mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-10-10 09:38:25 -04:00
4a1916cd30
* [wip] chore: update to Fedora 42 * image: update shasums * image: fix build * measured-boot: ignore PCR9 temporarily * image: don't include osrel section in UKI * nix: patch systemd to not include .osrel section
141 lines
4 KiB
Nix
141 lines
4 KiB
Nix
{
|
|
description = "Constellation";
|
|
|
|
inputs = {
|
|
nixpkgs = {
|
|
url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
|
};
|
|
flake-utils = {
|
|
url = "github:numtide/flake-utils";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
flake-utils,
|
|
}:
|
|
flake-utils.lib.eachDefaultSystem (
|
|
system:
|
|
let
|
|
overlay = final: prev: {
|
|
systemd = prev.systemd.overrideAttrs (old: {
|
|
patches = old.patches or [ ] ++ [ ./image/0001-ukify-dont-bundle-osrel-section.patch ];
|
|
});
|
|
|
|
rpm = prev.rpm.overrideAttrs (old: {
|
|
nativeBuildInputs = old.nativeBuildInputs ++ [ prev.makeWrapper ];
|
|
postFixup = ''
|
|
wrapProgram $out/lib/rpm/sysusers.sh \
|
|
--set PATH ${
|
|
prev.lib.makeBinPath (
|
|
with prev;
|
|
[
|
|
coreutils
|
|
findutils
|
|
su.out
|
|
gnugrep
|
|
]
|
|
)
|
|
}
|
|
'';
|
|
});
|
|
|
|
# dnf5 assumes a TTY with a very small width by default, truncating its output instead of line-wrapping
|
|
# it. Force it to use more VT columns to avoid this, and make debugging errors easier.
|
|
dnf5-stub = prev.writeScriptBin "dnf5" ''
|
|
#!/usr/bin/env bash
|
|
FORCE_COLUMNS=200 ${final.dnf5}/bin/dnf5 $@
|
|
'';
|
|
};
|
|
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
|
|
overlays = [
|
|
(_final: prev: (import ./nix/packages { inherit (prev) lib callPackage; }))
|
|
(_final: prev: { lib = prev.lib // (import ./nix/lib { inherit (prev) lib callPackage; }); })
|
|
overlay
|
|
];
|
|
};
|
|
|
|
callPackage = pkgs.callPackage;
|
|
|
|
mkosiDev = (
|
|
pkgs.mkosi.override {
|
|
extraDeps = (
|
|
with pkgs;
|
|
[
|
|
# package management
|
|
dnf5-stub
|
|
rpm
|
|
createrepo_c
|
|
|
|
# filesystem tools
|
|
squashfsTools # mksquashfs
|
|
dosfstools # mkfs.vfat
|
|
mtools # mcopy
|
|
cryptsetup # dm-verity
|
|
util-linux # flock
|
|
kmod # depmod
|
|
cpio # cpio
|
|
zstd # zstd
|
|
xz # xz
|
|
|
|
# utils
|
|
gnused # sed
|
|
gnugrep # grep
|
|
]
|
|
);
|
|
}
|
|
);
|
|
in
|
|
{
|
|
# Use `legacyPackages` instead of `packages` for the reason explained here:
|
|
# https://github.com/NixOS/nixpkgs/blob/34def00657d7c45c51b0762eb5f5309689a909a5/flake.nix#L138-L156
|
|
# Note that it's *not* a legacy attribute.
|
|
legacyPackages = {
|
|
generate = pkgs.callPackage ./nix/generate.nix { };
|
|
}
|
|
// pkgs;
|
|
|
|
packages.mkosi = mkosiDev;
|
|
|
|
packages.uplosi = pkgs.uplosi;
|
|
|
|
packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgs; };
|
|
|
|
packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix {
|
|
pkgs = pkgs;
|
|
pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
|
|
};
|
|
|
|
packages.libvirt = callPackage ./nix/cc/libvirt.nix {
|
|
pkgs = pkgs;
|
|
pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
|
|
};
|
|
|
|
packages.libvirtd_base = callPackage ./nix/container/libvirtd_base.nix {
|
|
pkgs = pkgs;
|
|
pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
|
|
};
|
|
|
|
packages.vpn = callPackage ./nix/container/vpn/vpn.nix {
|
|
pkgs = pkgs;
|
|
pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
|
|
};
|
|
|
|
packages.awscli2 = pkgs.awscli2;
|
|
|
|
packages.createrepo_c = pkgs.createrepo_c;
|
|
|
|
packages.dnf5 = pkgs.dnf5;
|
|
|
|
devShells.default = callPackage ./nix/shells/default.nix { };
|
|
|
|
formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
|
|
}
|
|
);
|
|
}
|