Add cmdline

system/bootloader.sls

@@ -1,21 +1,70 @@
+include:
+  - .base
+
 system_bootloader_pkgs:
   pkg.installed:
     - pkgs:
-      - syslinux
+      - grub
-
+      - grub-efi
-{% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
+      - mkinitfs
-system_bootload_gptmbr:
+      - mkinitfs-doc
-  cmd.run:
+      - efibootmgr
-    - name: "dd bs=440 count=1 notrunc if=/usr/share/syslinux/gptmbr.bin of={{ salt['pillar.get']('drive') }}"
-    - require:
-      - system_bootloader_pkgs
-{% endif %}
 
 system_bootloader_install:
   cmd.run:
-    - name: 'extlinux --install /boot'
+    - name: "grub-install --target=x86_64-efi --efi-directory=/efi"
     - require:
       - system_bootloader_pkgs
-      {% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
+
-      - system_bootload_gptmbr
+system_bootloader_config:
-      {% endif %}
+  cmd.run:
+    - name: 'grub-mkconfig -o /efi/grub/grub.cfg'
+    - require:
+      - system_bootloader_pkgs
+      - system_bootloader_install
+
+system_bootloader_mkinitfs_conf:
+  file.keyvalue:
+    - name: /etc/mkinitfs/mkinitfs.conf
+    - key_values:
+        features: '"ata base cdrom ext4 btrfs keymap kms mmc nvme raid scsi usb virtio"'
+    - separator: '='
+    - uncomment: '# '
+    - key_ignore_case: false
+    - value_ignore_case: false
+    - append_if_not_found: true
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs
+      - system_bootloader_install
+
+{% set CURRENT_SUBVOLUME_TIMESTAMP = salt['cmd.shell']('CURRENT_SUBVOLUME=$(LC_ALL=C btrfs sub show / | LC_ALL=C grep -aPom1 \'^\s*Name:\s*\K\S.*\'); TIMESTAMP_FORMAT=\'[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}_[[:digit:]]{2}-[[:digit:]]{2}-[[:digit:]]{2}\'; echo "$CURRENT_SUBVOLUME" | grep -Eo "$TIMESTAMP_FORMAT"') %}
+{% set CURRENT_SUBVOLUME_TIMESTAMP_HUMAN = salt['cmd.shell']('CURRENT_SUBVOLUME_TIMESTAMP=\'' + CURRENT_SUBVOLUME_TIMESTAMP + '\'; echo "${CURRENT_SUBVOLUME_TIMESTAMP:0:10} ${CURRENT_SUBVOLUME_TIMESTAMP:11:2}:${CURRENT_SUBVOLUME_TIMESTAMP:14:2}"') %}
+{% set KERNEL_VERSION = salt['cmd.shell']('uname -r') %}
+
+system_bootloader_os-release:
+  file.keyvalue:
+    - name: /etc/os-release
+    - key_values:
+        VERSION_ID: '"Timestamp: {{ CURRENT_SUBVOLUME_TIMESTAMP_HUMAN }} | Kernel: {{ KERNEL_VERSION }}"'
+    - separator: '='
+    - uncomment: '# '
+    - key_ignore_case: False
+    - append_if_not_found: True
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs
+
+system_bootloader_cmdline:
+  file.managed:
+    - name: /proc/cmdline
+    - source: salt://{{ tpldir }}/files/bootloader_cmdline.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: '0644'
+    - context:
+        CURRENT_SUBVOLUME_TIMESTAMP: {{ CURRENT_SUBVOLUME_TIMESTAMP }}
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs

system/files/bootloader_cmdline.jinja

@@ -0,0 +1 @@
+root="LABEL=ROOT" rootflags=subvol=@root_{{ CURRENT_SUBVOLUME_TIMESTAMP }} lockdown=confidentiality

system/init.sls

@@ -1,6 +1,5 @@
 include:
   - .base
-  - .bootloader
   - .disks
   - .firewall
   - .user