nixos/virtualization: Allow building EFI / A1 OCI images

A couple notes:
---------------

Adding invalid `console=` parameters is not an issue. Any invalid
console is unused. The kernel will use the "rightmost" (last) valid
`console=` parameter as the default output. Thus the SBBR-mandated AMA0
on A1, and ttyS0 on x86_64 as documented by Oracle.

`nvme_core.shutdown_timeout=10` was added as it was written this way in
the A1 images. Unclear whether `nvme.shutdown_timeout=10` is wrong. At
worst this is a no-op.

nixos/modules/virtualisation/oci-common.nix

@@ -1,16 +1,26 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-with lib;
+let
+  cfg = config.oci;
+in
 {
   imports = [ ../profiles/qemu-guest.nix ];
 
   # Taken from /proc/cmdline of Ubuntu 20.04.2 LTS on OCI
   boot.kernelParams = [
-    "console=tty1"
-    "console=ttyS0"
     "nvme.shutdown_timeout=10"
+    "nvme_core.shutdown_timeout=10"
     "libiscsi.debug_libiscsi_eh=1"
     "crash_kexec_post_notifiers"
+
+    # VNC console
+    "console=tty1"
+
+    # x86_64-linux
+    "console=ttyS0"
+
+    # aarch64-linux
+    "console=ttyAMA0,115200"
   ];
 
   boot.growPartition = true;
@@ -21,15 +31,23 @@ with lib;
     autoResize = true;
   };
 
+  fileSystems."/boot" = lib.mkIf cfg.efi {
+    device = "/dev/disk/by-label/ESP";
+    fsType = "vfat";
+  };
+
+  boot.loader.efi.canTouchEfiVariables = false;
   boot.loader.grub = {
     version = 2;
-    device = "/dev/sda";
+    device = if cfg.efi then "nodev" else "/dev/sda";
     splashImage = null;
     extraConfig = ''
       serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
       terminal_input --append serial
       terminal_output --append serial
     '';
+    efiInstallAsRemovable = cfg.efi;
+    efiSupport = cfg.efi;
   };
 
   # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance