patos/flake.nix

{
  description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform.";

  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs =
    {
      self,
      flake-utils,
      nixpkgs,
    }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = import nixpkgs { inherit system; };
        patosPkgs = self.packages.${system};
        version = "0.0.1";
        secureBoot = "false";
        cpuArch = "intel";
        updateUrl = "http://10.0.2.2:8000/";
      in
      {
        packages = {
          default = patosPkgs.image;
          image = pkgs.callPackage ./pkgs/image {
            inherit
              patosPkgs
              version
              updateUrl
              cpuArch
              secureBoot
              ;
          };
          rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
          initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
          kernel = pkgs.callPackage ./pkgs/kernel { };
          linux-firmware = pkgs.callPackage ./pkgs/linux-firmware { };
          glibc = pkgs.callPackage ./pkgs/glibc { };
          busybox = pkgs.callPackage ./pkgs/busybox { };
          openssl = pkgs.callPackage ./pkgs/openssl { };
          cert = pkgs.callPackage ./pkgs/cert { };
          kexec = pkgs.callPackage ./pkgs/kexec-tools { };
          lvm2 = pkgs.callPackage ./pkgs/lvm2 { };
          tpm2-tools = pkgs.callPackage ./pkgs/tpm2-tools { inherit patosPkgs; };
          tpm2-tss = pkgs.callPackage ./pkgs/tpm2-tss { };
          systemd = pkgs.callPackage ./pkgs/systemd { };
          dbus-broker = pkgs.callPackage ./pkgs/dbus-broker { };

          qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };

          debug-tools-sysext = pkgs.callPackage ./lib/make-sysext.nix {
            name = "debug-tools";
            version = "0.0.1";
            packages = [
              {
                drv = pkgs.curl;
                path = "bin/curl";
              }
              {
                drv = pkgs.bash;
                path = "bin/bash";
              }
              {
                drv = patosPkgs.glibc;
                path = "bin/ldd";
              }
              {
                drv = pkgs.keyutils;
                path = "bin/keyctl";
              }
              {
                drv = pkgs.gnutar;
                path = "bin/tar";
              }
              {
                drv = pkgs.binutils-unwrapped;
                path = "bin/strings";
              }
              {
                drv = pkgs.strace;
                path = "bin/strace";
              }
              {
                drv = patosPkgs.tpm2-tools;
                path = "bin/tpm2";
              }
              {
                drv = patosPkgs.openssl;
                path = "bin/openssl";
              }
              {
                drv = pkgs.cryptsetup;
                path = "bin/cryptsetup";
              }
              {
                drv = pkgs.cryptsetup;
                path = "bin/veritysetup";
              }
              {
                drv = pkgs.erofs-utils;
                path = "bin/mkfs.erofs";
              }
              # shared lib required for cryptsetup
              {
                drv = pkgs.popt;
                path = "lib/libpopt.so.0.0.2";
              }
              {
                drv = pkgs.popt;
                path = "lib/libpopt.so.0";
              }
              {
                drv = pkgs.popt;
                path = "lib/libpopt.so";
              }
              # shared lib required for mkfs.erofs
              {
                drv = pkgs.lz4.lib;
                path = "lib/liblz4.so.1.10.0";
              }
              {
                drv = pkgs.lz4.lib;
                path = "lib/liblz4.so.1";
              }
              {
                drv = pkgs.lz4.lib;
                path = "lib/liblz4.so";
              }
              # shared lib required for binutils
              {
                drv = pkgs.binutils-unwrapped.lib;
                path = "lib/libsframe.so.1.0.0";
              }
              {
                drv = pkgs.binutils-unwrapped.lib;
                path = "lib/libsframe.so.1";
              }
              {
                drv = pkgs.binutils-unwrapped.lib;
                path = "lib/libbfd-2.43.1.so";
              }
              {
                drv = pkgs.binutils-unwrapped.lib;
                path = "lib/libbfd.so";
              }
              # shared lib required for strace
              {
                drv = pkgs.elfutils.out;
                path = "lib/libdw-0.192.so";
              }
              {
                drv = pkgs.elfutils.out;
                path = "lib/libdw.so.1";
              }
              {
                drv = pkgs.elfutils.out;
                path = "lib/libdw.so";
              }
              {
                drv = pkgs.elfutils.out;
                path = "lib/libelf-0.192.so";
              }
              {
                drv = pkgs.elfutils.out;
                path = "lib/libelf.so.1";
              }
              {
                drv = pkgs.elfutils.out;
                path = "lib/libelf.so";
              }
            ];
          };
        };

        checks = {
          simple-test = pkgs.runCommand "simple-test" { } ''
            ${self.packages.${system}.default}/bin/my-program
            touch $out
          '';
        };

        formatter = pkgs.nixpkgs-fmt;

        devShells.default = pkgs.mkShell {
          buildInputs = with pkgs; [
            just
            nixd
            nixfmt-rfc-style
            patosPkgs.qemu-uefi-tpm
          ];
        };

