]>
Commit | Line | Data |
---|---|---|
69619e0b SW |
1 | { config, lib, modulesPath, pkgs, ... }: |
2 | let | |
f78c24af | 3 | inherit (lib) |
e4f516e1 | 4 | escapeShellArg mkForce mkIf mkMerge mkOption mkVMOverride optional; |
f78c24af SW |
5 | |
6 | cfg = config.virtualisation.qemu.isolation; | |
69619e0b | 7 | |
69619e0b SW |
8 | storeMountPath = if config.virtualisation.writableStore then |
9 | "/nix/.ro-store" | |
10 | else | |
11 | "/nix/store"; | |
12 | ||
f78c24af | 13 | hostPkgs = config.virtualisation.host.pkgs; |
69619e0b | 14 | |
f78c24af SW |
15 | storeContents = |
16 | hostPkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; }; | |
68bdafb0 | 17 | |
f78c24af SW |
18 | nixStoreImages = { |
19 | ext4 = import (modulesPath + "/../lib/make-disk-image.nix") { | |
68bdafb0 | 20 | inherit pkgs config lib; |
f78c24af | 21 | additionalPaths = [ storeContents ]; |
68bdafb0 SW |
22 | onlyNixStore = true; |
23 | label = "nix-store"; | |
24 | partitionTableType = "none"; | |
25 | installBootLoader = false; | |
26 | diskSize = "auto"; | |
27 | additionalSpace = "0M"; | |
28 | copyChannel = false; | |
26efd1b6 | 29 | }; |
f78c24af SW |
30 | erofs = hostPkgs.runCommand "nix-store-image" { } '' |
31 | mkdir $out | |
32 | cd ${builtins.storeDir} | |
33 | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \ | |
34 | --force-uid=0 \ | |
35 | --force-gid=0 \ | |
36 | -L nix-store \ | |
37 | -U eb176051-bd15-49b7-9e6b-462e0b467019 \ | |
38 | -T 0 \ | |
39 | --exclude-regex="$( | |
40 | <${storeContents}/store-paths \ | |
41 | sed -e 's^.*/^^g' \ | |
42 | | cut -c -10 \ | |
43 | | ${hostPkgs.python3}/bin/python -c ${ | |
44 | escapeShellArg (builtins.readFile | |
45 | (modulesPath + "/virtualisation/includes-to-excludes.py")) | |
46 | } )" \ | |
47 | $out/nixos.img \ | |
48 | . | |
49 | ''; | |
50 | }; | |
69619e0b | 51 | |
f78c24af SW |
52 | in { |
53 | options = { | |
54 | virtualisation.qemu.isolation.nixStoreFilesystemType = mkOption { | |
55 | description = '' | |
56 | What filesystem to use for the guest's Nix store. | |
69619e0b | 57 | |
f78c24af SW |
58 | erofs is more compact than ext4, but less mature. |
59 | ''; | |
60 | type = lib.types.enum [ "ext4" "erofs" ]; | |
61 | default = "ext4"; | |
62 | }; | |
63 | }; | |
64 | config = mkMerge [ | |
65 | { | |
66 | boot.initrd.kernelModules = | |
67 | optional (cfg.nixStoreFilesystemType == "erofs") "erofs"; | |
69619e0b | 68 | |
f78c24af SW |
69 | fileSystems = mkVMOverride { |
70 | "${storeMountPath}" = { | |
f78c24af SW |
71 | fsType = cfg.nixStoreFilesystemType; |
72 | options = [ "ro" ]; | |
73 | neededForBoot = true; | |
e4f516e1 | 74 | label = "nix-store"; |
f78c24af | 75 | }; |
26efd1b6 | 76 | }; |
69619e0b | 77 | |
f78c24af SW |
78 | system.build.nixStoreImage = |
79 | nixStoreImages."${cfg.nixStoreFilesystemType}"; | |
80 | ||
81 | virtualisation = { | |
82 | ||
83 | sharedDirectories = mkForce { }; | |
84 | ||
85 | qemu.drives = [{ | |
f78c24af SW |
86 | file = "${config.system.build.nixStoreImage}/nixos.img"; |
87 | driveExtraOpts = { | |
88 | format = "raw"; | |
89 | read-only = "on"; | |
90 | werror = "report"; | |
91 | }; | |
92 | }]; | |
93 | ||
94 | }; | |
95 | } | |
96 | (mkIf (cfg.nixStoreFilesystemType == "ext4") { | |
97 | # We use this to disable fsck runs on the ext4 nix store image because stage-1 | |
98 | # fsck crashes (maybe because the device is read-only?), halting boot. | |
99 | boot.initrd.checkJournalingFS = false; | |
100 | }) | |
101 | ]; | |
26efd1b6 | 102 | } |