From 75ece4eb82a59aa78721d35b2f0bbf8285e1ee56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Mon, 4 Apr 2022 12:54:18 +0100
Subject: [PATCH] nixos/stage-1-systemd: Limit files to the bare necessities

---
 nixos/modules/system/boot/systemd/initrd.nix | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix
index 30bdc9a3422c..b22432294d16 100644
--- a/nixos/modules/system/boot/systemd/initrd.nix
+++ b/nixos/modules/system/boot/systemd/initrd.nix
@@ -366,12 +366,28 @@ in {
         "/sbin".source = "${initrdBinEnv}/sbin";
 
         "/etc/sysctl.d/nixos.conf".text = "kernel.modprobe = /sbin/modprobe";
+        "/etc/modprobe.d/systemd.conf".source = "${cfg.package}/lib/modprobe.d/systemd.conf";
       };
 
       storePaths = [
-        # TODO: Limit this to the bare necessities
-        "${cfg.package}/lib"
+        # systemd tooling
+        "${cfg.package}/lib/systemd/systemd-fsck"
+        "${cfg.package}/lib/systemd/systemd-growfs"
+        "${cfg.package}/lib/systemd/systemd-hibernate-resume"
+        "${cfg.package}/lib/systemd/systemd-journald"
+        "${cfg.package}/lib/systemd/systemd-makefs"
+        "${cfg.package}/lib/systemd/systemd-modules-load"
+        "${cfg.package}/lib/systemd/systemd-remount-fs"
+        "${cfg.package}/lib/systemd/systemd-sulogin-shell"
+        "${cfg.package}/lib/systemd/systemd-sysctl"
+        "${cfg.package}/lib/systemd/systemd-udevd"
+        "${cfg.package}/lib/systemd/systemd-vconsole-setup"
 
+        # additional systemd directories
+        "${cfg.package}/lib/systemd/system-generators"
+        "${cfg.package}/lib/udev"
+
+        # utilities needed by systemd
         "${cfg.package.util-linux}/bin/mount"
         "${cfg.package.util-linux}/bin/umount"
         "${cfg.package.util-linux}/bin/sulogin"