      }
    );
}
PatOS is born! 2024-09-12 21:57:01 +02:00			`{`
			`description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform.";`

			`inputs = {`
WIP: Build image from scratch / without NixOS. An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs. 2025-02-13 09:28:16 +01:00			`flake-utils.url = "github:numtide/flake-utils";`
Image building take 2 We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/ 2024-11-11 23:02:38 +01:00			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
PatOS is born! 2024-09-12 21:57:01 +02:00			`};`

merge from main 2024-09-17 23:02:53 +02:00			`outputs =`
			`{`
WIP: Build image from scratch / without NixOS. An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs. 2025-02-13 09:28:16 +01:00			`self,`
			`flake-utils,`
			`nixpkgs,`
			`}:`
			`flake-utils.lib.eachDefaultSystem (`
			`system:`
			`let`
			`pkgs = import nixpkgs { inherit system; };`
chore: add dbus-broker 2025-02-20 10:40:53 +01:00			`patosPkgs = self.packages.${system};`
revert version 2025-03-20 14:01:50 +01:00			`version = "0.0.1";`
feat(image): parameter to include microcode and secureboot 2025-03-26 10:37:38 +01:00			`secureBoot = "false";`
			`cpuArch = "intel";`
fix: include uuid in sysupdate images 2025-03-19 13:21:52 +01:00			`updateUrl = "http://10.0.2.2:8000/";`
WIP: Build image from scratch / without NixOS. An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs. 2025-02-13 09:28:16 +01:00			`in`
			`{`
			`packages = {`
chore: flake nix cleanup 2025-02-25 23:08:42 +01:00			`default = patosPkgs.image;`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`image = pkgs.callPackage ./pkgs/image {`
			`inherit`
			`patosPkgs`
			`version`
			`updateUrl`
			`cpuArch`
			`secureBoot`
			`;`
			`};`
chore: clean up 2025-03-17 10:18:30 +01:00			`rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };`
			`initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };`
feat(image): install upstream kexec which now have support for UKIs 2025-02-26 14:35:58 +01:00			`kernel = pkgs.callPackage ./pkgs/kernel { };`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`linux-firmware = pkgs.callPackage ./pkgs/linux-firmware { };`
feat(image): install upstream kexec which now have support for UKIs 2025-02-26 14:35:58 +01:00			`glibc = pkgs.callPackage ./pkgs/glibc { };`
feat: generate passwd/group with systemd-sysusers 2025-03-04 21:47:19 +01:00			`busybox = pkgs.callPackage ./pkgs/busybox { };`
fix: we have to build our own openssl to use standard paths 2025-03-12 12:47:56 +01:00			`openssl = pkgs.callPackage ./pkgs/openssl { };`
chore: clean up 2025-03-17 10:18:30 +01:00			`cert = pkgs.callPackage ./pkgs/cert { };`
feat(image): install upstream kexec which now have support for UKIs 2025-02-26 14:35:58 +01:00			`kexec = pkgs.callPackage ./pkgs/kexec-tools { };`
fix(image): image need to include devicemapper setup tools and udev rules 2025-03-03 13:52:52 +01:00			`lvm2 = pkgs.callPackage ./pkgs/lvm2 { };`
fix: we need to roll our own versions of tpm2-tools and tpm2-tss 2025-02-27 08:59:01 +01:00			`tpm2-tools = pkgs.callPackage ./pkgs/tpm2-tools { inherit patosPkgs; };`
			`tpm2-tss = pkgs.callPackage ./pkgs/tpm2-tss { };`
feat(image): install upstream kexec which now have support for UKIs 2025-02-26 14:35:58 +01:00			`systemd = pkgs.callPackage ./pkgs/systemd { };`
			`dbus-broker = pkgs.callPackage ./pkgs/dbus-broker { };`
silly uki image with the systemd-ukify tooling 2025-02-17 15:15:24 +01:00
chore: add dbus-broker 2025-02-20 10:40:53 +01:00			`qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };`
chore: add lib for making systemd sysexts 2025-03-12 10:39:39 +01:00
