +12,11 @@ runCommand "patos-rootfs"
 {
  inherit version;

-  buildInputs = [
-    pkgs.glibc
-    pkgs.binutils
+  buildInputs = with pkgs;[
+    glibc
+    binutils
  ];
+
 }
 ''
 ### create directory structure
@ -29,13 +29,16 @@ ln -sf /usr/lib $out/lib64
 ln -sf ../proc/self/mounts $out/etc/mtab

 ### install systemd
-echo "Installing systemd"
 cp -Pr ${patosPkgs.systemd}/* $out/
 find $out -type d -exec chmod 755 {} \;
 rm -rf $out/usr/include
 rm -rf $out/usr/sbin
 ln -sf /usr/bin $out/usr/sbin
 rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
+# enable in ramdisk instead
+rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-repart.service
+rm -f $out/usr/lib/systemd/system/initrd-root-fs.target.wants/systemd-repart.service
+
 rm -f $out/usr/lib/systemd/ukify
 rm -f $out/usr/bin/ukify
 rm -f $out/usr/lib/udev/rules.d/90-vconsole.rules
@ -71,8 +74,8 @@ cat <<EOF > $out/etc/repart.d/10-esp.conf
 [Partition]
 Type=esp
 Format=vfat
-SizeMaxBytes=160M
-SizeMinBytes=160M
+SizeMaxBytes=96M
+SizeMinBytes=96M
 EOF

 cat <<EOF > $out/etc/repart.d/20-root-a.conf