feat(systemd): enabled sysupdated

2025-02-10 10:49:11 +01:00 · 2025-02-10 10:49:11 +01:00 · 4702e0dddb
commit 4702e0dddb
parent da048fc28d
4 changed files with 76 additions and 85 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1737469691,
-        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
+        "lastModified": 1739020877,
+        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
+        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
        "type": "github"
      },
      "original": {
--- a/modules/config/minimal-system.nix
+++ b/modules/config/minimal-system.nix
@ -6,19 +6,18 @@

      composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; };
      qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; };
-      systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; };

-    # # FIXME: Revisit + refine these below in a future image minimization effort
-    #
-    # util-linux = prev.util-linux.override {
-    #   ncursesSupport = false;
-    #   nlsSupport = false;
-    # };
-    #
-    # dbus = prev.dbus.override {
-    #   enableSystemd = false;
-    #   x11Support = false;
-    # };
+      systemd = prev.systemd.overrideAttrs (oldAttrs: {
+        mesonFlags = oldAttrs.mesonFlags ++ [
+          "-Dsysupdated=enabled"
+        ];
+      });
+      ## minimal inherit from systemd pkg, need to explicitly disable sysupdated
+      systemdMinimal = prev.systemdMinimal.overrideAttrs (oldAttrs: {
+        mesonFlags = oldAttrs.mesonFlags ++ [
+          "-Dsysupdated=disabled"
+        ];
+      });

    })
  ];
--- a/modules/image/updater.nix
+++ b/modules/image/updater.nix
@ -17,71 +17,73 @@
      { assertion = config.system.image.updates.url != null; }
    ];

-    systemd.sysupdate.enable = true;
-    systemd.sysupdate.reboot.enable = lib.mkDefault true;
-
-    systemd.sysupdate.transfers = {
-      "10-uki" = {
-        Transfer = {
-          Verify = "no";
-        };
-        Source = {
-          Type = "url-file";
-          Path = "${config.system.image.updates.url}";
-          MatchPattern = "${config.boot.uki.name}_@v.efi";
-        };
-        Target = {
-          Type = "regular-file";
-          Path = "/EFI/Linux";
-          PathRelativeTo = "esp";
-          MatchPattern = "${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi";
-          Mode = "0444";
-          TriesLeft = 3;
-          TriesDone = 0;
-          InstancesMax = 2;
-        };
-      };
-      "20-root-verity" = {
-        Transfer = {
-          Verify = "no";
-        };
-        Source = {
-          Type = "url-file";
-          Path = "${config.system.image.updates.url}";
-          MatchPattern = "${config.system.image.id}_@v_@u.verity";
-        };
-        Target = {
-          Type = "partition";
-          Path = "auto";
-          MatchPattern = "verity-@v";
-          MatchPartitionType = "root-verity";
-          ReadOnly = 1;
-        };
-      };
-      "22-root" = {
-        Transfer = {
-          Verify = "no";
-        };
-        Source = {
-          Type = "url-file";
-          Path = "${config.system.image.updates.url}";
-          MatchPattern = "${config.system.image.id}_@v_@u.root";
-        };
-        Target = {
-          Type = "partition";
-          Path = "auto";
-          MatchPattern = "root-@v";
-          MatchPartitionType = "root";
-          ReadOnly = 1;
-        };
-      };
-    };
-
    systemd.additionalUpstreamSystemUnits = [
      "systemd-bless-boot.service"
      "boot-complete.target"
+      "dbus-org.freedesktop.sysupdate1.service"
+      "systemd-sysupdated.service"
    ];

+    environment.etc."sysupdate.d/10-uki.transfer" = {
+      text = ''
+        [Source]
+        Path=${config.system.image.updates.url}
+        MatchPattern=${config.boot.uki.name}_@v.efi
+        Type=url-file
+
+        [Target]
+        InstancesMax=2
+        MatchPattern=${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi
+        Mode=0444
+        Path=/EFI/Linux
+        PathRelativeTo=esp
+        TriesDone=0
+        TriesLeft=3
+        Type=regular-file
+
+        [Transfer]
+        Verify=no
+        '';
+    };
+
+    environment.etc."sysupdate.d/20-root.transfer" = {
+      text = ''
+        [Source]
+        Type=url-file
+        Path=${config.system.image.updates.url}
+        MatchPattern=${config.system.image.id}_@v_@u.verity
+
+        [Target]
+        Type=partition
+        Path=auto
+        MatchPattern=verity-@v
+        MatchPartitionType=root-verity
+        ReadOnly=1
+
+        [Transfer]
+        Verify=no
+        '';
+    };
+
+    environment.etc."sysupdate.d/22-root.transfer" = {
+      text = ''
+        [Source]
+        Type=url-file
+        Path=${config.system.image.updates.url}
+        MatchPattern=${config.system.image.id}_@v_@u.root
+
+        [Target]
+        Type=partition
+        Path=auto
+        MatchPattern=root-@v
+        MatchPartitionType=root
+        ReadOnly=1
+
+        [Transfer]
+        Verify=no
+        '';
+    };
+
  };

 }
--- a/pkgs/systemd.nix
+++ b/pkgs/systemd.nix
@ -1,10 +0,0 @@
-{ prev, ... }:
-
-prev.systemd.override {
-  withAcl = false;
-  withApparmor = false;
-  withDocumentation = false;
-  withRemote = false;
-  withShellCompletions = false;
-  withVmspawn = false;
-}