241 lines
7.6 KiB
Nix
241 lines
7.6 KiB
Nix
{ pkgs, nixpkgs }:
|
|
|
|
let
|
|
sys = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
({ pkgs, config, lib, ... }: {
|
|
# dein komplettes NixOS-Modul bleibt unverändert …
|
|
config = let
|
|
path = pkgs.lib.makeBinPath config.boot.initrd.systemd.initrdBin;
|
|
in
|
|
{
|
|
console.keyMap = "neo";
|
|
|
|
fileSystems."/" = {
|
|
fsType = "tmpfs";
|
|
options = [ "mode=0755" ];
|
|
};
|
|
|
|
systemd.repart.partitions = {
|
|
"10-esp" = {
|
|
Type = "esp";
|
|
SizeMinBytes = "1G";
|
|
SizeMaxBytes = "1G";
|
|
};
|
|
"20-btrfs" = {
|
|
Type = "linux-generic";
|
|
};
|
|
};
|
|
|
|
boot.loader.grub.enable = false;
|
|
boot.initrd = {
|
|
availableKernelModules = [
|
|
"ahci"
|
|
"ata_piix"
|
|
"nvme"
|
|
"pata_marvell"
|
|
"sata_nv"
|
|
"sata_sis"
|
|
"sata_uli"
|
|
"sata_via"
|
|
"scsi_mod"
|
|
"sd_mod"
|
|
"sg"
|
|
"virtio_blk"
|
|
"virtio_pci"
|
|
"virtio_scsi"
|
|
"virtio_net"
|
|
"qxl"
|
|
];
|
|
kernelModules = [
|
|
"loop"
|
|
"btrfs"
|
|
"zram"
|
|
];
|
|
systemd = {
|
|
enable = true;
|
|
repart = {
|
|
enable = true;
|
|
empty = "require";
|
|
#empty = "force";
|
|
device = "/dev/vda";
|
|
discard = true;
|
|
};
|
|
root = "fstab";
|
|
|
|
initrdBin = [
|
|
pkgs.btrfs-progs
|
|
pkgs.nixStatic
|
|
pkgs.systemd
|
|
pkgs.util-linux
|
|
pkgs.git
|
|
];
|
|
|
|
storePaths = [
|
|
{
|
|
source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
target = "/etc/ssl/certs/ca-bundle.crt";
|
|
}
|
|
{
|
|
source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
target = "/etc/ssl/certs/ca-certificates.crt";
|
|
}
|
|
{
|
|
source = "${pkgs.ncurses}/share/terminfo";
|
|
target = "/run/current-system/sw/share/terminfo";
|
|
}
|
|
{
|
|
source = pkgs.writeText "nix.conf" ''
|
|
experimental-features = nix-command flakes
|
|
download-buffer-size = 536870912
|
|
max-jobs = 1
|
|
build-users-group =
|
|
sandbox = true
|
|
'';
|
|
target = "/etc/nix/nix.conf";
|
|
}
|
|
pkgs.git
|
|
];
|
|
|
|
network = {
|
|
enable = true;
|
|
wait-online.enable = true;
|
|
networks."10-lan" = {
|
|
enable = true;
|
|
matchConfig.Name = "enp1s0";
|
|
address = [ "192.168.122.110/24" ];
|
|
gateway = [ "192.168.122.1" ];
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
};
|
|
|
|
mounts = [
|
|
{
|
|
type = "btrfs";
|
|
what = "/dev/vda2";
|
|
where = "/sysroot/nix";
|
|
options = "nodev,noatime,compress-force=zstd:1,discard=async,subvol=@nix";
|
|
before = [ "initrd-root-fs.target" ];
|
|
}
|
|
{
|
|
type = "btrfs";
|
|
what = "/dev/vda2";
|
|
where = "/sysroot/root";
|
|
options = "nodev,noatime,compress-force=zstd:1,discard=async,subvol=@root";
|
|
before = [ "initrd-root-fs.target" ];
|
|
}
|
|
];
|
|
|
|
services = {
|
|
initrd-parse-etc = {
|
|
after = ["initrd-find-nixos-closure.service"];
|
|
};
|
|
|
|
systemd-tmpfiles-setup-sysroot = {
