X-Git-Url: http://git.scottworley.com/nixos-qemu-vm-isolation/blobdiff_plain/a8cf2d3d03781108766570266abbd631e7f0a0ab..328f87c12f4f1961a525d05ce435bfce4ab07e7c:/modules/qemu-vm-isolation.nix

diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
index a7189e5..5467f29 100644
--- a/modules/qemu-vm-isolation.nix
+++ b/modules/qemu-vm-isolation.nix
@@ -32,27 +32,34 @@ let
     erofs = "${
         hostPkgs.runCommand "nix-store-image" { } ''
           mkdir $out
-          cd ${builtins.storeDir}
-          ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
-            --force-uid=0 \
-            --force-gid=0 \
-            -L nix-store \
-            -U eb176051-bd15-49b7-9e6b-462e0b467019 \
-            -T 0 \
-            --exclude-regex="$(
-              <${storeContents}/store-paths \
-                sed -e 's^.*/^^g' \
-              | cut -c -10 \
-              | ${hostPkgs.python3}/bin/python -c ${
-                escapeShellArg (builtins.readFile
-                  (modulesPath + "/virtualisation/includes-to-excludes.py"))
-              } )" \
-            $out/nix-store.img \
-            .
+          ${hostPkgs.gnutar}/bin/tar --create \
+            --absolute-names \
+            --verbatim-files-from \
+            --transform 'flags=rSh;s|/nix/store/||' \
+            --files-from ${storeContents}/store-paths \
+            | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \
+              --force-uid=0 \
+              --force-gid=0 \
+              -L nix-store \
+              -U eb176051-bd15-49b7-9e6b-462e0b467019 \
+              -T 0 \
+              --tar=f \
+              $out/nix-store.img
         ''
       }/nix-store.img";
     squashfs =
       "${hostPkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
+        squashfsTools = hostPkgs.squashfsTools.overrideAttrs (old: {
+          # We patch in support for squashfs labels because
+          # https://github.com/NixOS/nixpkgs/pull/236656 requires filesystems to have labels and
+          # https://github.com/plougher/squashfs-tools/issues/59 squashfs doesn't support labels
+          patches = (old.patches or []) ++ [ ./squashfs-tools-label.patch ];
+          buildInputs = (old.buildInputs or []) ++ [ hostPkgs.makeWrapper ];
+          postInstall = (old.postInstall or "") + ''
+            wrapProgram "$out/bin/mksquashfs" \
+              --append-flags "-label nix-store"
+          '';
+        });
         storeContents = config.virtualisation.additionalPaths;
       }}";
   };
@@ -65,8 +72,7 @@ in {
 
         erofs is more compact than ext4, but less mature.
 
-        squashfs support currently requires a dubious kludge that results in these
-        VMs not being able to mount any other squashfs volumes besides the nix store.
+        squashfs is best, but requires patches to set the filesystem label.
       '';
       type = lib.types.enum [ "ext4" "erofs" "squashfs" ];
       default = "ext4";
@@ -80,8 +86,10 @@ in {
       nixpkgs.overlays = optional (cfg.nixStoreFilesystemType == "squashfs")
         (final: prev: {
           util-linux = prev.util-linux.overrideAttrs (old: {
-            patches = (old.patches or [ ])
-              ++ [ ./libblkid-squashfs-nix-store-kludge.patch ];
+            # We patch in support for squashfs labels because
+            # https://github.com/NixOS/nixpkgs/pull/236656 requires filesystems to have labels and
+            # https://github.com/plougher/squashfs-tools/issues/59 squashfs doesn't support labels
+            patches = (old.patches or [ ]) ++ [ ./util-linux-squashfs-label.patch ];
           });
         });