| 24 Apr 2023 |
 @elvishjerricco:matrix.org | Nope! I think we should just remove BUILD_ID from initrd-release though to fix it | 21:48:36 |
 @lily:lily.flowers | Same | 21:48:45 |
 @mlyx:matrix.org | 
Download image.png | 21:53:52 |
| @mlyx:matrix.org | How can I disable crypto stuff | 21:54:21 |
 @aktaboot:tchncs.de | overrides I guess | 21:55:10 |
| @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
tpm stuff is currently included when luks is included at all I think it's actually included regardless, since it checks for systemd being built with cryptsetup support at all rather than checking for luks | 21:55:18 |
| @lily:lily.flowers | (and systemdStage1 is build with cryptsetup support) | 21:55:29 |
| @lily:lily.flowers | In reply to @mlyx:matrix.org
How can I disable crypto stuff boot.initrd.systemd.package = pkgs.systemdStage1.override { withCryptsetup = false; }; I think should do it | 21:56:42 |
| @elvishjerricco:matrix.org | In reply to @elvishjerricco:matrix.org
If I build these initrds:
let
pkgs = import ./. {};
initrd = module: (pkgs.nixos {
imports = [module];
fileSystems."/".device = "dummy";
}).config.system.build.initialRamdisk;
in {
simple = initrd {};
network = initrd {
boot.initrd.network.enable = true;
boot.initrd.network.ssh.enable = true;
};
systemd-simple = initrd {
boot.initrd.systemd.enable = true;
};
systemd-network = initrd {
boot.initrd.systemd.enable = true;
boot.initrd.network.enable = true;
boot.initrd.network.ssh.enable = true;
};
}
I get these size:
- simple: 12M
- network: 13M
- systemd-simple: 15M
- systemd-network: 17M
Lily Foster: Hm but the systemd-simple case in this code does get 2M bigger when I add boot.initrd.luks.devices.foo.device = "/dummy"; | 22:00:12 |
| @aktaboot:tchncs.de | maybe we should have different override options for fido2 and tpm2 ? | 22:01:31 |
| @lily:lily.flowers | That's because systemd-cryptsetup does not get added unless luks has devices | 22:01:31 |
| @lily:lily.flowers | * That's probably because systemd-cryptsetup does not get added unless luks has devices | 22:01:35 |
| @elvishjerricco:matrix.org | ah | 22:01:38 |
| @elvishjerricco:matrix.org | ok so we need to make the condition in which tpm stuff is added smarter | 22:01:50 |
| @elvishjerricco:matrix.org | holy cow if I set boot.initrd.systemd.package = pkgs.systemdStage1 { withCryptsetup = false; }, it goes from 15M to 8.9M | 22:02:18 |
| @elvishjerricco:matrix.org | which is way smaller than the dumbest scripted initrd we can generate | 22:02:50 |
| @lily:lily.flowers | Should we add another pkgs.systemdStage1Cryptsetup or do something from the module's side? | 22:04:02 |
| @aktaboot:tchncs.de | where does the withCruptsetup come from ? | 22:04:13 |
| @elvishjerricco:matrix.org | I think at this point we need a feature matrix system | 22:04:15 |
| @lily:lily.flowers | (since obviously adding more combinations, like systemdStage1NetworkCryptsetup would be kinda dumb) | 22:04:19 |
| @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
I think at this point we need a feature matrix system Yeah that was my thought | 22:04:25 |
| @elvishjerricco:matrix.org | aktaboot: it's from where systemdStage1 is defined in all-packages.nix | 22:04:42 |
| @elvishjerricco:matrix.org | Lily Foster: Yea I think we should turn the with* things into nix options and then cache the most common configurations | 22:05:00 |
| @elvishjerricco:matrix.org | * Lily Foster: Yea I think we should turn some of the with* things into nix options and then cache the most common configurations | 22:05:18 |
| @lily:lily.flowers | Yeah, I'll agree to that | 22:05:59 |
| @elvishjerricco:matrix.org | or... hm... Actually, just using pkgs.systemd is barely bigger than the current systemdStage1. So maybe we have a minimal and we have a full | 22:06:11 |
| @elvishjerricco:matrix.org | and leave it at that | 22:06:14 |
| @lily:lily.flowers | How barely? I'd be okay with just replacing systemdStage1 and systemdStage1Network with just systemd if the size difference is minimal (like within a megabyte or so) | 22:07:22 |
| @elvishjerricco:matrix.org | It is within a megabyte | 22:07:34 |
| @lily:lily.flowers | Yeah, no reason to keep the separation then I guess | 22:07:53 |
