Put squashfs-label patch overlays in a separate file

[nixos-qemu-vm-isolation] / modules / qemu-vm-isolation.nix

diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
index 69bacde444273ae9076c4ffe1f8d8a160767259c..ed6800ef9281aeff3bb62460d78939fb4c768716 100644 (file)
--- a/modules/qemu-vm-isolation.nix
+++ b/modules/qemu-vm-isolation.nix
@@ -49,6 +49,15 @@ let
       }/nix-store.img";
     squashfs =
       "${hostPkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
+        squashfsTools =
+          (hostPkgs.extend (import ../overlays/squashfs-labels)).squashfsTools.overrideAttrs
+            (old: {
+              buildInputs = (old.buildInputs or [ ]) ++ [ hostPkgs.makeWrapper ];
+              postInstall = (old.postInstall or "") + ''
+                wrapProgram "$out/bin/mksquashfs" \
+                  --append-flags "-label nix-store"
+              '';
+            });
         storeContents = config.virtualisation.additionalPaths;
       }}";
   };
@@ -61,8 +70,7 @@ in {
 
         erofs is more compact than ext4, but less mature.
 
-        squashfs support currently requires a dubious kludge that results in these
-        VMs not being able to mount any other squashfs volumes besides the nix store.
+        squashfs is best, but requires patches to set the filesystem label.
       '';
       type = lib.types.enum [ "ext4" "erofs" "squashfs" ];
       default = "ext4";
@@ -74,12 +82,7 @@ in {
         optional (cfg.nixStoreFilesystemType == "erofs") "erofs";
 
       nixpkgs.overlays = optional (cfg.nixStoreFilesystemType == "squashfs")
-        (final: prev: {
-          util-linux = prev.util-linux.overrideAttrs (old: {
-            patches = (old.patches or [ ])
-              ++ [ ./libblkid-squashfs-nix-store-kludge.patch ];
-          });
-        });
+        (import ../overlays/squashfs-labels);
 
       fileSystems = mkVMOverride {
         "${storeMountPath}" = {