|
|
after = ["initrd-find-nixos-closure.service"];
|
|
unitConfig.RequiresMountsFor = lib.mkForce ["/sysroot" "/sysroot/nix" ];
|
|
};
|
|
|
|
zramswap = {
|
|
description = "Create zram swap";
|
|
before = ["initrd-find-nixos-closure.service"];
|
|
script = ''
|
|
export PATH="$PATH:${path}"
|
|
mem_total_kb=$(sed -n -r 's/^MemTotal:\s*([0-9]*) kB$/\1/p' /proc/meminfo)
|
|
zramctl /dev/zram0 --algorithm zstd --size "$((mem_total_kb / 10 * 6))KiB"
|
|
mkswap -U clear /dev/zram0
|
|
swapon --discard --priority 100 /dev/zram0
|
|
'';
|
|
};
|
|
|
|
emergency.serviceConfig.AmbientCapabilities = "~";
|
|
|
|
initrd-find-nixos-closure = {
|
|
description = lib.mkForce "Build NixOS closure";
|
|
after = [ "dbus.service" ];
|
|
bindsTo = ["initrd-root-fs.target"];
|
|
requires = [ "dbus.service" ];
|
|
unitConfig.RequiresMountsFor = lib.mkForce ["/sysroot/nix" "/sysroot/root"];
|
|
serviceConfig = {
|
|
KillMode = "process";
|
|
RemainAfterExit = true;
|
|
StandardOutput = "tty";
|
|
TTYPath = "/dev/tty1";
|
|
};
|
|
script = lib.mkForce ''
|
|
export PATH="$PATH:${path}"
|
|
set -e
|
|
|
|
export HOME=~
|
|
mount --bind /sysroot/root "$HOME"
|
|
|
|
# Figure out what closure to boot
|
|
closure=
|
|
for o in $(< /proc/cmdline); do
|
|
case $o in
|
|
init=*)
|
|
closure="$(echo "$o" | cut -d= -f 2-)"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Sanity check
|
|
if [ -z "''${closure:-}" ]; then
|
|
echo 'No init= parameter on the kernel command line' >&2
|
|
exit 1
|
|
fi
|
|
|
|
nix build \
|
|
-o /sysroot/nixos-closure \
|
|
--store /sysroot \
|
|
--refresh \
|
|
"$closure"
|
|
|
|
umount "$HOME"
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
})
|
|
];
|
|
};
|
|
|
|
run-pixiecore = let
|
|
inherit (sys.config.system) build;
|
|
inherit (sys) pkgs;
|
|
inherit (pkgs) lib;
|
|
kernel = pkgs.linux.overrideAttrs (old: {
|
|
patches = old.patches ++ [./0001-mnt-add-support-for-non-rootfs-initramfs.patch];
|
|
});
|
|
kernelImage = "${kernel}/bzImage";
|
|
initrd = "${build.initialRamdisk}/initrd";
|
|
cmdLine = lib.strings.concatStringsSep " " [
|
|
"loglevel=4"
|
|
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
|
|
"rd.systemd.debug_shell"
|
|
"nonroot_initramfs"
|
|
"init=git+https://git.jalr.de/jalr/nixos-configuration.git?ref=vm#nixosConfigurations.vm.config.system.build.toplevel"
|
|
];
|
|
in (
|
|
pkgs.writeShellApplication {
|
|
name = "pixiecore";
|
|
runtimeInputs = [ pkgs.pixiecore ];
|
|
text = lib.strings.concatStringsSep " " [
|
|
"exec ${pkgs.pixiecore}/bin/pixiecore"
|
|
"boot ${kernelImage} ${initrd}"
|
|
"--cmdline '${cmdLine}'"
|
|
"--debug"
|
|
"--dhcp-no-bind"
|
|
"--port 64172"
|
|
"--status-port 64172"
|
|
''"$@"''
|
|
];
|
|
}
|
|
).overrideAttrs (old: {
|
|
meta.mainProgram = "pixiecore";
|
|
});
|
|
in
|
|
run-pixiecore
|