Skip to content

nixos/image: systemd-repart based GPT image builder#245250

Merged
RaitoBezarius merged 4 commits intoNixOS:masterfrom
nikstur:images
Jul 27, 2023
Merged

nixos/image: systemd-repart based GPT image builder#245250
RaitoBezarius merged 4 commits intoNixOS:masterfrom
nikstur:images

Conversation

@nikstur
Copy link
Contributor

@nikstur nikstur commented Jul 24, 2023

Description of changes

Add a new module to build images via systemd-repart. This module exposes a shallow wrapper around systemd-repart that can be used to assemble appliance images by populating the Efi System Partition (ESP) yourself.

The eventual ambitions for this image builder are much larger though:

  • Have the ability to install all supported boot loaders (by assembling the ESP beforehand and simply copying the contents into the image)
  • Expose the builder as a snippet, to optionally build disk images just-in-time (so they are not stored in the Nix store and thus not cached)
  • Replace make-disk-image.nix for all GPT/UEFI use cases (including as the default image creator for qemu-vm.nix)

Generally, this module wants to remain a shallow wrapper around systemd-repart and all additional funcitonality should be implemented outside of this module (e.g. populating an ESP) and then just copy into the image via the provided mechanisms.

I'm not sure where the docs should go. I feel they are too early in the manual. Also these are not really reference material, so I'm not sure if they even belong in the manual. Maybe nix.dev is a better place?

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@nikstur nikstur marked this pull request as ready for review July 24, 2023 22:23
@nikstur nikstur requested a review from a team as a code owner July 24, 2023 22:23
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. labels Jul 24, 2023
@nikstur nikstur requested a review from RaitoBezarius July 24, 2023 22:23
@RaitoBezarius RaitoBezarius requested review from Lassulus and Mic92 July 24, 2023 22:24
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius reviewed Jul 24, 2023
View reviewed changes
RaitoBezarius
RaitoBezarius requested changes Jul 24, 2023
View reviewed changes
Copy link
Member

@RaitoBezarius RaitoBezarius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good! My biggest beef is the namespacing. :)

@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Jul 24, 2023
@RaitoBezarius RaitoBezarius requested a review from roberth July 24, 2023 22:44
@RaitoBezarius RaitoBezarius changed the title systemd-repart based GPT image builder nixos/image: systemd-repart based GPT image builder Jul 24, 2023
@nikstur nikstur requested a review from arianvp July 24, 2023 23:07
arianvp
arianvp reviewed Jul 25, 2023
View reviewed changes
Copy link
Member

@arianvp arianvp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to have a derivation that takes a bootspec as input and outputs repart definitions as output instead of having a DSL at the nix expression Level for setting partition contents.

This will also make it easier to have this as a standalone script that builds images outside of the nix store and makes the builder usable outside of NixOS

@roberth roberth removed their request for review July 25, 2023 09:26
@arianvp
Copy link
Member

arianvp commented Jul 25, 2023

Would be nice to add or document that you can run

      ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration

From closureInfo

To get a working NixOS (non appliance) image if nix binary is in the target image

Like here:

https://github.com/arianvp/server-optimised-nixos/blob/9e3de35bb5885c22695b953976466aa3c15ac8cc/modules/base.nix#L39

arianvp
arianvp reviewed Jul 25, 2023
View reviewed changes
arianvp
arianvp reviewed Jul 26, 2023
View reviewed changes
arianvp
arianvp reviewed Jul 26, 2023
View reviewed changes
@github-actions github-actions bot removed the 8.has: documentation This PR adds or changes documentation label Jul 26, 2023
@nikstur
Copy link
Contributor Author

nikstur commented Jul 26, 2023
edited
Loading

takes a bootspec as input and outputs repart definitions as output instead of having a DSL at the nix expression Level for setting partition contents.

The bootspec does not contain all the information necessary to build an image. Additionally, if we statically assemble an image, and not rely on the generation mechanism, bootspec doesn't really benefit us. We can just use the normal templating mechanisms Nix provides. The issue bootspec really addresses (at least to me) is that it has all the information in place for a bootloader installer that cannot rely on normal templating in Nix.

makes the builder usable outside of NixOS

Outside NixOS, you should probably just use systemd-repart directly or use mkosi wich also uses systemd-repart under the hood.

To get a working NixOS (non appliance) image if nix binary is in the target image

I want to address this outside of this PR. This PR really just adds the NixOS primitives to create an image with systemd-repart. I believe this is also a more elegant approach. make-disk-image.nix for example suffers from a lot of complexity because it tries to do everything at once without many abstractions in between.

The way I envision to eventually create a fully working Nix image (that also supports generations and can be used by qemu-vm.nix) is by creating all the necessary pieces in separate derivations (or at least outside the image builder itself) and just copy the resulting files to the right spots inside the image via the primitives exposed in image.repart. So we would for example have an ESP builder that can assemble the directory tree for an entire ESP (with generations) and then just tell system-repart to copy this tree into the ESP. Registration of the closure is then done via a systemd service in userspace.

@nikstur
Copy link
Contributor Author

nikstur commented Jul 26, 2023

@ofborg test systemd-sysupdate systemd-repart.basic appliance-repart-image

@nikstur nikstur requested a review from RaitoBezarius July 26, 2023 22:25
@RaitoBezarius RaitoBezarius merged commit 7d053c8 into NixOS:master Jul 27, 2023
@nikstur nikstur mentioned this pull request Oct 26, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

@arianvp arianvp arianvp approved these changes

@Mic92 Mic92 Awaiting requested review from Mic92

@Lassulus Lassulus Awaiting requested review from Lassulus

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nikstur @arianvp @RaitoBezarius