Merge pull request #209156 from pwaller/issue-114594

nixos/grub: Name initrd-secrets by system, not by initrd
2025-07-13 13:40:28 +03:00 · 2023-03-12 18:50:33 +00:00 · 2023-03-12 18:50:33 +00:00 · db901673ea
commit db901673ea
parent f71d96a585 678eed323f
4 changed files with 81 additions and 6 deletions
--- a/nixos/modules/system/boot/loader/grub/install-grub.pl
+++ b/nixos/modules/system/boot/loader/grub/install-grub.pl
@ -450,8 +450,9 @@ sub addEntry {

    # Include second initrd with secrets
    if (-e -x "$path/append-initrd-secrets") {
-        my $initrdName = basename($initrd);
-        my $initrdSecretsPath = "$bootPath/kernels/$initrdName-secrets";
+        # Name the initrd secrets after the system from which they're derived.
+        my $systemName = basename(Cwd::abs_path("$path"));
+        my $initrdSecretsPath = "$bootPath/kernels/$systemName-secrets";

        mkpath(dirname($initrdSecretsPath), 0, 0755);
        my $oldUmask = umask;
@ -470,7 +471,7 @@ sub addEntry {
        if (-e $initrdSecretsPathTemp && ! -z _) {
            rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place: $!\n";
            $copied{$initrdSecretsPath} = 1;
-            $initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$initrdName-secrets";
+            $initrd .= " " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$systemName-secrets";
        } else {
            unlink $initrdSecretsPathTemp;
            rmdir dirname($initrdSecretsPathTemp);
--- a/nixos/modules/virtualisation/qemu-vm.nix
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@ -152,9 +152,11 @@ let

      ${lib.optionalString cfg.useBootLoader
      ''
-        # Create a writable copy/snapshot of the boot disk.
-        # A writable boot disk can be booted from automatically.
-        ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img"
+        if ${if !cfg.persistBootDevice then "true" else "! test -e $TMPDIR/disk.img"}; then
+          # Create a writable copy/snapshot of the boot disk.
+          # A writable boot disk can be booted from automatically.
+          ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img"
+        fi

        NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}")

@ -370,6 +372,17 @@ in
          '';
      };

+    virtualisation.persistBootDevice =
+      mkOption {
+        type = types.bool;
+        default = false;
+        description =
+          lib.mdDoc ''
+            If useBootLoader is specified, whether to recreate the boot device
+            on each instantiaton or allow it to persist.
+            '';
+      };
+
    virtualisation.emptyDiskImages =
      mkOption {
        type = types.listOf types.ints.positive;
@ -853,6 +866,8 @@ in
    # * The disks are attached in `virtualisation.qemu.drives`.
    #   Their order makes them appear as devices `a`, `b`, etc.
    # * `fileSystems."/boot"` is adjusted to be on device `b`.
+    # * The disk.img is recreated each time the VM is booted unless
+    #   virtualisation.persistBootDevice is set.

    # If `useBootLoader`, GRUB goes to the second disk, see
    # note [Disk layout with `useBootLoader`].