M-Labs/nix-servo
4
1
Fork 2
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

mount SD read-only and use overlay ramfs #70

Open
fsagbuya wants to merge 1 commits from fsagbuya/nix-servo:sd_readonly into master
pull from: fsagbuya/nix-servo:sd_readonly
merge into: M-Labs:master
Conversation 3 Commits 1 Files Changed 2 +25 -9
2 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -410,6 +410,8 @@
linien-server linien-server
(pkgs.python3.withPackages(ps: [ pyfastservo ])) (pkgs.python3.withPackages(ps: [ pyfastservo ]))
]; ];
# Set to false to have the SD/rootfs mounted RW
not-os.readOnly = true;
boot.postBootCommands = lib.mkAfter '' boot.postBootCommands = lib.mkAfter ''
# Program the FPGA # Program the FPGA

32
not-os-patches/pr-28.patch
View File

@ -1,8 +1,8 @@
diff --git a/base.nix b/base.nix diff --git a/base.nix b/base.nix
index 7eaee32..9aa338e 100644 index 7eaee32..ad2c168 100644
--- a/base.nix --- a/base.nix
+++ b/base.nix +++ b/base.nix
@@ -27,6 +27,11 @@ with lib; @@ -27,6 +27,16 @@ with lib;
description = "enable rngd"; description = "enable rngd";
default = false; default = false;
}; };
@ -10,11 +10,16 @@ index 7eaee32..9aa338e 100644
+ type = types.bool; + type = types.bool;
+ default = false; + default = false;
+ description = "enable sd image support"; + description = "enable sd image support";
+ };
+ not-os.readOnly = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Mount root filesystem as read-only with overlay for writes";
+ }; + };
not-os.simpleStaticIp = mkOption { not-os.simpleStaticIp = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@@ -84,17 +89,25 @@ with lib; @@ -84,17 +94,25 @@ with lib;
}; };
environment.etc = { environment.etc = {
"nix/nix.conf".source = pkgs.runCommand "nix.conf" {} '' "nix/nix.conf".source = pkgs.runCommand "nix.conf" {} ''
@ -59,7 +64,7 @@ index d7b0bf3..70353a1 100644
''; '';
} }
diff --git a/stage-1.nix b/stage-1.nix diff --git a/stage-1.nix b/stage-1.nix
index 331fecd..aa5148e 100644 index 331fecd..f580f7a 100644
--- a/stage-1.nix --- a/stage-1.nix
+++ b/stage-1.nix +++ b/stage-1.nix
@@ -117,11 +117,6 @@ let @@ -117,11 +117,6 @@ let
@ -74,18 +79,27 @@ index 331fecd..aa5148e 100644
root=/dev/vda root=/dev/vda
realroot=tmpfs realroot=tmpfs
for o in $(cat /proc/cmdline); do for o in $(cat /proc/cmdline); do
@@ -164,7 +159,9 @@ let @@ -164,7 +159,18 @@ let
mkdir -p /mnt/nix/store/ mkdir -p /mnt/nix/store/
- ${if config.not-os.nix then '' - ${if config.not-os.nix then ''
+ ${if config.not-os.sd && config.not-os.nix then '' + ${if config.not-os.sd && config.not-os.nix then
+ mount $root /mnt + if config.not-os.readOnly then ''
+ mkdir -p /mnt.ro /mnt.overlay
+ mount -o ro $root /mnt.ro
+ mount -t tmpfs -o size=1G tmpfs /mnt.overlay
+ mkdir -p /mnt.overlay/upper /mnt.overlay/work
+
+ mount -t overlay overlay -o lowerdir=/mnt.ro,upperdir=/mnt.overlay/upper,workdir=/mnt.overlay/work /mnt
+ '' else ''
+ # Read-write mount for development
+ mount $root /mnt
+ '' else if config.not-os.nix then '' + '' else if config.not-os.nix then ''
# make the store writeable # make the store writeable
mkdir -p /mnt/nix/.ro-store /mnt/nix/.overlay-store /mnt/nix/store mkdir -p /mnt/nix/.ro-store /mnt/nix/.overlay-store /mnt/nix/store
mount $root /mnt/nix/.ro-store -t squashfs mount $root /mnt/nix/.ro-store -t squashfs
@@ -190,6 +187,11 @@ let @@ -190,6 +196,11 @@ let
initialRamdisk = pkgs.makeInitrd { initialRamdisk = pkgs.makeInitrd {
contents = [ { object = bootStage1; symlink = "/init"; } ]; contents = [ { object = bootStage1; symlink = "/init"; } ];
}; };
@ -97,7 +111,7 @@ index 331fecd..aa5148e 100644
in in
{ {
options = { options = {
@@ -205,6 +207,7 @@ in @@ -205,6 +216,7 @@ in
config = { config = {
system.build.bootStage1 = bootStage1; system.build.bootStage1 = bootStage1;
system.build.initialRamdisk = initialRamdisk; system.build.initialRamdisk = initialRamdisk;