Felix Singer submitted this change.
util/liveiso: Add NixOS configs for bootable live systems
Add NixOS configurations for bootable live systems containing a set of
tools which might be useful for firmware development in general and for
working on coreboot.
There are two configurations provided. One for console-only and a
graphical one, which is mostly the same as the console image but it
comes with Gnome Shell as window manager and some graphical tools in
addition.
An image can be built using `build-console.sh`, respectively
`build-graphical.sh`. The resulting iso image can be found in
`result/iso/`.
The console image results in ~700MB, while the graphical one results in
~2GB.
Change-Id: Iaf49d198e99781434bd89d2a8a125a4988b77e1c
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50194
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
---
M MAINTAINERS
A util/liveiso/.gitignore
A util/liveiso/build-console.sh
A util/liveiso/build-graphical.sh
A util/liveiso/common.nix
A util/liveiso/console.nix
A util/liveiso/description.md
A util/liveiso/graphical.nix
8 files changed, 268 insertions(+), 0 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index a902adc..b202a52 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -775,6 +775,11 @@
S: Maintained
F: util/me_cleaner/
+LIVEISO
+M: Felix Singer <felixsinger@posteo.net>
+S: Supported
+F: util/liveiso/
+
################################################################################
# Miscellaneous
################################################################################
diff --git a/util/liveiso/.gitignore b/util/liveiso/.gitignore
new file mode 100644
index 0000000..b2be92b
--- /dev/null
+++ b/util/liveiso/.gitignore
@@ -0,0 +1 @@
+result
diff --git a/util/liveiso/build-console.sh b/util/liveiso/build-console.sh
new file mode 100755
index 0000000..ced2ca7
--- /dev/null
+++ b/util/liveiso/build-console.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=console.nix
diff --git a/util/liveiso/build-graphical.sh b/util/liveiso/build-graphical.sh
new file mode 100755
index 0000000..8e79478
--- /dev/null
+++ b/util/liveiso/build-graphical.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=graphical.nix
diff --git a/util/liveiso/common.nix b/util/liveiso/common.nix
new file mode 100644
index 0000000..941e624
--- /dev/null
+++ b/util/liveiso/common.nix
@@ -0,0 +1,160 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ config, options, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+ <nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
+ ];
+
+ system.stateVersion = "21.05";
+
+ isoImage = {
+ makeEfiBootable = true;
+ makeUsbBootable = true;
+ isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+ };
+
+ # Tell the Nix evaluator to garbage collect more aggressively.
+ # This is desirable in memory-constrained environments that don't
+ # (yet) have swap set up.
+ environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
+
+ boot = {
+ kernelParams = [ "console=ttyS0,115200" "console=tty0" ];
+ # pkgs.linuxPackages == lts
+ # pkgs.linuxPackages_latest == stable
+ kernelPackages = pkgs.linuxPackages;
+ extraModulePackages = with config.boot.kernelPackages; [
+ acpi_call
+ chipsec
+ zfs
+ ];
+ # Make programs more likely to work in low memory
+ # environments. The kernel's overcommit heustistics bite us
+ # fairly often, preventing processes from forking even if
+ # there is plenty of free memory.
