diff --git a/base.nix b/base.nix index 516a782..bce851a 100644 --- a/base.nix +++ b/base.nix @@ -3,6 +3,7 @@ imports = [ ./modules/filesystems.nix ./modules/generic.nix + ./modules/kernel.nix ./modules/minimize.nix ./modules/network.nix ./modules/patagia-agent.nix diff --git a/flake.lock b/flake.lock index db42797..bc6244c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,79 @@ { "nodes": { + "advisory-db": { + "flake": false, + "locked": { + "lastModified": 1727353582, + "narHash": "sha256-2csMEEOZhvowVKZNBHk1kMJqk72ZMrPj9LQYCzP6EKs=", + "owner": "rustsec", + "repo": "advisory-db", + "rev": "cb905e6e405834bdff1eb1e20c9b10edb5403889", + "type": "github" + }, + "original": { + "owner": "rustsec", + "repo": "advisory-db", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1727316705, + "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1725983898, - "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -16,9 +83,87 @@ "type": "github" } }, + "patagia-agent": { + "inputs": { + "advisory-db": "advisory-db", + "crane": "crane", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1728144622, + "narHash": "sha256-EWH6pJE0HfHdIaelizOWqArgXZ2KJo0tb4EUCnUYQrY=", + "ref": "main", + "rev": "853f7f81b60ca687685cec3c817b75abbab86077", + "revCount": 8, + "type": "git", + "url": "ssh://git@patagia.dev/patagia/patagia-agent" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@patagia.dev/patagia/patagia-agent" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "patagia-agent": "patagia-agent" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "patagia-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727490462, + "narHash": "sha256-OrrPiNBiikv9BR464XTT75FzOq7tKAvMbMi7YOKVIeg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "11a13e50debafae4ae802f1d6b8585101516dd93", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index afaee98..44c801a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,23 +2,42 @@ description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform."; inputs = { + flake-utils.url = "github:numtide/flake-utils"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + patagia-agent.url = "git+ssh://git@patagia.dev/patagia/patagia-agent?ref=main"; + patagia-agent.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = - { self, nixpkgs }: { - lib = { + self, + flake-utils, + nixpkgs, + patagia-agent, + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + + pkgs = import nixpkgs { + inherit system; + overlays = [ + (import ./overlays) + ]; + }; + # Prepare an update package for the system. mkUpdate = nixos: let config = nixos.config; - pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; in - nixos.pkgs.runCommand "update-${config.system.image.version}" + pkgs.runCommand "update-${config.system.image.version}" { - nativeBuildInputs = with pkgs; [ xz ]; + nativeBuildInputs = with pkgs; [ + erofs-utils + xz + ]; } '' mkdir -p $out @@ -33,40 +52,36 @@ nixos: let config = nixos.config; - pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; in - nixos.pkgs.runCommand "update-${config.system.image.version}" + pkgs.runCommand "update-${config.system.image.version}" { - nativeBuildInputs = with pkgs; [ qemu ]; + nativeBuildInputs = with pkgs; [ + erofs-utils + qemu + ]; } '' mkdir -p $out qemu-img convert -f raw -O qcow2 -C ${config.system.build.image}/${config.boot.uki.name}_${config.system.image.version}.raw $out/disk.qcow2 ''; - }; - - devShells.x86_64-linux.default = - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - in - pkgs.mkShell { + in + { + devShell = pkgs.mkShell { packages = [ + pkgs.erofs-utils pkgs.just - self.packages.x86_64-linux.qemu-efi + self.packages.${system}.qemu-efi ]; }; - packages.x86_64-linux = { - default = self.packages.x86_64-linux.patos_image; - patos_image = self.lib.mkInstallImage self.nixosConfigurations.patos; - patos_update = self.lib.mkUpdate self.nixosConfigurations.patos; + packages = { + default = self.packages.${system}.patos_image; + patos_image = mkInstallImage self.nixosConfigurations.${system}.patos; + patos_update = mkUpdate self.nixosConfigurations.${system}.patos; - # A helper script to run the disk images above. - qemu-efi = - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - in - pkgs.writeShellApplication { + # FIXME: only do for x86_64 + # A helper script to run the disk images above. + qemu-efi = pkgs.writeShellApplication { name = "qemu-efi"; runtimeInputs = [ pkgs.qemu_kvm ]; @@ -80,16 +95,24 @@ -serial stdio "$@" ''; }; - }; - - nixosConfigurations = { - patos = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./base.nix - ]; }; - }; - }; + nixosConfigurations = rec { + patos = nixpkgs.lib.nixosSystem { + specialArgs.pkgs = pkgs; + system = system; + modules = [ + { + _module.args = { + inherit patagia-agent; + }; + } + ./base.nix + # ./modules/patagia-agent.nix + ]; + }; + }; + + } + ); } diff --git a/modules/kernel.nix b/modules/kernel.nix new file mode 100644 index 0000000..c4136c5 --- /dev/null +++ b/modules/kernel.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + boot.kernelPackages = pkgs.linuxPackages_6_11; + boot.kernelPatches = [ + { + # name = "crashdump-config"; + patch = null; + extraConfig = '' + EROFS_FS_ZIP_ZSTD y + ''; + } + ]; +} diff --git a/modules/partitions.nix b/modules/partitions.nix index 6381f06..719674d 100644 --- a/modules/partitions.nix +++ b/modules/partitions.nix @@ -19,6 +19,14 @@ name = config.boot.uki.name; split = true; + mkfsOptions = { + erofs = [ + "-zzstd,5" # Zstd compression + "-T0" # Fixed timestamp for all files + "-Efragments,dedupe,ztailpacking" # Extended options + ]; + }; + partitions = { "esp" = { contents = { @@ -48,8 +56,8 @@ repartConfig = { Type = "linux-generic"; Label = "${config.boot.uki.name}_${config.system.image.version}"; - Format = "squashfs"; - Minimize = "off"; + Format = "erofs"; + Minimize = "best"; ReadOnly = "yes"; SizeMinBytes = "1G"; diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..5cd0449 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,8 @@ +final: prev: { + erofs-utils = prev.erofs-utils.overrideAttrs (old: { + buildInputs = old.buildInputs ++ [ prev.zstd ]; + configureFlags = old.configureFlags ++ [ + "--enable-zstd" + ]; + }); +}