332 lines
10 KiB
Nix
332 lines
10 KiB
Nix
# This module exposes options to build a disk image with a GUID Partition Table
|
|
# (GPT). It uses systemd-repart to build the image.
|
|
|
|
{ config, pkgs, lib, utils, ... }:
|
|
|
|
let
|
|
cfg = config.image.repart;
|
|
|
|
inherit (utils.systemdUtils.lib) GPTMaxLabelLength;
|
|
|
|
partitionOptions = {
|
|
options = {
|
|
storePaths = lib.mkOption {
|
|
type = with lib.types; listOf path;
|
|
default = [ ];
|
|
description = "The store paths to include in the partition.";
|
|
};
|
|
|
|
stripNixStorePrefix = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to strip `/nix/store/` from the store paths. This is useful
|
|
when you want to build a partition that only contains store paths and
|
|
is mounted under `/nix/store`.
|
|
'';
|
|
};
|
|
|
|
contents = lib.mkOption {
|
|
type = with lib.types; attrsOf (submodule {
|
|
options = {
|
|
source = lib.mkOption {
|
|
type = types.path;
|
|
description = "Path of the source file.";
|
|
};
|
|
};
|
|
});
|
|
default = { };
|
|
example = lib.literalExpression ''
|
|
{
|
|
"/EFI/BOOT/BOOTX64.EFI".source =
|
|
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
|
|
|
|
"/loader/entries/nixos.conf".source = systemdBootEntry;
|
|
}
|
|
'';
|
|
description = "The contents to end up in the filesystem image.";
|
|
};
|
|
|
|
repartConfig = lib.mkOption {
|
|
type = with lib.types; attrsOf (oneOf [ str int bool ]);
|
|
example = {
|
|
Type = "home";
|
|
SizeMinBytes = "512M";
|
|
SizeMaxBytes = "2G";
|
|
};
|
|
description = ''
|
|
Specify the repart options for a partiton as a structural setting.
|
|
See <https://www.freedesktop.org/software/systemd/man/repart.d.html>
|
|
for all available options.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
mkfsOptionsToEnv = opts: lib.mapAttrs' (fsType: options: {
|
|
name = "SYSTEMD_REPART_MKFS_OPTIONS_${lib.toUpper fsType}";
|
|
value = builtins.concatStringsSep " " options;
|
|
}) opts;
|
|
in
|
|
{
|
|
imports = [
|
|
./repart-verity-store.nix
|
|
];
|
|
|
|
options.image.repart = {
|
|
|
|
name = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = ''
|
|
Name of the image.
|
|
|
|
If this option is unset but config.system.image.id is set,
|
|
config.system.image.id is used as the default value.
|
|
'';
|
|
};
|
|
|
|
version = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = config.system.image.version;
|
|
defaultText = lib.literalExpression "config.system.image.version";
|
|
description = "Version of the image";
|
|
};
|
|
|
|
imageFileBasename = lib.mkOption {
|
|
type = lib.types.str;
|
|
readOnly = true;
|
|
description = ''
|
|
Basename of the image filename without any extension (e.g. `image_1`).
|
|
'';
|
|
};
|
|
|
|
imageFile = lib.mkOption {
|
|
type = lib.types.str;
|
|
readOnly = true;
|
|
description = ''
|
|
Filename of the image including all extensions (e.g `image_1.raw` or
|
|
`image_1.raw.zst`).
|
|
'';
|
|
};
|
|
|
|
compression = {
|
|
enable = lib.mkEnableOption "Image compression";
|
|
|
|
algorithm = lib.mkOption {
|
|
type = lib.types.enum [ "zstd" "xz" ];
|
|
default = "zstd";
|
|
description = "Compression algorithm";
|
|
};
|
|
|
|
level = lib.mkOption {
|
|
type = lib.types.int;
|
|
description = ''
|
|
Compression level. The available range depends on the used algorithm.
|
|
'';
|
|
};
|
|
};
|
|
|
|
seed = lib.mkOption {
|
|
type = with lib.types; nullOr str;
|
|
# Generated with `uuidgen`. Random but fixed to improve reproducibility.
|
|
default = "0867da16-f251-457d-a9e8-c31f9a3c220b";
|
|
description = ''
|
|
A UUID to use as a seed. You can set this to `null` to explicitly
|
|
randomize the partition UUIDs.
|
|
'';
|
|
};
|
|
|
|
split = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Enables generation of split artifacts from partitions. If enabled, for
|
|
each partition with SplitName= set, a separate output file containing
|
|
just the contents of that partition is generated.
|
|
'';
|
|
};
|
|
|
|
sectorSize = lib.mkOption {
|
|
type = with lib.types; nullOr int;
|
|
default = 512;
|
|
example = lib.literalExpression "4096";
|
|
description = ''
|
|
The sector size of the disk image produced by systemd-repart. This
|
|
value must be a power of 2 between 512 and 4096.
|
|
'';
|
|
};
|
|
|
|
package = lib.mkPackageOption pkgs "systemd-repart" {
|
|
# We use buildPackages so that repart images are built with the build
|
|
# platform's systemd, allowing for cross-compiled systems to work.
|
|
default = [ "buildPackages" "systemd" ];
|
|
example = "pkgs.buildPackages.systemdMinimal.override { withCryptsetup = true; }";
|
|
};
|
|
|
|
partitions = lib.mkOption {
|
|
type = with lib.types; attrsOf (submodule partitionOptions);
|
|
default = { };
|
|
example = lib.literalExpression ''
|
|
{
|
|
"10-esp" = {
|
|
contents = {
|
|
"/EFI/BOOT/BOOTX64.EFI".source =
|
|
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
|
|
}
|
|
repartConfig = {
|
|
Type = "esp";
|
|
Format = "fat";
|
|
};
|
|
};
|
|
"20-root" = {
|
|
storePaths = [ config.system.build.toplevel ];
|
|
repartConfig = {
|
|
Type = "root";
|
|
Format = "ext4";
|
|
Minimize = "guess";
|
|
};
|
|
};
|
|
};
|
|
'';
|
|
description = ''
|
|
Specify partitions as a set of the names of the partitions with their
|
|
configuration as the key.
|
|
'';
|
|
};
|
|
|
|
mkfsOptions = lib.mkOption {
|
|
type = with lib.types; attrsOf (listOf str);
|
|
default = {};
|
|
example = lib.literalExpression ''
|
|
{
|
|
vfat = [ "-S 512" "-c" ];
|
|
}
|
|
'';
|
|
description = ''
|
|
Specify extra options for created file systems. The specified options
|
|
are converted to individual environment variables of the format
|
|
`SYSTEMD_REPART_MKFS_OPTIONS_<FSTYPE>`.
|
|
|
|
See [upstream systemd documentation](https://github.com/systemd/systemd/blob/v255/docs/ENVIRONMENT.md?plain=1#L575-L577)
|
|
for information about the usage of these environment variables.
|
|
|
|
The example would produce the following environment variable:
|
|
```
|
|
SYSTEMD_REPART_MKFS_OPTIONS_VFAT="-S 512 -c"
|
|
```
|
|
'';
|
|
};
|
|
|
|
finalPartitions = lib.mkOption {
|
|
type = lib.types.attrs;
|
|
internal = true;
|
|
readOnly = true;
|
|
description = ''
|
|
Convenience option to access partitions with added closures.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
config = {
|
|
|
|
assertions = lib.mapAttrsToList (fileName: partitionConfig:
|
|
let
|
|
inherit (partitionConfig) repartConfig;
|
|
labelLength = builtins.stringLength repartConfig.Label;
|
|
in
|
|
{
|
|
assertion = repartConfig ? Label -> GPTMaxLabelLength >= labelLength;
|
|
message = ''
|
|
The partition label '${repartConfig.Label}'
|
|
defined for '${fileName}' is ${toString labelLength} characters long,
|
|
but the maximum label length supported by UEFI is ${toString
|
|
GPTMaxLabelLength}.
