X-Git-Url: http://git.scottworley.com/nixos-qemu-vm-isolation/blobdiff_plain/a91e7da80da9d5987b609a20821a08ac15805065..620470ea7a1d5723b01005c0d822f6033aa2fa81:/modules/qemu-vm-isolation.nix?ds=sidebyside

diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
index 00dbac1..260e9fe 100644
--- a/modules/qemu-vm-isolation.nix
+++ b/modules/qemu-vm-isolation.nix
@@ -12,45 +12,52 @@ let
   else
     "/nix/store";
 
-in mkMerge [
-  {
-
-    boot.initrd.availableKernelModules = [ "squashfs" ];
-
-    fileSystems = mkVMOverride {
-      "${storeMountPath}" = {
-        device =
-          lookupDriveDeviceName "nixstore" config.virtualisation.qemu.drives;
-        fsType = "squashfs";
-        options = [ "ro" ];
-        neededForBoot = true;
-      };
+in {
+
+  fileSystems = mkVMOverride {
+    "${storeMountPath}" = {
+      device =
+        lookupDriveDeviceName "nixstore" config.virtualisation.qemu.drives;
+      fsType = "ext4";
+      options = [ "ro" ];
+      neededForBoot = true;
+    };
+  };
+
+  # We use this to disable fsck runs on the ext4 nix store image because stage-1
+  # fsck crashes (maybe because the device is read-only?), halting boot.
+  boot.initrd.checkJournalingFS = false;
+
+  system.build.nixStoreImage =
+    import (modulesPath + "/../lib/make-disk-image.nix") {
+      inherit pkgs config lib;
+      additionalPaths = [
+        (config.virtualisation.host.pkgs.closureInfo {
+          rootPaths = config.virtualisation.additionalPaths;
+        })
+      ];
+      onlyNixStore = true;
+      label = "nix-store";
+      partitionTableType = "none";
+      installBootLoader = false;
+      diskSize = "auto";
+      additionalSpace = "0M";
+      copyChannel = false;
     };
 
-    system.build.squashfsStore =
-      pkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
-        storeContents = config.virtualisation.additionalPaths;
-      };
-
-    virtualisation = {
+  virtualisation = {
 
-      sharedDirectories = mkForce { };
+    sharedDirectories = mkForce { };
 
-      qemu.drives = [{
-        name = "nixstore";
-        file = "${config.system.build.squashfsStore}";
-        driveExtraOpts = {
-          format = "raw";
-          read-only = "on";
-          werror = "report";
-        };
-      }];
+    qemu.drives = [{
+      name = "nixstore";
+      file = "${config.system.build.nixStoreImage}/nixos.img";
+      driveExtraOpts = {
+        format = "raw";
+        read-only = "on";
+        werror = "report";
+      };
+    }];
 
-    };
-  }
-  (mkIf (lib.version < "23.05") {
-    # This should always have been the default.
-    virtualisation.bootDevice =
-      lookupDriveDeviceName "root" config.virtualisation.qemu.drives;
-  })
-]
+  };
+}