-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iso: avoid systemd service startup #202
Conversation
12cfb76
to
adcd7f0
Compare
This comment has been minimized.
This comment has been minimized.
13af8dd
to
54654c0
Compare
This is required so that filtering via lib.remove works against modules.core and similar which are of path type. It is also a prerequisite for disabledModules to match by module.key instead of path string relative to nixpkgs' modulePath.
IN order to avoid random startup of systemd services, filter out all profiles, except for core and user profiles. This works becasue of a fundamental devos contract, that modules only define configuration, but don't implement them and profiles only implement confguration but don't define them. So only ever an activated profile is expected to effectively start up a systemd service. closes: divnix#194
This ensures that all builds of activated profiles are included into the iso cache and don't require rebuilding within the live installer environment.
This is just for convenience, since the closuers are already in the store. It might be helpful to be able to test out some things of those deactivated profiles een on the iso isntaller.
This comment has been minimized.
This comment has been minimized.
Also apparently getting a segmentation faullt while building the iso is a known issue with nix that happens sometimes. A workaround is to preface the build command with |
This comment has been minimized.
This comment has been minimized.
tryAlready running a review |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great
Just wondering, is this because of not importing |
If I remember correctly, it was trying to download Maybe we can open an issue for air-gapped install, and try to make it work over time. |
I think it might try and download the registry anyways and perhaps try to update flake. I think theres a |
@@ -27,7 +27,7 @@ let mkProfileAttrs = | |||
f = n: _: | |||
lib.optionalAttrs | |||
(lib.pathExists "${dir}/${n}/default.nix") | |||
{ default = "${dir}/${n}"; } | |||
{ default = /. + "${dir}/${n}"; } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the motivation here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for the expression in devosSystem
lib.remove modules.core suite.allProfiles
. For the matching to work all items in the list must be the same type. And in general its better to pass around modules as paths rather than strings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But also.most importantly for disabledModules
to filter.on module.key
proper instead of a rleative to.modulePath
string.
@@ -6,27 +6,42 @@ lib.nixosSystem (args // { | |||
let | |||
moduleList = builtins.attrValues modules; | |||
modpath = "nixos/modules"; | |||
cd = "installer/cd-dvd/installation-cd-minimal-new-kernel.nix"; | |||
|
|||
fullHostConfig = (lib.nixosSystem (args // { modules = moduleList; })).config; | |||
|
|||
isoConfig = (lib.nixosSystem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would really love to see the bonus goal of your PR implemented. Is it possible that we could create an isoConfig'
that is everything that the current isoConfig
defines with storeContents
abstracted out into a separate variable, while the new isoConfig
would just be something like:
{
isoConfig = isoConfig' // { isoImage.storeContents = storeContents ++ [ isoConfig' ];
}
I'm trying to think of a way to do this without triggering infinite recursion, although perhaps I haven't thought this through enough and the above does cause and infinite loop. I'll have more time to test tomorrow and see if I can work it out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Within the devshell
of a live iso, it is ultimately upstream nixos-install at this line that is hindering us, specifically: nix flake metadata
evaluates very greedily. Couldn't we obtain that .url
— which seemed to be a store path — more cheaply?
On the other hand, the build itself is already fully cached (auto?trusted=1
) courtesy of the fullHostConfig
's toplevel
. That extends to the system profile, which is loaded locally from the build's output
After that there is no potential network call left. So the culprit must be indeed nix flake metadata
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it is only nixos-install that's blocking us (and it has other problems with flakes), perhaps we could just do what's mentioned in that comment, or something similar to work around it. I personally had to do a legacy nix-build
via compat dir to install onto my laptop. Something about my configuration triggered the error mentioned in that thread.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We just moved to a new appartment and, for a varying operational reasons, I probably will be unavailable to follow trough on this bonus item any time soon. (No inet, no setup, obly cell-phone, life getting in the way, ...)
Can we carve this out into an issue while moving on with this PR in its current state?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. I'd like to have a crack at it first though, if you don't mind, as I think it would be pretty straight-forward. If I get it working, I'll pushing a PR to your branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect the --offline
option would get us quite some mileage (combined with a small patch to nixos-install
/ flakes-first reconception of it), unfortunately I havn't been able to test this in time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems I don't have as much time as I'd hoped. I'll go ahead and merge this and we will try to work it out later.
bors r+
Build succeeded: |
tryMerge conflict. |
fixes #194
alternative to #197
Manual Tests
was unrelated
flk install NixOS --impure
correctly onto/mnt
❎ (looks like no profile is present)Issue: #204
Upstream Issue: NixOS/nixpkgs#116938
cage
service is disabled, that is: boots into terminal ✔️→ detailed rationale in the commit messages
❤️ @Pacman99 for the excellent and detailed discussions in #197 and the may ideas, suggestions and code.