Put squashfs-label patch overlays in a separate file

[nixos-qemu-vm-isolation] / modules / qemu-vm-isolation.nix

diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
index a7189e56a02ce64b89e96e2fa80ef4d93a72e821..ed6800ef9281aeff3bb62460d78939fb4c768716 100644 (file)
--- a/modules/qemu-vm-isolation.nix
+++ b/modules/qemu-vm-isolation.nix
@@ -32,27 +32,32 @@ let
     erofs = "${
         hostPkgs.runCommand "nix-store-image" { } ''
           mkdir $out
-          cd ${builtins.storeDir}
-          ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
-            --force-uid=0 \
-            --force-gid=0 \
-            -L nix-store \
-            -U eb176051-bd15-49b7-9e6b-462e0b467019 \
-            -T 0 \
-            --exclude-regex="$(
-              <${storeContents}/store-paths \
-                sed -e 's^.*/^^g' \
-              | cut -c -10 \
-              | ${hostPkgs.python3}/bin/python -c ${
-                escapeShellArg (builtins.readFile
-                  (modulesPath + "/virtualisation/includes-to-excludes.py"))
-              } )" \
-            $out/nix-store.img \
-            .
+          ${hostPkgs.gnutar}/bin/tar --create \
+            --absolute-names \
+            --verbatim-files-from \
+            --transform 'flags=rSh;s|/nix/store/||' \
+            --files-from ${storeContents}/store-paths \
+            | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
+              --force-uid=0 \
+              --force-gid=0 \
+              -L nix-store \
+              -U eb176051-bd15-49b7-9e6b-462e0b467019 \
+              -T 0 \
+              --tar=f \
+              $out/nix-store.img
         ''
       }/nix-store.img";
     squashfs =
       "${hostPkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
+        squashfsTools =
+          (hostPkgs.extend (import ../overlays/squashfs-labels)).squashfsTools.overrideAttrs
+            (old: {
+              buildInputs = (old.buildInputs or [ ]) ++ [ hostPkgs.makeWrapper ];
+              postInstall = (old.postInstall or "") + ''
+                wrapProgram "$out/bin/mksquashfs" \
+                  --append-flags "-label nix-store"
+              '';
+            });
         storeContents = config.virtualisation.additionalPaths;
       }}";
   };
@@ -65,8 +70,7 @@ in {
 
         erofs is more compact than ext4, but less mature.
 
-        squashfs support currently requires a dubious kludge that results in these
-        VMs not being able to mount any other squashfs volumes besides the nix store.
+        squashfs is best, but requires patches to set the filesystem label.
       '';
       type = lib.types.enum [ "ext4" "erofs" "squashfs" ];
       default = "ext4";
@@ -78,12 +82,7 @@ in {
         optional (cfg.nixStoreFilesystemType == "erofs") "erofs";
 
       nixpkgs.overlays = optional (cfg.nixStoreFilesystemType == "squashfs")
-        (final: prev: {
-          util-linux = prev.util-linux.overrideAttrs (old: {
-            patches = (old.patches or [ ])
-              ++ [ ./libblkid-squashfs-nix-store-kludge.patch ];
-          });
-        });
+        (import ../overlays/squashfs-labels);
 
       fileSystems = mkVMOverride {
         "${storeMountPath}" = {