|
|
'';
|
|
}
|
|
) cfg.partitions;
|
|
|
|
warnings = lib.filter (v: v != null) (lib.mapAttrsToList (fileName: partitionConfig:
|
|
let
|
|
inherit (partitionConfig) repartConfig;
|
|
suggestedMaxLabelLength = GPTMaxLabelLength - 2;
|
|
labelLength = builtins.stringLength repartConfig.Label;
|
|
in
|
|
if (repartConfig ? Label && labelLength >= suggestedMaxLabelLength) then ''
|
|
The partition label '${repartConfig.Label}'
|
|
defined for '${fileName}' is ${toString labelLength} characters long.
|
|
The suggested maximum label length is ${toString
|
|
suggestedMaxLabelLength}.
|
|
|
|
If you use sytemd-sysupdate style A/B updates, this might
|
|
not leave enough space to increment the version number included in
|
|
the label in a future release. For example, if your label is
|
|
${toString GPTMaxLabelLength} characters long (the maximum enforced by UEFI) and
|
|
you're at version 9, you cannot increment this to 10.
|
|
'' else null
|
|
) cfg.partitions);
|
|
|
|
image.repart =
|
|
let
|
|
version = config.image.repart.version;
|
|
versionInfix = if version != null then "_${version}" else "";
|
|
compressionSuffix = lib.optionalString cfg.compression.enable
|
|
{
|
|
"zstd" = ".zst";
|
|
"xz" = ".xz";
|
|
}."${cfg.compression.algorithm}";
|
|
|
|
makeClosure = paths: pkgs.closureInfo { rootPaths = paths; };
|
|
|
|
# Add the closure of the provided Nix store paths to cfg.partitions so
|
|
# that amend-repart-definitions.py can read it.
|
|
addClosure = _name: partitionConfig: partitionConfig // (
|
|
lib.optionalAttrs
|
|
(partitionConfig.storePaths or [ ] != [ ])
|
|
{ closure = "${makeClosure partitionConfig.storePaths}/store-paths"; }
|
|
);
|
|
in
|
|
{
|
|
name = lib.mkIf (config.system.image.id != null) (lib.mkOptionDefault config.system.image.id);
|
|
imageFileBasename = cfg.name + versionInfix;
|
|
imageFile = cfg.imageFileBasename + ".raw" + compressionSuffix;
|
|
|
|
compression = {
|
|
# Generally default to slightly faster than default compression
|
|
# levels under the assumption that most of the building will be done
|
|
# for development and release builds will be customized.
|
|
level = lib.mkOptionDefault {
|
|
"zstd" = 3;
|
|
"xz" = 3;
|
|
}."${cfg.compression.algorithm}";
|
|
};
|
|
|
|
finalPartitions = lib.mapAttrs addClosure cfg.partitions;
|
|
};
|
|
|
|
system.build.image =
|
|
let
|
|
fileSystems = lib.filter
|
|
(f: f != null)
|
|
(lib.mapAttrsToList (_n: v: v.repartConfig.Format or null) cfg.partitions);
|
|
|
|
|
|
format = pkgs.formats.ini { };
|
|
|
|
definitionsDirectory = utils.systemdUtils.lib.definitions
|
|
"repart.d"
|
|
format
|
|
(lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions);
|
|
|
|
mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions;
|
|
in
|
|
pkgs.callPackage ./repart-image.nix {
|
|
systemd = cfg.package;
|
|
inherit (cfg) name version imageFileBasename compression split seed sectorSize finalPartitions;
|
|
inherit fileSystems definitionsDirectory mkfsEnv;
|
|
};
|
|
|
|
meta.maintainers = with lib.maintainers; [ nikstur willibutz ];
|
|
|
|
};
|
|
}
|