Patagia/patos
Patagia/patos
1
1
Code Issues4 Pull requests5 Activity

feat(systemd): enabled sysupdated

Browse source
This commit is contained in:
Lars Sjöström 2025-02-10 10:49:11 +01:00
commit 4702e0dddb
No known key found for this signature in database
4 changed files with 76 additions and 85 deletions

23
modules/config/minimal-system.nix
View file

@ -6,19 +6,18 @@
composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; };
qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; };
systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; };
# # FIXME: Revisit + refine these below in a future image minimization effort
#
# util-linux = prev.util-linux.override {
# ncursesSupport = false;
# nlsSupport = false;
# };
#
# dbus = prev.dbus.override {
# enableSystemd = false;
# x11Support = false;
# };
systemd = prev.systemd.overrideAttrs (oldAttrs: {
mesonFlags = oldAttrs.mesonFlags ++ [
"-Dsysupdated=enabled"
];
});
## minimal inherit from systemd pkg, need to explicitly disable sysupdated
systemdMinimal = prev.systemdMinimal.overrideAttrs (oldAttrs: {
mesonFlags = oldAttrs.mesonFlags ++ [
"-Dsysupdated=disabled"
];
});
})
];

122
modules/image/updater.nix
View file

@ -17,71 +17,73 @@
{ assertion = config.system.image.updates.url != null; }
];
systemd.sysupdate.enable = true;
systemd.sysupdate.reboot.enable = lib.mkDefault true;
systemd.sysupdate.transfers = {
"10-uki" = {
Transfer = {
Verify = "no";
};
Source = {
Type = "url-file";
Path = "${config.system.image.updates.url}";
MatchPattern = "${config.boot.uki.name}_@v.efi";
};
Target = {
Type = "regular-file";
Path = "/EFI/Linux";
PathRelativeTo = "esp";
MatchPattern = "${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi";
Mode = "0444";
TriesLeft = 3;
TriesDone = 0;
InstancesMax = 2;
};
};
"20-root-verity" = {
Transfer = {
Verify = "no";
};
Source = {
Type = "url-file";
Path = "${config.system.image.updates.url}";
MatchPattern = "${config.system.image.id}_@v_@u.verity";
};
Target = {
Type = "partition";
Path = "auto";
MatchPattern = "verity-@v";
MatchPartitionType = "root-verity";
ReadOnly = 1;
};
};
"22-root" = {
Transfer = {
Verify = "no";
};
Source = {
Type = "url-file";
Path = "${config.system.image.updates.url}";
MatchPattern = "${config.system.image.id}_@v_@u.root";
};
Target = {
Type = "partition";
Path = "auto";
MatchPattern = "root-@v";
MatchPartitionType = "root";
ReadOnly = 1;
};
};
};
systemd.additionalUpstreamSystemUnits = [
"systemd-bless-boot.service"
"boot-complete.target"
"dbus-org.freedesktop.sysupdate1.service"
"systemd-sysupdated.service"
];
environment.etc."sysupdate.d/10-uki.transfer" = {
text = ''
[Source]
Path=${config.system.image.updates.url}
MatchPattern=${config.boot.uki.name}_@v.efi
Type=url-file
[Target]
InstancesMax=2
MatchPattern=${config.boot.uki.name}_@v+@l-@d.efi ${config.boot.uki.name}_@v+@l.efi ${config.boot.uki.name}_@v.efi
Mode=0444
Path=/EFI/Linux
PathRelativeTo=esp
TriesDone=0
TriesLeft=3
Type=regular-file
[Transfer]
Verify=no
'';
};
environment.etc."sysupdate.d/20-root.transfer" = {
text = ''
[Source]
Type=url-file
Path=${config.system.image.updates.url}
MatchPattern=${config.system.image.id}_@v_@u.verity
[Target]
Type=partition
Path=auto
MatchPattern=verity-@v
MatchPartitionType=root-verity
ReadOnly=1
[Transfer]
Verify=no
'';
};
environment.etc."sysupdate.d/22-root.transfer" = {
text = ''
[Source]
Type=url-file
Path=${config.system.image.updates.url}
MatchPattern=${config.system.image.id}_@v_@u.root
[Target]
Type=partition
Path=auto
MatchPattern=root-@v
MatchPartitionType=root
ReadOnly=1
[Transfer]
Verify=no
'';
};
};
}