We want verity protected partitions as well as encrypted state/data along with verified boot. This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! ✨ https://github.com/petm5/nixlet/
This commit is contained in:
parent
da5bdb3d47
commit
c59ea29957
SSH key fingerprint:
SHA256:dQy1Xj3UiqJYpKR5ggQ2bxgz4jCH8IF+k3AB8o0kmdI
39 changed files with 1311 additions and 3272 deletions
modules/config
15
modules/config/minimal-modules.nix
Normal file
15
modules/config/minimal-modules.nix
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
boot = {
|
||||
bootspec.enable = false;
|
||||
initrd.kernelModules = config.boot.kernelModules;
|
||||
kernel.enable = false; # No kernel or modules in the rootfs
|
||||
modprobeConfig.enable = false;
|
||||
};
|
||||
|
||||
system.build = {
|
||||
inherit (config.boot.kernelPackages) kernel;
|
||||
};
|
||||
|
||||
system.modulesTree = [ config.boot.kernelPackages.kernel ] ++ config.boot.extraModulePackages;
|
||||
}
|
||||
26
modules/config/minimal-system.nix
Normal file
26
modules/config/minimal-system.nix
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{ ... }:
|
||||
{
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
|
||||
composefs = final.callPackage ../../pkgs/composefs.nix { inherit prev; };
|
||||
qemu_tiny = final.callPackage ../../pkgs/qemu.nix { inherit prev; };
|
||||
systemdUkify = final.callPackage ../../pkgs/systemd-ukify.nix { inherit prev; };
|
||||
|
||||
# # FIXME: Revisit + refine these below in a future image minimization effort
|
||||
#
|
||||
# util-linux = prev.util-linux.override {
|
||||
# ncursesSupport = false;
|
||||
# nlsSupport = false;
|
||||
# };
|
||||
#
|
||||
# dbus = prev.dbus.override {
|
||||
# enableSystemd = false;
|
||||
# x11Support = false;
|
||||
# };
|
||||
|
||||
})
|
||||
];
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue