diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
index 7134b4321630..6c26b4e0f87a 100644
--- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
+++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
@@ -208,10 +208,15 @@ def main() -> None:
if os.path.exists("@efiSysMountPoint@/loader/loader.conf"):
os.unlink("@efiSysMountPoint@/loader/loader.conf")
- if "@canTouchEfiVariables@" == "1":
- subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
- else:
- subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
+ flags = []
+
+ if "@canTouchEfiVariables@" != "1":
+ flags.append("--no-variables")
+
+ if "@graceful@" == "1":
+ flags.append("--graceful")
+
+ subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@"] + flags + ["install"])
else:
# Update bootloader to latest if needed
systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1]
diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
index ff304f570d35..0f76d7d6b24a 100644
--- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
+++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
@@ -24,7 +24,7 @@ let
configurationLimit = if cfg.configurationLimit == null then 0 else cfg.configurationLimit;
- inherit (cfg) consoleMode;
+ inherit (cfg) consoleMode graceful;
inherit (efi) efiSysMountPoint canTouchEfiVariables;
@@ -126,6 +126,22 @@ in {
'';
};
};
+
+ graceful = mkOption {
+ default = false;
+
+ type = types.bool;
+
+ description = ''
+ Invoke bootctl install with the --graceful option,
+ which ignores errors when EFI variables cannot be written or when the EFI System Partition
+ cannot be found. Currently only applies to random seed operations.
+
+ Only enable this option if systemd-boot otherwise fails to install, as the
+ scope or implication of the --graceful option may change in the future.
+ '';
+ };
+
};
config = mkIf cfg.enable {