X-Git-Url: http://git.scottworley.com/nixos-qemu-vm-isolation/blobdiff_plain/1c40de51f4927c338c3eb981d4aaeafdd6919cac..1b39c55ce550354b408a3e017f2fec88b6f20a1b:/modules/qemu-vm-isolation.nix

diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
index 69bacde..ed6800e 100644
--- a/modules/qemu-vm-isolation.nix
+++ b/modules/qemu-vm-isolation.nix
@@ -49,6 +49,15 @@ let
       }/nix-store.img";
     squashfs =
       "${hostPkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
+        squashfsTools =
+          (hostPkgs.extend (import ../overlays/squashfs-labels)).squashfsTools.overrideAttrs
+            (old: {
+              buildInputs = (old.buildInputs or [ ]) ++ [ hostPkgs.makeWrapper ];
+              postInstall = (old.postInstall or "") + ''
+                wrapProgram "$out/bin/mksquashfs" \
+                  --append-flags "-label nix-store"
+              '';
+            });
         storeContents = config.virtualisation.additionalPaths;
       }}";
   };
@@ -61,8 +70,7 @@ in {
 
         erofs is more compact than ext4, but less mature.
 
-        squashfs support currently requires a dubious kludge that results in these
-        VMs not being able to mount any other squashfs volumes besides the nix store.
+        squashfs is best, but requires patches to set the filesystem label.
       '';
       type = lib.types.enum [ "ext4" "erofs" "squashfs" ];
       default = "ext4";
@@ -74,12 +82,7 @@ in {
         optional (cfg.nixStoreFilesystemType == "erofs") "erofs";
 
       nixpkgs.overlays = optional (cfg.nixStoreFilesystemType == "squashfs")
-        (final: prev: {
-          util-linux = prev.util-linux.overrideAttrs (old: {
-            patches = (old.patches or [ ])
-              ++ [ ./libblkid-squashfs-nix-store-kludge.patch ];
-          });
-        });
+        (import ../overlays/squashfs-labels);
 
       fileSystems = mkVMOverride {
         "${storeMountPath}" = {