Add cmdline

2023-07-14 22:10:45 +02:00 · 2023-07-14 22:10:45 +02:00 · 00ef89f319
commit 00ef89f319
parent d4e2253ea3
3 changed files with 63 additions and 14 deletions
--- a/system/bootloader.sls
+++ b/system/bootloader.sls
@ -1,21 +1,70 @@
+include:
+  - .base
+
 system_bootloader_pkgs:
  pkg.installed:
    - pkgs:
-      - syslinux
-
-{% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
-system_bootload_gptmbr:
-  cmd.run:
-    - name: "dd bs=440 count=1 notrunc if=/usr/share/syslinux/gptmbr.bin of={{ salt['pillar.get']('drive') }}"
-    - require:
-      - system_bootloader_pkgs
-{% endif %}
+      - grub
+      - grub-efi
+      - mkinitfs
+      - mkinitfs-doc
+      - efibootmgr

 system_bootloader_install:
  cmd.run:
-    - name: 'extlinux --install /boot'
+    - name: "grub-install --target=x86_64-efi --efi-directory=/efi"
    - require:
      - system_bootloader_pkgs
-      {% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
-      - system_bootload_gptmbr
-      {% endif %}
+
+system_bootloader_config:
+  cmd.run:
+    - name: 'grub-mkconfig -o /efi/grub/grub.cfg'
+    - require:
+      - system_bootloader_pkgs
+      - system_bootloader_install
+
+system_bootloader_mkinitfs_conf:
+  file.keyvalue:
+    - name: /etc/mkinitfs/mkinitfs.conf
+    - key_values:
+        features: '"ata base cdrom ext4 btrfs keymap kms mmc nvme raid scsi usb virtio"'
+    - separator: '='
+    - uncomment: '# '
+    - key_ignore_case: false
+    - value_ignore_case: false
+    - append_if_not_found: true
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs
+      - system_bootloader_install
+
+{% set CURRENT_SUBVOLUME_TIMESTAMP = salt['cmd.shell']('CURRENT_SUBVOLUME=$(LC_ALL=C btrfs sub show / | LC_ALL=C grep -aPom1 \'^\s*Name:\s*\K\S.*\'); TIMESTAMP_FORMAT=\'[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}_[[:digit:]]{2}-[[:digit:]]{2}-[[:digit:]]{2}\'; echo "$CURRENT_SUBVOLUME" | grep -Eo "$TIMESTAMP_FORMAT"') %}
+{% set CURRENT_SUBVOLUME_TIMESTAMP_HUMAN = salt['cmd.shell']('CURRENT_SUBVOLUME_TIMESTAMP=\'' + CURRENT_SUBVOLUME_TIMESTAMP + '\'; echo "${CURRENT_SUBVOLUME_TIMESTAMP:0:10} ${CURRENT_SUBVOLUME_TIMESTAMP:11:2}:${CURRENT_SUBVOLUME_TIMESTAMP:14:2}"') %}
+{% set KERNEL_VERSION = salt['cmd.shell']('uname -r') %}
+
+system_bootloader_os-release:
+  file.keyvalue:
+    - name: /etc/os-release
+    - key_values:
+        VERSION_ID: '"Timestamp: {{ CURRENT_SUBVOLUME_TIMESTAMP_HUMAN }} | Kernel: {{ KERNEL_VERSION }}"'
+    - separator: '='
+    - uncomment: '# '
+    - key_ignore_case: False
+    - append_if_not_found: True
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs
+
+system_bootloader_cmdline:
+  file.managed:
+    - name: /proc/cmdline
+    - source: salt://{{ tpldir }}/files/bootloader_cmdline.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: '0644'
+    - context:
+        CURRENT_SUBVOLUME_TIMESTAMP: {{ CURRENT_SUBVOLUME_TIMESTAMP }}
+    - require:
+      - system_base_pkgs
+      - system_bootloader_pkgs
--- a/system/files/bootloader_cmdline.jinja
+++ b/system/files/bootloader_cmdline.jinja
@ -0,0 +1 @@
+root="LABEL=ROOT" rootflags=subvol=@root_{{ CURRENT_SUBVOLUME_TIMESTAMP }} lockdown=confidentiality
--- a/system/init.sls
+++ b/system/init.sls
@ -1,6 +1,5 @@
 include:
  - .base
-  - .bootloader
  - .disks
  - .firewall
  - .user
				`@ -0,0 +1 @@`
				`root="LABEL=ROOT" rootflags=subvol=@root_{{ CURRENT_SUBVOLUME_TIMESTAMP }} lockdown=confidentiality`