From a4d0e10cc4fd0df9ba0dff3fbb6c54b4d62e2d66 Mon Sep 17 00:00:00 2001 From: Daniel Lundin Date: Thu, 14 Nov 2024 20:06:23 +0100 Subject: [PATCH] chore: cleanup --- modules/image/disk/:w | 128 ------------------------------------------ overlays/default.nix | 21 ------- 2 files changed, 149 deletions(-) delete mode 100644 modules/image/disk/:w delete mode 100644 overlays/default.nix diff --git a/modules/image/disk/:w b/modules/image/disk/:w deleted file mode 100644 index 2862e18..0000000 --- a/modules/image/disk/:w +++ /dev/null @@ -1,128 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - - imports = [ - ./updater.nix - ./ssh.nix - ./builder.nix - ./veritysetup.nix - ]; - - system.build.updatePackage = pkgs.runCommand "update-package" { } '' - mkdir "$out" - cd "$out" - cp "${config.system.build.image}"/* . - ${pkgs.coreutils}/bin/sha256sum * > SHA256SUMS - ''; - - boot.initrd.systemd.enable = true; - - boot.initrd.systemd.repart.enable = true; - systemd.repart.partitions = { - "10-esp" = { - Type = "esp"; - Format = "vfat"; - SizeMinBytes = "96M"; - SizeMaxBytes = "96M"; - }; - "20-root-verity-a" = { - Type = "root-verity"; - SizeMinBytes = "64M"; - SizeMaxBytes = "64M"; - }; - "22-root-a" = { - Type = "root"; - SizeMinBytes = "512M"; - SizeMaxBytes = "512M"; - }; - "30-root-verity-b" = { - Type = "root-verity"; - SizeMinBytes = "64M"; - SizeMaxBytes = "64M"; - Label = "_empty"; - ReadOnly = 1; - }; - "32-root-b" = { - Type = "root"; - SizeMinBytes = "512M"; - SizeMaxBytes = "512M"; - Label = "_empty"; - ReadOnly = 1; - }; - "40-home" = { - Type = "home"; - Format = "btrfs"; - SizeMinBytes = "512M"; - Encrypt = "tpm2"; - }; - }; - - boot.initrd.compressor = "zstd"; - boot.initrd.compressorArgs = [ "-8" ]; - - boot.loader.grub.enable = false; - - boot.initrd.luks.forceLuksSupportInInitrd = true; - boot.initrd.kernelModules = [ - "dm_mod" - "dm_crypt" - ] ++ config.boot.initrd.luks.cryptoModules; - - boot.initrd.supportedFilesystems = { - btrfs = true; - erofs = true; - }; - - system.etc.overlay.mutable = false; - users.mutableUsers = false; - - boot.initrd.systemd.services.systemd-repart.after = lib.mkForce [ "sysroot.mount" ]; - boot.initrd.systemd.services.systemd-repart.requires = [ "sysroot.mount" ]; - - boot.kernelParams = [ - "rootfstype=erofs" - "rootflags=ro" - "roothash=${config.system.build.verityRootHash}" - ]; - - fileSystems."/var" = { - fsType = "tmpfs"; - options = [ "mode=0755" ]; - }; - - # Required to mount the efi partition - boot.kernelModules = [ - "vfat" - "nls_cp437" - "nls_iso8859-1" - ]; - - # Store SSH host keys on /home since /etc is read-only - services.openssh.hostKeys = [ - { - path = "/home/.ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - - environment.etc."machine-id" = { - text = ""; - mode = "0755"; - }; - - boot.initrd.systemd.services.systemd-repart.serviceConfig.Environment = [ - "SYSTEMD_REPART_MKFS_OPTIONS_BTRFS=--nodiscard" - ]; - - # Refuse to boot on mount failure - systemd.targets."sysinit".requires = [ "local-fs.target" ]; - - # Make sure home gets mounted - systemd.targets."local-fs".requires = [ "home.mount" ]; - -} diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index 31634f8..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -final: prev: { - # Build mkfs.erofs with zstd support - erofs-utils = prev.erofs-utils.overrideAttrs (old: { - buildInputs = old.buildInputs ++ [ prev.zstd ]; - configureFlags = old.configureFlags ++ [ - "--enable-multithreading" - "--enable-zstd" - ]; - }); - - ## FIXME: Revisit + refine these below in a future image minimization effort - - # util-linux = prev.util-linux.override { - # ncursesSupport = false; - # nlsSupport = false; - # }; - # - # dbus = prev.dbus.override { - # x11Support = false; - # }; -}