| 24 Apr 2023 |
 @elvishjerricco:matrix.org | it's mostly the network-enabled sytemd package and its dependencies | 21:44:01 |
 @aktaboot:tchncs.de | no idea why I have tpm2-tss though | 21:44:26 |
| @aktaboot:tchncs.de | there isn't even a tpm on this laptop | 21:44:38 |
| @elvishjerricco:matrix.org | tpm stuff is currently included when luks is included at all | 21:45:08 |
| @elvishjerricco:matrix.org | we should probably make that configurable | 21:45:21 |
| @aktaboot:tchncs.de | oh 👍 | 21:45:24 |
 @lily:lily.flowers | Yeah that's another 3.8M store path | 21:45:40 |
| @aktaboot:tchncs.de | the root thing is I probably should have put 1GB on /boot which I usually do nowadays | 21:46:37 |
| @aktaboot:tchncs.de | storage is cheap | 21:46:44 |
| @elvishjerricco:matrix.org | Yea I always do 1G, except when I got a 2T SSD for one of my things and decided "fuck it, 2G ESP" :P | 21:47:29 |
| @lily:lily.flowers | Yeah I have mine at 512 MiB | 21:47:31 |
| @aktaboot:tchncs.de | thanks for the help :) ! | 21:48:10 |
| @lily:lily.flowers | Also ElvishJerricco did we ever fix initrds getting regenerated with every change in nixpkgs revision due to inclusion of that revision in /etc/initrd-release? | 21:48:13 |
| @elvishjerricco:matrix.org | Nope! I think we should just remove BUILD_ID from initrd-release though to fix it | 21:48:36 |
| @lily:lily.flowers | Same | 21:48:45 |
 @mlyx:matrix.org | 
Download image.png | 21:53:52 |
| @mlyx:matrix.org | How can I disable crypto stuff | 21:54:21 |
| @aktaboot:tchncs.de | overrides I guess | 21:55:10 |
| @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
tpm stuff is currently included when luks is included at all I think it's actually included regardless, since it checks for systemd being built with cryptsetup support at all rather than checking for luks | 21:55:18 |
| @lily:lily.flowers | (and systemdStage1 is build with cryptsetup support) | 21:55:29 |
| @lily:lily.flowers | In reply to @mlyx:matrix.org
How can I disable crypto stuff boot.initrd.systemd.package = pkgs.systemdStage1.override { withCryptsetup = false; }; I think should do it | 21:56:42 |
| @elvishjerricco:matrix.org | In reply to @elvishjerricco:matrix.org
If I build these initrds:
let
pkgs = import ./. {};
initrd = module: (pkgs.nixos {
imports = [module];
fileSystems."/".device = "dummy";
}).config.system.build.initialRamdisk;
in {
simple = initrd {};
network = initrd {
boot.initrd.network.enable = true;
boot.initrd.network.ssh.enable = true;
};
systemd-simple = initrd {
boot.initrd.systemd.enable = true;
};
systemd-network = initrd {
boot.initrd.systemd.enable = true;
boot.initrd.network.enable = true;
boot.initrd.network.ssh.enable = true;
};
}
I get these size:
- simple: 12M
- network: 13M
- systemd-simple: 15M
- systemd-network: 17M
Lily Foster: Hm but the systemd-simple case in this code does get 2M bigger when I add boot.initrd.luks.devices.foo.device = "/dummy"; | 22:00:12 |
| @aktaboot:tchncs.de | maybe we should have different override options for fido2 and tpm2 ? | 22:01:31 |
| @lily:lily.flowers | That's because systemd-cryptsetup does not get added unless luks has devices | 22:01:31 |
| @lily:lily.flowers | * That's probably because systemd-cryptsetup does not get added unless luks has devices | 22:01:35 |
| @elvishjerricco:matrix.org | ah | 22:01:38 |
| @elvishjerricco:matrix.org | ok so we need to make the condition in which tpm stuff is added smarter | 22:01:50 |
| @elvishjerricco:matrix.org | holy cow if I set boot.initrd.systemd.package = pkgs.systemdStage1 { withCryptsetup = false; }, it goes from 15M to 8.9M | 22:02:18 |
| @elvishjerricco:matrix.org | which is way smaller than the dumbest scripted initrd we can generate | 22:02:50 |
| @lily:lily.flowers | Should we add another pkgs.systemdStage1Cryptsetup or do something from the module's side? | 22:04:02 |
