Don't require using systemd-boot to get automated firmware updates

Using systemd-boot is not a requirement for applying capsule updates. We
can make the firmware update a systemd service, which gives us the
behavior of running on every `switch-to-configuration` when the capsule
update file changes.

Author: jmbaur

README.md

@@ -129,7 +129,7 @@ Weston and sway have been tested working on Orin devices, but do not work on Xav
 ### Updating firmware from device
 Recent versions of Jetpack (>=5.1) support updating the device firmware from the device using the UEFI Capsule update mechanism.
 This can be done as a more convenient alternative to physically attaching to the device and re-running the flash script.
-These updates can be performed automatically after a `nixos-rebuild boot` if the `hardware.nvidia-jetpack.bootloader.autoUpdate` setting is set to true and systemd-boot is used.
+These updates can be performed automatically after a `nixos-rebuild boot` if the `hardware.nvidia-jetpack.bootloader.autoUpdate` setting is set to true.
 Otherwise, the instructions to apply the update manually are below.
 
 To determine if the currently running firmware matches the software, run, `ota-check-firmware`:

modules/flash-script.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, utils, ... }:
 
 # Convenience package that allows you to set options for the flash script using the NixOS module system.
 # You could do the overrides yourself if you'd prefer.
@@ -403,23 +403,28 @@ in
             }.${cfg.som}
           )) else lib.mkOptionDefault [ ];
 
-      systemd.services = lib.mkIf (cfg.flashScriptOverrides.targetBoard != null) {
-        setup-jetson-efi-variables = {
-          enable = true;
-          description = "Setup Jetson OTA UEFI variables";
-          wantedBy = [ "multi-user.target" ];
-          after = [ "opt-nvidia-esp.mount" ];
-          serviceConfig.Type = "oneshot";
-          serviceConfig.ExecStart = "${pkgs.nvidia-jetpack.otaUtils}/bin/ota-setup-efivars ${cfg.flashScriptOverrides.targetBoard}";
-        };
+      systemd.services.setup-jetson-efi-variables = lib.mkIf (cfg.flashScriptOverrides.targetBoard != null) {
+        description = "Setup Jetson OTA UEFI variables";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "opt-nvidia-esp.mount" ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.ExecStart = "${pkgs.nvidia-jetpack.otaUtils}/bin/ota-setup-efivars ${cfg.flashScriptOverrides.targetBoard}";
       };
 
-      boot.loader.systemd-boot.extraInstallCommands = lib.mkIf (cfg.firmware.autoUpdate && cfg.som != null && cfg.flashScriptOverrides.targetBoard != null) ''
-        # Jetpack 5.0 didn't expose this DMI variable,
-        if [[ ! -f /sys/devices/virtual/dmi/id/bios_version ]]; then
-          echo "Unable to determine current Jetson firmware version."
-          echo "You should reflash the firmware with the new version to ensure compatibility"
-        else
+      systemd.services.firmware-update = lib.mkIf (cfg.firmware.autoUpdate && cfg.som != null && cfg.flashScriptOverrides.targetBoard != null) {
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.nvidia-jetpack.otaUtils ];
+        after = [
+          "${utils.escapeSystemdPath config.boot.loader.efi.efiSysMountPoint}.mount"
+          "opt-nvidia-esp.mount"
+        ];
+        unitConfig = {
+          ConditionPathExists = "/sys/devices/virtual/dmi/id/bios_version";
+          # This directory is populated by ota-apply-capsule-update, don't run
+          # if we already have a capsule update present on the ESP.
+          ConditionDirectoryNotEmpty = "!${config.boot.loader.efi.efiSysMountPoint}/EFI/UpdateCapsule";
+        };
+        script = ''
           CUR_VER=$(cat /sys/devices/virtual/dmi/id/bios_version)
           NEW_VER=${pkgs.nvidia-jetpack.l4tVersion}
 
@@ -433,12 +438,12 @@ in
             # systemd service. Plus, this ota-setup-efivars will be from the
             # generation we're switching to, which can contain additional
             # fixes/improvements.
-            ${pkgs.nvidia-jetpack.otaUtils}/bin/ota-setup-efivars ${cfg.flashScriptOverrides.targetBoard}
+            ota-setup-efivars ${cfg.flashScriptOverrides.targetBoard}
 
-            ${pkgs.nvidia-jetpack.otaUtils}/bin/ota-apply-capsule-update ${config.system.build.jetsonDevicePkgs.uefiCapsuleUpdate}
+            ota-apply-capsule-update ${config.system.build.jetsonDevicePkgs.uefiCapsuleUpdate}
           fi
-        fi
-      '';
+        '';
+      };
 
       environment.systemPackages = lib.mkIf (cfg.firmware.autoUpdate && cfg.som != null && cfg.flashScriptOverrides.targetBoard != null) [
         (pkgs.writeShellScriptBin "ota-apply-capsule-update-included" ''