1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is>
# SPDX-FileCopyrightText: 2022 Unikie
{ pkgs ? import <nixpkgs> {} }: pkgs.pkgsStatic.callPackage (
{ lib, stdenvNoCC, nixos, runCommand, writeReferencesToFile, s6-rc, tar2ext4
, busybox, cloud-hypervisor, cryptsetup, execline, jq, kmod
, mdevd, s6, s6-linux-init, socat, util-linuxMinimal, xorg
}:
let
inherit (lib) cleanSource cleanSourceWith concatMapStringsSep hasSuffix;
inherit (nixosAllHardware.config.hardware) firmware;
start-vm = import ../start-vm { pkgs = pkgs.pkgsStatic; };
pkgsGui = pkgs.pkgsMusl.extend (final: super: {
systemd = final.libudev-zero;
colord = super.colord.overrideAttrs ({ mesonFlags ? [], ... }: {
mesonFlags = mesonFlags ++ [
"-Dsystemd=false"
"-Dudev_rules=false"
];
});
weston = super.weston.overrideAttrs ({ mesonFlags ? [], ... }: {
mesonFlags = mesonFlags ++ [
"-Dlauncher-logind=false"
"-Dsystemd=false"
];
});
});
foot = pkgsGui.foot.override { allowPgo = false; };
packages = [
cloud-hypervisor execline jq kmod mdevd s6 s6-linux-init s6-rc socat
start-vm
(cryptsetup.override {
programs = {
cryptsetup = false;
cryptsetup-reencrypt = false;
integritysetup = false;
};
})
(busybox.override {
extraConfig = ''
CONFIG_DEPMOD n
CONFIG_FINDFS n
CONFIG_INIT n
CONFIG_INSMOD n
CONFIG_LSMOD n
CONFIG_MODINFO n
CONFIG_MODPROBE n
CONFIG_RMMOD n
'';
})
] ++ (with pkgsGui; [ foot westonLite ]);
nixosAllHardware = nixos ({ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
});
kernel = pkgs.linux_latest;
packagesSysroot = runCommand "packages-sysroot" {
nativeBuildInputs = [ xorg.lndir ];
} ''
mkdir -p $out/lib $out/usr/bin
ln -s ${concatMapStringsSep " " (p: "${p}/bin/*") packages} $out/usr/bin
for pkg in ${lib.escapeShellArgs [ pkgsGui.mesa.drivers pkgsGui.dejavu_fonts ]}; do
lndir -silent "$pkg" "$out/usr"
done
ln -s ${kernel}/lib/modules ${firmware}/lib/firmware $out/lib
# TODO: this is a hack and we should just build the util-linux
# programs we want.
# https://lore.kernel.org/util-linux/87zgrl6ufb.fsf@alyssa.is/
ln -s ${util-linuxMinimal}/bin/{findfs,lsblk} $out/usr/bin
'';
packagesTar = runCommand "packages.tar" {} ''
cd ${packagesSysroot}
tar -cf $out --sort=name --mtime=@0 --verbatim-files-from \
-T ${writeReferencesToFile packagesSysroot} .
'';
in
stdenvNoCC.mkDerivation {
name = "spectrum-rootfs";
src = cleanSourceWith {
filter = name: _type:
name != "${toString ./.}/build" && !(hasSuffix ".nix" name);
src = cleanSource ./.;
};
nativeBuildInputs = [ s6-rc tar2ext4 ];
MODULES_ALIAS = "${kernel}/lib/modules/${kernel.modDirVersion}/modules.alias";
MODULES_ORDER = "${kernel}/lib/modules/${kernel.modDirVersion}/modules.order";
PACKAGES_TAR = packagesTar;
installPhase = ''
cp build/rootfs.ext4 $out
'';
enableParallelBuilding = true;
passthru = { inherit firmware kernel nixosAllHardware; };
meta = with lib; {
license = licenses.eupl12;
platforms = platforms.linux;
};
}
) {}
|