colin
d13bcc49ab
longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where *exactly* a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing.
13 lines
495 B
Nix
13 lines
495 B
Nix
{ config, pkgs, ... }:
|
|
{
|
|
# we need space in the GPT header to place tow-boot.
|
|
# only actually need 1 MB, but better to over-allocate than under-allocate
|
|
sane.image.extraGPTPadding = 16 * 1024 * 1024;
|
|
sane.image.firstPartGap = 0;
|
|
system.build.img = pkgs.runCommand "nixos_full-disk-image.img" {} ''
|
|
cp -v ${config.system.build.img-without-firmware}/nixos.img $out
|
|
chmod +w $out
|
|
dd if=${pkgs.tow-boot-pinephone}/Tow-Boot.noenv.bin of=$out bs=1024 seek=8 conv=notrunc
|
|
'';
|
|
}
|