From: Scott Worley Date: Fri, 21 Jul 2023 07:40:51 +0000 (-0700) Subject: squashfs -> ext4, which makes images ~5x larger. :( X-Git-Url: http://git.scottworley.com/nixos-qemu-vm-isolation/commitdiff_plain/68bdafb07183ce95311038842731769028f55712?ds=inline squashfs -> ext4, which makes images ~5x larger. :( https://github.com/NixOS/nixpkgs/pull/236656 changed NixOS's qemu-vm disk-finding mechanism to use filesystem labels. squashfs doesn't support filesystem labels (see https://github.com/plougher/squashfs-tools/issues/59 ). So we can't use squashfs anymore. :( The simple test's nix store image is 240M as squashfs and 1.3G as ext4. --- diff --git a/README.md b/README.md index ec9ba70..6a6fb43 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ Isolate NixOS QEMU VMs from each other and from the host by using a -squashfs for the VM's /nix/store that contains only the VM's dependencies +private /nix/store image that contains only the VM's dependencies (like the installer has) rather than a virtio mount of the host's entire /nix/store. diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix index ad586ec..260e9fe 100644 --- a/modules/qemu-vm-isolation.nix +++ b/modules/qemu-vm-isolation.nix @@ -14,21 +14,35 @@ let in { - boot.initrd.availableKernelModules = [ "squashfs" ]; - fileSystems = mkVMOverride { "${storeMountPath}" = { device = lookupDriveDeviceName "nixstore" config.virtualisation.qemu.drives; - fsType = "squashfs"; + fsType = "ext4"; options = [ "ro" ]; neededForBoot = true; }; }; - system.build.squashfsStore = - pkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") { - storeContents = config.virtualisation.additionalPaths; + # We use this to disable fsck runs on the ext4 nix store image because stage-1 + # fsck crashes (maybe because the device is read-only?), halting boot. + boot.initrd.checkJournalingFS = false; + + system.build.nixStoreImage = + import (modulesPath + "/../lib/make-disk-image.nix") { + inherit pkgs config lib; + additionalPaths = [ + (config.virtualisation.host.pkgs.closureInfo { + rootPaths = config.virtualisation.additionalPaths; + }) + ]; + onlyNixStore = true; + label = "nix-store"; + partitionTableType = "none"; + installBootLoader = false; + diskSize = "auto"; + additionalSpace = "0M"; + copyChannel = false; }; virtualisation = { @@ -37,7 +51,7 @@ in { qemu.drives = [{ name = "nixstore"; - file = "${config.system.build.squashfsStore}"; + file = "${config.system.build.nixStoreImage}/nixos.img"; driveExtraOpts = { format = "raw"; read-only = "on";