]> git.scottworley.com Git - nixos-qemu-vm-isolation/blobdiff - modules/qemu-vm-isolation.nix
24.11: Stop using includes-to-excludes.py
[nixos-qemu-vm-isolation] / modules / qemu-vm-isolation.nix
index bdf95e6d852f424ba6bc3264b421480769e1247a..69bacde444273ae9076c4ffe1f8d8a160767259c 100644 (file)
@@ -1,16 +1,10 @@
 { config, lib, modulesPath, pkgs, ... }:
 let
   inherit (lib)
 { config, lib, modulesPath, pkgs, ... }:
 let
   inherit (lib)
-    escapeShellArg findSingle mkForce mkIf mkMerge mkOption mkVMOverride
-    optional;
+    escapeShellArg mkForce mkIf mkMerge mkOption mkVMOverride optional;
 
   cfg = config.virtualisation.qemu.isolation;
 
 
   cfg = config.virtualisation.qemu.isolation;
 
-  lookupDriveDeviceName = driveName: driveList:
-    (findSingle (drive: drive.name == driveName)
-      (throw "Drive ${driveName} not found")
-      (throw "Multiple drives named ${driveName}") driveList).device;
-
   storeMountPath = if config.virtualisation.writableStore then
     "/nix/.ro-store"
   else
   storeMountPath = if config.virtualisation.writableStore then
     "/nix/.ro-store"
   else
@@ -22,37 +16,41 @@ let
     hostPkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; };
 
   nixStoreImages = {
     hostPkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; };
 
   nixStoreImages = {
-    ext4 = import (modulesPath + "/../lib/make-disk-image.nix") {
-      inherit pkgs config lib;
-      additionalPaths = [ storeContents ];
-      onlyNixStore = true;
-      label = "nix-store";
-      partitionTableType = "none";
-      installBootLoader = false;
-      diskSize = "auto";
-      additionalSpace = "0M";
-      copyChannel = false;
-    };
-    erofs = hostPkgs.runCommand "nix-store-image" { } ''
-      mkdir $out
-      cd ${builtins.storeDir}
-      ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
-        --force-uid=0 \
-        --force-gid=0 \
-        -L nix-store \
-        -U eb176051-bd15-49b7-9e6b-462e0b467019 \
-        -T 0 \
-        --exclude-regex="$(
-          <${storeContents}/store-paths \
-            sed -e 's^.*/^^g' \
-          | cut -c -10 \
-          | ${hostPkgs.python3}/bin/python -c ${
-            escapeShellArg (builtins.readFile
-              (modulesPath + "/virtualisation/includes-to-excludes.py"))
-          } )" \
-        $out/nixos.img \
-        .
-    '';
+    ext4 = "${
+        import (modulesPath + "/../lib/make-disk-image.nix") {
+          inherit pkgs config lib;
+          additionalPaths = [ storeContents ];
+          onlyNixStore = true;
+          label = "nix-store";
+          partitionTableType = "none";
+          installBootLoader = false;
+          diskSize = "auto";
+          additionalSpace = "0M";
+          copyChannel = false;
+        }
+      }/nixos.img";
+    erofs = "${
+        hostPkgs.runCommand "nix-store-image" { } ''
+          mkdir $out
+          ${hostPkgs.gnutar}/bin/tar --create \
+            --absolute-names \
+            --verbatim-files-from \
+            --transform 'flags=rSh;s|/nix/store/||' \
+            --files-from ${storeContents}/store-paths \
+            | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
+              --force-uid=0 \
+              --force-gid=0 \
+              -L nix-store \
+              -U eb176051-bd15-49b7-9e6b-462e0b467019 \
+              -T 0 \
+              --tar=f \
+              $out/nix-store.img
+        ''
+      }/nix-store.img";
+    squashfs =
+      "${hostPkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
+        storeContents = config.virtualisation.additionalPaths;
+      }}";
   };
 
 in {
   };
 
 in {
@@ -62,8 +60,11 @@ in {
         What filesystem to use for the guest's Nix store.
 
         erofs is more compact than ext4, but less mature.
         What filesystem to use for the guest's Nix store.
 
         erofs is more compact than ext4, but less mature.
+
+        squashfs support currently requires a dubious kludge that results in these
+        VMs not being able to mount any other squashfs volumes besides the nix store.
       '';
       '';
-      type = lib.types.enum [ "ext4" "erofs" ];
+      type = lib.types.enum [ "ext4" "erofs" "squashfs" ];
       default = "ext4";
     };
   };
       default = "ext4";
     };
   };
@@ -72,13 +73,20 @@ in {
       boot.initrd.kernelModules =
         optional (cfg.nixStoreFilesystemType == "erofs") "erofs";
 
       boot.initrd.kernelModules =
         optional (cfg.nixStoreFilesystemType == "erofs") "erofs";
 
+      nixpkgs.overlays = optional (cfg.nixStoreFilesystemType == "squashfs")
+        (final: prev: {
+          util-linux = prev.util-linux.overrideAttrs (old: {
+            patches = (old.patches or [ ])
+              ++ [ ./libblkid-squashfs-nix-store-kludge.patch ];
+          });
+        });
+
       fileSystems = mkVMOverride {
         "${storeMountPath}" = {
       fileSystems = mkVMOverride {
         "${storeMountPath}" = {
-          device =
-            lookupDriveDeviceName "nixstore" config.virtualisation.qemu.drives;
           fsType = cfg.nixStoreFilesystemType;
           options = [ "ro" ];
           neededForBoot = true;
           fsType = cfg.nixStoreFilesystemType;
           options = [ "ro" ];
           neededForBoot = true;
+          label = "nix-store";
         };
       };
 
         };
       };
 
@@ -90,8 +98,7 @@ in {
         sharedDirectories = mkForce { };
 
         qemu.drives = [{
         sharedDirectories = mkForce { };
 
         qemu.drives = [{
-          name = "nixstore";
-          file = "${config.system.build.nixStoreImage}/nixos.img";
+          file = config.system.build.nixStoreImage;
           driveExtraOpts = {
             format = "raw";
             read-only = "on";
           driveExtraOpts = {
             format = "raw";
             read-only = "on";