15227256ec
chore: kernel upgrade
2025-04-19 23:06:44 +02:00
58861e6de6
chore: upgrade systemd
2025-04-17 19:10:38 +02:00
d10bd7bb04
fix(rootfs): symlink /var/tmp to /tmp if no state partition available
...
this enable systemd networkd and resolved to work
2025-03-26 14:22:17 +01:00
c470bf6d59
chore: track upstream nixpkgs for our forks
2025-03-26 11:55:25 +01:00
242294eb8d
chore: nix flake update
2025-03-26 11:13:46 +01:00
bb708e3e61
feat(image): parameter to include microcode and secureboot
2025-03-26 10:59:38 +01:00
2841610f41
chore: bump kernel version
2025-03-26 10:32:09 +01:00
a7de3101a8
chore: include kernel modules in rootfs as sysext
2025-03-21 10:50:42 +01:00
4166b4c1fb
feat: kernel modules as system extensions
2025-03-20 14:00:55 +01:00
c748e17279
chore(sb): use systemd kernel cmdline condition
2025-03-19 23:57:21 +01:00
91a5646555
fix: include uuid in sysupdate images
2025-03-19 14:03:50 +01:00
a7b86fd03e
feat: add sysupdate definitions
2025-03-19 11:32:17 +01:00
8fb3174c78
feat: enroll secure boot at first boot
2025-03-18 21:45:07 +01:00
dc8ed2a774
feat: enable factory reset
2025-03-17 22:23:11 +01:00
df3a42da4b
chore: more clean up
2025-03-17 17:08:33 +01:00
a3e2a970f8
chore: clean up
2025-03-17 16:53:45 +01:00
1725120a49
chore: upgrade kernel
2025-03-15 18:51:59 +01:00
b619c6f01d
chore: remove result symlink
2025-03-15 18:45:39 +01:00
7376743266
chore: clean up
2025-03-14 23:23:14 +01:00
1f1c93b775
feat: enable secure boot
2025-03-14 11:39:23 +01:00
1fcc45dd32
feat: add factory reset UKI
2025-03-14 08:42:02 +01:00
2c2d212e25
fix: our own derivation for the kernel in order to be able to sign modules
2025-03-13 17:27:36 +01:00
4c0ae9086b
chore(openssl): remove dist files from ssldir
2025-03-12 13:38:50 +01:00
5ecfd546f6
fix: we have to build our own openssl to use standard paths
2025-03-12 12:52:15 +01:00
e49c2b22b5
chore: install ca cert bundle
2025-03-10 12:12:58 +01:00
55ac59e2b3
chore: add subvolumes state partition
2025-03-09 14:43:57 +01:00
e907d0d3d3
fix: rootfs now with verity and A/B prep
2025-03-07 15:19:41 +01:00
3f443a9e9b
chore: autologin as root for now
2025-03-06 17:18:17 +01:00
d1e25bdddf
chore: upgrade systemd to latest stable
2025-03-06 16:26:13 +01:00
658b5af153
chore: even better erofs compression
2025-03-06 16:16:25 +01:00
62dd1ca5bf
feat: enable conf/sys ext services and make /etc read-only without overlay
2025-03-05 22:04:38 +01:00
18c8e76850
revert to static machine id for now
2025-03-05 10:08:47 +01:00
be4efca9a5
chore: temporary generate machine-id on boot until we have a confext
2025-03-05 10:00:10 +01:00
0a129b5489
chore: clean up
2025-03-05 09:13:18 +01:00
879f74befa
chore: remove unused logind and sysuser for dbus svc
2025-03-05 08:38:08 +01:00
12bacf271d
feat: generate passwd/group with systemd-sysusers
2025-03-04 23:51:08 +01:00
8e61f85f72
chore: clean up var-repart config
2025-03-04 15:42:12 +01:00
e5367bac84
chore: more clean up
2025-03-04 14:20:31 +01:00
529061df5e
chore: clean up comments
2025-03-04 14:08:53 +01:00
83bb3599a4
fix(repart): depend on sysroot-run mount
2025-03-04 13:56:18 +01:00
10090a75b0
fix(image): finally have working mount of encrypted volumes!
2025-03-04 12:10:18 +01:00
adb2e90c13
fix(image): image need to include devicemapper setup tools and udev rules
2025-03-03 16:13:30 +01:00
0a6fc3af49
chore: enable default networking and make root own erofs files
2025-02-27 16:42:11 +01:00
aa4f69d891
fix: we need to roll our own versions of tpm2-tools and tpm2-tss
2025-02-27 16:35:50 +01:00
57f83bd4ac
chore: make erofs with --all-root flag
2025-02-27 08:18:24 +01:00
7365ef8918
feat(image): install upstream kexec which now have support for UKIs
2025-02-26 14:40:06 +01:00
b784c94d42
WIP: Build image from scratch / without NixOS.
...
An experiment to see if we can minimize the PatOS project even further,
and not have to adapt NixOS packages and config for our needs.
2025-02-14 13:07:01 +01:00
4702e0dddb
feat(systemd): enabled sysupdated
2025-02-12 15:06:07 +01:00
fa55edf0de
chore: remove openssh for now
2024-11-19 12:11:21 +01:00
c59ea29957
Image building take 2
...
We want verity protected partitions as well as encrypted state/data along with verified boot.
This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨
https://github.com/petm5/nixlet/
2024-11-14 19:52:34 +01:00
