From 4702e0dddb86e576a404f384937e41df08acd01e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= Date: Mon, 10 Feb 2025 10:49:11 +0100 Subject: [PATCH] feat(systemd): enabled sysupdated --- flake.lock | 6 +- modules/config/minimal-system.nix | 23 +++--- modules/image/updater.nix | 122 +++++++++++++++--------------- pkgs/systemd.nix | 10 --- 4 files changed, 76 insertions(+), 85 deletions(-) delete mode 100644 pkgs/systemd.nix diff --git a/flake.lock b/flake.lock index 2cb3583..6ca2bd0 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1739020877, + "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", "type": "github" }, "original": { diff --git a/modules/config/minimal-system.nix b/modules/config/minimal-system.nix index e77476b..c81d7d4 100644 --- a/modules/config/minimal-system.nix +++ b/modules/config/minimal-system.nix @@ -6,19 +6,18 @@ composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; }; qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; }; - systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; }; - # # FIXME: Revisit + refine these below in a future image minimization effort - # - # util-linux = prev.util-linux.override { - # ncursesSupport = false; - # nlsSupport = false; - # }; - # - # dbus = prev.dbus.override { - # enableSystemd = false; - # x11Support = false; - # }; + systemd = prev.systemd.overrideAttrs (oldAttrs: { + mesonFlags = oldAttrs.mesonFlags ++ [ + "-Dsysupdated=enabled" + ]; + }); + ## minimal inherit from systemd pkg, need to explicitly disable sysupdated + systemdMinimal = prev.systemdMinimal.overrideAttrs (oldAttrs: { + mesonFlags = oldAttrs.mesonFlags ++ [ + "-Dsysupdated=disabled" + ]; + }); }) ]; diff --git a/modules/image/updater.nix b/modules/image/updater.nix index f3c1226..7602cdc 100644 --- a/modules/image/updater.nix +++ b/modules/image/updater.nix @@ -17,71 +17,73 @@ { assertion = config.system.image.updates.url != null; } ]; - systemd.sysupdate.enable = true; - systemd.sysupdate.reboot.enable = lib.mkDefault true; - - systemd.sysupdate.transfers = { - "10-uki" = { - Transfer = { - Verify = "no"; - }; - Source = { - Type = "url-file"; - Path = "${config.system.image.updates.url}"; - MatchPattern = "${config.boot.uki.name}_@v.efi"; - }; - Target = { - Type = "regular-file"; - Path = "/EFI/Linux"; - PathRelativeTo = "esp"; - MatchPattern = "${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi"; - Mode = "0444"; - TriesLeft = 3; - TriesDone = 0; - InstancesMax = 2; - }; - }; - "20-root-verity" = { - Transfer = { - Verify = "no"; - }; - Source = { - Type = "url-file"; - Path = "${config.system.image.updates.url}"; - MatchPattern = "${config.system.image.id}_@v_@u.verity"; - }; - Target = { - Type = "partition"; - Path = "auto"; - MatchPattern = "verity-@v"; - MatchPartitionType = "root-verity"; - ReadOnly = 1; - }; - }; - "22-root" = { - Transfer = { - Verify = "no"; - }; - Source = { - Type = "url-file"; - Path = "${config.system.image.updates.url}"; - MatchPattern = "${config.system.image.id}_@v_@u.root"; - }; - Target = { - Type = "partition"; - Path = "auto"; - MatchPattern = "root-@v"; - MatchPartitionType = "root"; - ReadOnly = 1; - }; - }; - }; - systemd.additionalUpstreamSystemUnits = [ "systemd-bless-boot.service" "boot-complete.target" + "dbus-org.freedesktop.sysupdate1.service" + "systemd-sysupdated.service" ]; + environment.etc."sysupdate.d/10-uki.transfer" = { + text = '' + [Source] + Path=${config.system.image.updates.url} + MatchPattern=${config.boot.uki.name}_@v.efi + Type=url-file + + [Target] + InstancesMax=2 + MatchPattern=${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi + Mode=0444 + Path=/EFI/Linux + PathRelativeTo=esp + TriesDone=0 + TriesLeft=3 + Type=regular-file + + [Transfer] + Verify=no + ''; + }; + + environment.etc."sysupdate.d/20-root.transfer" = { + text = '' + [Source] + Type=url-file + Path=${config.system.image.updates.url} + MatchPattern=${config.system.image.id}_@v_@u.verity + + [Target] + Type=partition + Path=auto + MatchPattern=verity-@v + MatchPartitionType=root-verity + ReadOnly=1 + + [Transfer] + Verify=no + ''; + }; + + environment.etc."sysupdate.d/22-root.transfer" = { + text = '' + [Source] + Type=url-file + Path=${config.system.image.updates.url} + MatchPattern=${config.system.image.id}_@v_@u.root + + [Target] + Type=partition + Path=auto + MatchPattern=root-@v + MatchPartitionType=root + ReadOnly=1 + + [Transfer] + Verify=no + ''; + }; + }; } diff --git a/pkgs/systemd.nix b/pkgs/systemd.nix deleted file mode 100644 index 2d52e9a..0000000 --- a/pkgs/systemd.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ prev, ... }: - -prev.systemd.override { - withAcl = false; - withApparmor = false; - withDocumentation = false; - withRemote = false; - withShellCompletions = false; - withVmspawn = false; -}