patos/flake.nix
Daniel Lundin c59ea29957
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Image building take 2
We want verity protected partitions as well as encrypted state/data along with verified boot.
This PR integrates Peter Marshall's awesome little Nixlet project as a starting point, especially the nice testing scaffolding will be super helpful! 

https://github.com/petm5/nixlet/
2024-11-14 19:52:34 +01:00

71 lines
1.9 KiB
Nix

{
description = "PatOS is a minimal, immutable Linux distribution specialized for the Patagia Platform.";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs =
{ self, nixpkgs }:
let
releaseVersion = "0.0.1";
system = "x86_64-linux";
updateUrl = "https://images.dl.patagia.dev/patos/";
pkgs = import nixpkgs { inherit system; };
in
{
nixosModules.server.imports = [
./modules/profiles/server.nix
];
nixosModules.image.imports = [
./modules
./modules/profiles/base.nix
./modules/image/disk
];
packages.${system} = {
patos =
(nixpkgs.lib.nixosSystem {
modules = [
(
{ lib, ... }:
{
nixpkgs.hostPlatform = system;
system.stateVersion = "24.05";
}
)
{
boot.kernelParams = [
"console=ttyS0"
"systemd.journald.forward_to_console"
];
system.image.updates.url = "${updateUrl}";
system.image.id = "patos";
system.image.version = releaseVersion;
}
self.nixosModules.image
self.nixosModules.server
];
}).config.system.build.updatePackage;
qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { inherit pkgs; };
};
checks.${system} = {
ssh-preseed = import ./tests/ssh-preseed.nix { inherit pkgs self; };
podman = import ./tests/podman.nix { inherit pkgs self; };
system-update = import ./tests/system-update.nix { inherit pkgs self; };
};
devShells.${system}.default = pkgs.mkShell {
buildInputs = with pkgs; [
erofs-utils
just
self.packages.${system}.qemu-uefi-tpm
squashfs-tools-ng
];
};
};
}