forked from M-Labs/nix-servo
mount SD read-only and use overlay ramfs
This commit is contained in:
parent
67e7bf4af2
commit
52dfbaeec5
@ -410,6 +410,8 @@
|
||||
linien-server
|
||||
(pkgs.python3.withPackages(ps: [ pyfastservo ]))
|
||||
];
|
||||
# Set to false to have the SD/rootfs mounted RW
|
||||
not-os.readOnly = true;
|
||||
boot.postBootCommands = lib.mkAfter ''
|
||||
|
||||
# Program the FPGA
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
diff --git a/base.nix b/base.nix
|
||||
index 7eaee32..9aa338e 100644
|
||||
index 7eaee32..ad2c168 100644
|
||||
--- a/base.nix
|
||||
+++ b/base.nix
|
||||
@@ -27,6 +27,11 @@ with lib;
|
||||
@@ -27,6 +27,16 @@ with lib;
|
||||
description = "enable rngd";
|
||||
default = false;
|
||||
};
|
||||
@ -10,11 +10,16 @@ index 7eaee32..9aa338e 100644
|
||||
+ type = types.bool;
|
||||
+ default = false;
|
||||
+ description = "enable sd image support";
|
||||
+ };
|
||||
+ not-os.readOnly = mkOption {
|
||||
+ type = types.bool;
|
||||
+ default = true;
|
||||
+ description = "Mount root filesystem as read-only with overlay for writes";
|
||||
+ };
|
||||
not-os.simpleStaticIp = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@@ -84,17 +89,25 @@ with lib;
|
||||
@@ -84,17 +94,25 @@ with lib;
|
||||
};
|
||||
environment.etc = {
|
||||
"nix/nix.conf".source = pkgs.runCommand "nix.conf" {} ''
|
||||
@ -59,7 +64,7 @@ index d7b0bf3..70353a1 100644
|
||||
'';
|
||||
}
|
||||
diff --git a/stage-1.nix b/stage-1.nix
|
||||
index 331fecd..aa5148e 100644
|
||||
index 331fecd..f580f7a 100644
|
||||
--- a/stage-1.nix
|
||||
+++ b/stage-1.nix
|
||||
@@ -117,11 +117,6 @@ let
|
||||
@ -74,18 +79,27 @@ index 331fecd..aa5148e 100644
|
||||
root=/dev/vda
|
||||
realroot=tmpfs
|
||||
for o in $(cat /proc/cmdline); do
|
||||
@@ -164,7 +159,9 @@ let
|
||||
@@ -164,7 +159,18 @@ let
|
||||
mkdir -p /mnt/nix/store/
|
||||
|
||||
|
||||
- ${if config.not-os.nix then ''
|
||||
+ ${if config.not-os.sd && config.not-os.nix then ''
|
||||
+ ${if config.not-os.sd && config.not-os.nix then
|
||||
+ if config.not-os.readOnly then ''
|
||||
+ mkdir -p /mnt.ro /mnt.overlay
|
||||
+ mount -o ro $root /mnt.ro
|
||||
+ mount -t tmpfs -o size=1G tmpfs /mnt.overlay
|
||||
+ mkdir -p /mnt.overlay/upper /mnt.overlay/work
|
||||
+
|
||||
+ mount -t overlay overlay -o lowerdir=/mnt.ro,upperdir=/mnt.overlay/upper,workdir=/mnt.overlay/work /mnt
|
||||
+ '' else ''
|
||||
+ # Read-write mount for development
|
||||
+ mount $root /mnt
|
||||
+ '' else if config.not-os.nix then ''
|
||||
# make the store writeable
|
||||
mkdir -p /mnt/nix/.ro-store /mnt/nix/.overlay-store /mnt/nix/store
|
||||
mount $root /mnt/nix/.ro-store -t squashfs
|
||||
@@ -190,6 +187,11 @@ let
|
||||
@@ -190,6 +196,11 @@ let
|
||||
initialRamdisk = pkgs.makeInitrd {
|
||||
contents = [ { object = bootStage1; symlink = "/init"; } ];
|
||||
};
|
||||
@ -97,7 +111,7 @@ index 331fecd..aa5148e 100644
|
||||
in
|
||||
{
|
||||
options = {
|
||||
@@ -205,6 +207,7 @@ in
|
||||
@@ -205,6 +216,7 @@ in
|
||||
config = {
|
||||
system.build.bootStage1 = bootStage1;
|
||||
system.build.initialRamdisk = initialRamdisk;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user