+ kernel.sysctl."vm.overcommit_memory" = "1";
+ loader.grub.memtest86.enable = true;
+ postBootCommands = ''
+ mkdir -p /mnt
+ '';
+ };
+
+ console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
+
+ nixpkgs.config.allowUnfree = true;
+ hardware = {
+ cpu.intel.updateMicrocode = true;
+ cpu.amd.updateMicrocode = true;
+ enableAllFirmware = true;
+ bluetooth = {
+ enable = true;
+ powerOnBoot = false;
+ package = pkgs.bluezFull;
+ };
+ };
+
+ services = {
+ fwupd.enable = true;
+ udev.packages = with pkgs; [
+ rfkill_udev
+ ];
+ openssh = {
+ enable = true;
+ permitRootLogin = "yes";
+ };
+ };
+
+ networking = {
+ hostName = "devsystem";
+ networkmanager.enable = true;
+ };
+
+ security.sudo.wheelNeedsPassword = false;
+
+ users = {
+ groups.user = {};
+ users = {
+ root.initialHashedPassword = "";
+ user = {
+ isNormalUser = true;
+ group = "user";
+ extraGroups = [ "users" "wheel" "networkmanager" "uucp" ];
+ initialHashedPassword = "";
+ };
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ acpica-tools
+ btrfs-progs
+ bzip2
+ ccrypt
+ chipsec
+ coreboot-utils
+ cryptsetup
+ curl
+ ddrescue
+ dmidecode
+ dosfstools
+ e2fsprogs
+ efibootmgr
+ efivar
+ exfat
+ f2fs-tools
+ flashrom
+ fuse
+ fuse3
+ fwts
+ gptfdisk
+ gitAndTools.gitFull
+ gitAndTools.tig
+ gzip
+ hdparm
+ hexdump
+ htop
+ i2c-tools
+ iasl
+ intel-gpu-tools
+ inxi
+ iotools
+ jfsutils
+ jq
+ mdadm
+ minicom
+ mkpasswd
+ ms-sys
+ msr-tools
+ neovim
+ nixos-install-tools
+ ntfsprogs
+ openssl
+ p7zip
+ pacman
+ parted
+ pciutils
+ phoronix-test-suite
+ powertop
+ psmisc
+ python3Full
+ rsync
+ screen
+ sdparm
+ smartmontools
+ socat
+ sshfs-fuse
+ testdisk
+ tmate
+ tmux
+ unzip
+ upterm
+ usbutils
+ wget
+ xfsprogs.bin
+ zfs
+ zip
+ zstd
+ ];
+}
diff --git a/util/liveiso/console.nix b/util/liveiso/console.nix
new file mode 100644
index 0000000..032ca71
--- /dev/null
+++ b/util/liveiso/console.nix
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ ... }:
+
+{
+ imports = [
+ ./common.nix
+ ];
+
+ services.getty.autologinUser = "user";
+}
diff --git a/util/liveiso/description.md b/util/liveiso/description.md
new file mode 100644
index 0000000..8f282fa
--- /dev/null
+++ b/util/liveiso/description.md
@@ -0,0 +1,11 @@
+# Live ISO
+
+## What is this?
+
+NixOS configuration files for testing purposes and for working on firmware.
+
+## TODO
+- Use programs.flashrom.enable (#128205) and add `user` to `flashrom` group.
+ Will be usable from the next NixOS release.
+- Generate customized bootloader configs; FILO is WIP
+- Add coreboot toolchain
diff --git a/util/liveiso/graphical.nix b/util/liveiso/graphical.nix
new file mode 100644
index 0000000..35909fb
--- /dev/null
+++ b/util/liveiso/graphical.nix
@@ -0,0 +1,74 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ pkgs, lib, ... }:
+
+{
+ imports = [
+ ./common.nix
+ ];
+
+ hardware.pulseaudio = {
+ enable = true;
+ package = pkgs.pulseaudioFull;
+ extraModules = with pkgs; [ pulseaudio-modules-bt ];
+ };
+
+ security.polkit = {
+ enable = true;
+ extraConfig = ''
+ polkit.addRule(function(action, subject) {
+ if (subject.isInGroup("wheel")) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ };
+
+ services.xserver = {
+ enable = true;
+ displayManager = {
+ gdm = {
+ enable = true;
+ autoSuspend = false;
+ };
+ autoLogin = {
+ enable = true;
+ user = "user";
+ };
+ };
+ desktopManager.gnome.enable = true;
+ };
+
+ users.users.user.extraGroups = [ "audio" "video" "input" ];
+
+ environment.systemPackages = with pkgs; [
+ firefox
+ gparted
+ pavucontrol
+ ];
+
+ # Remove unnecessary stuff
+ services = {
+ gnome = {
+ evolution-data-server.enable = lib.mkForce false;
+ gnome-online-accounts.enable = lib.mkForce false;
+ gnome-online-miners.enable = lib.mkForce false;
+ gnome-initial-setup.enable = lib.mkForce false;
+ chrome-gnome-shell.enable = lib.mkForce false;
+ };
+ telepathy.enable = lib.mkForce false;
+ dleyna-renderer.enable = lib.mkForce false;
+ dleyna-server.enable = lib.mkForce false;
+ };
+
+ programs.geary.enable = lib.mkForce false;
+
+ environment.gnome.excludePackages = with pkgs; [
+ gnome.gnome-weather
+ gnome.epiphany
+ gnome.gnome-contacts
+ gnome-photos
+ gnome.gnome-music
+ yelp
+ ];
+}
To view, visit change 50194. To unsubscribe, or for help writing mail filters, visit settings.