			`debug-tools-sysext = pkgs.callPackage ./lib/make-sysext.nix {`
			`name = "debug-tools";`
			`version = "0.0.1";`
			`packages = [`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`{`
			`drv = pkgs.curl;`
			`path = "bin/curl";`
			`}`
			`{`
			`drv = pkgs.bash;`
			`path = "bin/bash";`
			`}`
			`{`
			`drv = patosPkgs.glibc;`
			`path = "bin/ldd";`
			`}`
			`{`
			`drv = pkgs.keyutils;`
			`path = "bin/keyctl";`
			`}`
			`{`
			`drv = pkgs.gnutar;`
			`path = "bin/tar";`
			`}`
			`{`
			`drv = pkgs.binutils-unwrapped;`
			`path = "bin/strings";`
			`}`
			`{`
			`drv = pkgs.strace;`
			`path = "bin/strace";`
			`}`
			`{`
			`drv = patosPkgs.tpm2-tools;`
			`path = "bin/tpm2";`
			`}`
			`{`
			`drv = patosPkgs.openssl;`
			`path = "bin/openssl";`
			`}`
			`{`
			`drv = pkgs.cryptsetup;`
			`path = "bin/cryptsetup";`
			`}`
			`{`
			`drv = pkgs.cryptsetup;`
			`path = "bin/veritysetup";`
			`}`
			`{`
			`drv = pkgs.erofs-utils;`
			`path = "bin/mkfs.erofs";`
			`}`
chore: clean up 2025-03-17 10:18:30 +01:00			`# shared lib required for cryptsetup`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`{`
			`drv = pkgs.popt;`
			`path = "lib/libpopt.so.0.0.2";`
			`}`
			`{`
			`drv = pkgs.popt;`
			`path = "lib/libpopt.so.0";`
			`}`
			`{`
			`drv = pkgs.popt;`
			`path = "lib/libpopt.so";`
			`}`
chore: clean up 2025-03-17 10:18:30 +01:00			`# shared lib required for mkfs.erofs`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`{`
			`drv = pkgs.lz4.lib;`
			`path = "lib/liblz4.so.1.10.0";`
			`}`
			`{`
			`drv = pkgs.lz4.lib;`
			`path = "lib/liblz4.so.1";`
			`}`
			`{`
			`drv = pkgs.lz4.lib;`
			`path = "lib/liblz4.so";`
			`}`
chore: clean up 2025-03-17 10:18:30 +01:00			`# shared lib required for binutils`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`{`
			`drv = pkgs.binutils-unwrapped.lib;`
			`path = "lib/libsframe.so.1.0.0";`
			`}`
			`{`
			`drv = pkgs.binutils-unwrapped.lib;`
			`path = "lib/libsframe.so.1";`
			`}`
			`{`
			`drv = pkgs.binutils-unwrapped.lib;`
			`path = "lib/libbfd-2.43.1.so";`
			`}`
			`{`
			`drv = pkgs.binutils-unwrapped.lib;`
			`path = "lib/libbfd.so";`
			`}`
chore: clean up 2025-03-17 10:18:30 +01:00			`# shared lib required for strace`
WIP: feat(linux-firmware): initial packaging of linux firmware 2025-03-28 18:58:21 +01:00			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libdw-0.192.so";`
			`}`
			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libdw.so.1";`
			`}`
			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libdw.so";`
			`}`
			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libelf-0.192.so";`
			`}`
			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libelf.so.1";`
			`}`
			`{`
			`drv = pkgs.elfutils.out;`
			`path = "lib/libelf.so";`
			`}`
chore: add lib for making systemd sysexts 2025-03-12 10:39:39 +01:00			`];`
			`};`
WIP: Build image from scratch / without NixOS. An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs. 2025-02-13 09:28:16 +01:00			`};`

			`checks = {`
			`simple-test = pkgs.runCommand "simple-test" { } ''`
			`${self.packages.${system}.default}/bin/my-program`
			`touch $out`
			`'';`
			`};`

			`formatter = pkgs.nixpkgs-fmt;`

			`devShells.default = pkgs.mkShell {`
			`buildInputs = with pkgs; [`
			`just`
			`nixd`
			`nixfmt-rfc-style`
chore: flake nix cleanup 2025-02-25 23:08:42 +01:00			`patosPkgs.qemu-uefi-tpm`
WIP: Build image from scratch / without NixOS. An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs. 2025-02-13 09:28:16 +01:00			`];`
			`};`

			`}`
			`);`
PatOS is born! 2024-09-12 21:57:01 +02:00			`}`
No results found.