diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index e82b49a..e82bc3d 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -27,7 +27,7 @@ runCommand pname {
kernelCmdLine = "console=ttyS0";
}
''
-mkdir -p $out/init.repart.d $out/final.repart.d $out/boot
+mkdir -p $out/init.repart.d $out/final.repart.d
pushd $out
# Don't seem to work just to create a symlink to rootfs derivation?
@@ -106,9 +106,28 @@ SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root .
--secure-boot-auto-enroll=true --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem
echo "timeout 2" > rootfs/boot/loader/loader.conf
+# setup factory reset
+mkdir -p rootfs/boot/EFI/tools
+cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+
+cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
+setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
+reset
+EOF
+
+cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
+title Enable Factory Reset
+options -nostartup -nomap
+options \EFI\tools\factoryreset.nsh L"t"
+efi EFI/tools/shell.efi
+EOF
+
# sign EFIs
${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
- rootfs/boot/EFI/BOOT/BOOTX64.EFI --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI
+ rootfs/boot/EFI/tools/shell.efi --output=rootfs/boot/EFI/tools/shell.efi
+
+${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
+ rootfs/boot/EFI/BOOT/BOOTX64.EFI --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI
${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
patos_${version}.efi --output=patos_${version}.efi
@@ -123,8 +142,8 @@ cat <<EOF > final.repart.d/10-esp.conf
[Partition]
Type=esp
Format=vfat
-SizeMinBytes=160M
-SizeMaxBytes=160M
+SizeMinBytes=96M
+SizeMaxBytes=96M
CopyFiles=/rootfs/boot:/
EOF
diff --git a/pkgs/rootfs/mkinitrd.nix b/pkgs/rootfs/mkinitrd.nix
index 8eb721e..2187514 100644
--- a/pkgs/rootfs/mkinitrd.nix
+++ b/pkgs/rootfs/mkinitrd.nix
@@ -57,6 +57,7 @@ Environment=SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard
ExecStart=
ExecStart=systemd-repart --dry-run=no --generate-crypttab=/run/crypttab --generate-fstab=/run/fstab
EOF
+ln -sf ../systemd-repart.service ./usr/lib/systemd/system/initrd-root-fs.target.wants/systemd-repart.service
# gen initrd
find . -print0 | cpio --null --owner=root:root -o --format=newc | xz -9 --check=crc32 > ../initrd.xz
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index a40e17b..ca449b3 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -3,7 +3,6 @@
patosPkgs,
version,
runCommand,
- ...
}:
let
defaultPassword = "patos";
@@ -13,10 +12,11 @@ runCommand "patos-rootfs"
{
inherit version;
- buildInputs = [
- pkgs.glibc
- pkgs.binutils
+ buildInputs = with pkgs;[
+ glibc
+ binutils
];
+
}
''
### create directory structure
@@ -29,13 +29,16 @@ ln -sf /usr/lib $out/lib64
ln -sf ../proc/self/mounts $out/etc/mtab
### install systemd
-echo "Installing systemd"
cp -Pr ${patosPkgs.systemd}/* $out/
find $out -type d -exec chmod 755 {} \;
rm -rf $out/usr/include
rm -rf $out/usr/sbin
ln -sf /usr/bin $out/usr/sbin
rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
+# enable in ramdisk instead
+rm -f $out/usr/lib/systemd/system/sysinit.target.wants/systemd-repart.service
+rm -f $out/usr/lib/systemd/system/initrd-root-fs.target.wants/systemd-repart.service
+
rm -f $out/usr/lib/systemd/ukify
rm -f $out/usr/bin/ukify
rm -f $out/usr/lib/udev/rules.d/90-vconsole.rules
@@ -71,8 +74,8 @@ cat <<EOF > $out/etc/repart.d/10-esp.conf
[Partition]
Type=esp
Format=vfat
-SizeMaxBytes=160M
-SizeMinBytes=160M
+SizeMaxBytes=96M
+SizeMinBytes=96M
EOF
cat <<EOF > $out/etc/repart.d/20-root-a.conf