util/liveiso: Add NixOS configs for bootable live systems

Add NixOS configurations for bootable live systems containing a set of tools which might be useful for firmware development in general and for working on coreboot. There are two configurations provided. One for console-only and a graphical one, which is mostly the same as the console image but it comes with Gnome Shell as window manager and some graphical tools in addition. An image can be built using `build-console.sh`, respectively `build-graphical.sh`. The resulting iso image can be found in `result/iso/`. The console image results in ~700MB, while the graphical one results in ~2GB. Change-Id: Iaf49d198e99781434bd89d2a8a125a4988b77e1c Signed-off-by: Felix Singer <felixsinger@posteo.net> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50194 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2021-02-01 13:46:50 +01:00 · 2021-02-01 13:46:50 +01:00 · f9948a4d39
parent 5586c79978
commit f9948a4d39
8 changed files with 268 additions and 0 deletions
--- a/5
+++ b/5
@ -775,6 +775,11 @@ W:	https://github.com/corna/me_cleaner
 S:	Maintained
 F:	util/me_cleaner/

+LIVEISO
+M:	Felix Singer <felixsinger@posteo.net>
+S:	Supported
+F:	util/liveiso/
+
 ################################################################################
 # Miscellaneous
 ################################################################################
--- a/util/liveiso/.gitignore
+++ b/util/liveiso/.gitignore
@ -0,0 +1 @@
+result
--- a/util/liveiso/build-console.sh
+++ b/util/liveiso/build-console.sh
@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=console.nix
--- a/util/liveiso/build-graphical.sh
+++ b/util/liveiso/build-graphical.sh
@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=graphical.nix
--- a/util/liveiso/common.nix
+++ b/util/liveiso/common.nix
@ -0,0 +1,160 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ config, options, pkgs, ... }:
+
+{
+	imports = [
+		<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+		<nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
+	];
+
+	system.stateVersion = "21.05";
+
+	isoImage = {
+		makeEfiBootable = true;
+		makeUsbBootable = true;
+		isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+	};
+
+	# Tell the Nix evaluator to garbage collect more aggressively.
+	# This is desirable in memory-constrained environments that don't
+	# (yet) have swap set up.
+	environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
+
+	boot = {
+		kernelParams = [ "console=ttyS0,115200" "console=tty0" ];
+		# pkgs.linuxPackages == lts
+		# pkgs.linuxPackages_latest == stable
+		kernelPackages = pkgs.linuxPackages;
+		extraModulePackages = with config.boot.kernelPackages; [
+			acpi_call
+			chipsec
+			zfs
+		];
+		# Make programs more likely to work in low memory
+		# environments. The kernel's overcommit heustistics bite us
+		# fairly often, preventing processes from forking even if
+		# there is plenty of free memory.
+		kernel.sysctl."vm.overcommit_memory" = "1";
+		loader.grub.memtest86.enable = true;
+		postBootCommands = ''
+			mkdir -p /mnt
+		'';
+	};
+
+	console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
+
+	nixpkgs.config.allowUnfree = true;
+	hardware = {
+		cpu.intel.updateMicrocode = true;
+		cpu.amd.updateMicrocode = true;
+		enableAllFirmware = true;
+		bluetooth = {
+			enable = true;
+			powerOnBoot = false;
+			package = pkgs.bluezFull;
+		};
+	};
+
+	services = {
+		fwupd.enable = true;
+		udev.packages = with pkgs; [
+			rfkill_udev
+		];
+		openssh = {
+			enable = true;
+			permitRootLogin = "yes";
+		};
+	};
+
+	networking = {
+		hostName = "devsystem";
+		networkmanager.enable = true;
+	};
+
+	security.sudo.wheelNeedsPassword = false;
+
+	users = {
+		groups.user = {};
+		users = {
+			root.initialHashedPassword = "";
+			user = {
+				isNormalUser = true;
+				group = "user";
+				extraGroups = [ "users" "wheel" "networkmanager" "uucp" ];
+				initialHashedPassword = "";
+			};
+		};
+	};
+
+	environment.systemPackages = with pkgs; [
+		acpica-tools
+		btrfs-progs
+		bzip2
+		ccrypt
+		chipsec
+		coreboot-utils
+		cryptsetup
+		curl
+		ddrescue
+		dmidecode
+		dosfstools
+		e2fsprogs
+		efibootmgr
+		efivar
+		exfat
+		f2fs-tools
+		flashrom
+		fuse
+		fuse3
+		fwts
+		gptfdisk
+		gitAndTools.gitFull
+		gitAndTools.tig
+		gzip
+		hdparm
+		hexdump
+		htop
+		i2c-tools
+		iasl
+		intel-gpu-tools
+		inxi
+		iotools
+		jfsutils
+		jq
+		mdadm
+		minicom
+		mkpasswd
+		ms-sys
+		msr-tools
+		neovim
+		nixos-install-tools
+		ntfsprogs
+		openssl
+		p7zip
+		pacman
+		parted
+		pciutils
+		phoronix-test-suite
+		powertop
+		psmisc
+		python3Full
+		rsync
+		screen
+		sdparm
+		smartmontools
+		socat
+		sshfs-fuse
+		testdisk
+		tmate
+		tmux
+		unzip
+		upterm
+		usbutils
+		wget
+		xfsprogs.bin
+		zfs
+		zip
+		zstd
+	];
+}
--- a/util/liveiso/console.nix
+++ b/util/liveiso/console.nix
@ -0,0 +1,11 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ ... }:
+
+{
+	imports = [
+		./common.nix
+	];
+
+	services.getty.autologinUser = "user";
+}
--- a/util/liveiso/description.md
+++ b/util/liveiso/description.md
@ -0,0 +1,11 @@
+# Live ISO
+
+## What is this?
+
+NixOS configuration files for testing purposes and for working on firmware.
+
+## TODO
+- Use programs.flashrom.enable (#128205) and add `user` to `flashrom` group.
+  Will be usable from the next NixOS release.
+- Generate customized bootloader configs; FILO is WIP
+- Add coreboot toolchain
--- a/util/liveiso/graphical.nix
+++ b/util/liveiso/graphical.nix
@ -0,0 +1,74 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+{ pkgs, lib, ... }:
+
+{
+	imports = [
+		./common.nix
+	];
+
+	hardware.pulseaudio = {
+		enable = true;
+		package = pkgs.pulseaudioFull;
+		extraModules = with pkgs; [ pulseaudio-modules-bt ];
+	};
+
+	security.polkit = {
+		enable = true;
+		extraConfig = ''
+			polkit.addRule(function(action, subject) {
+				if (subject.isInGroup("wheel")) {
+					return polkit.Result.YES;
+				}
+			});
+		'';
+	};
+
+	services.xserver = {
+		enable = true;
+		displayManager = {
+			gdm = {
+				enable = true;
+				autoSuspend = false;
+			};
+			autoLogin = {
+				enable = true;
+				user = "user";
+			};
+		};
+		desktopManager.gnome.enable = true;
+	};
+
+	users.users.user.extraGroups = [ "audio" "video" "input" ];
+
+	environment.systemPackages = with pkgs; [
+		firefox
+		gparted
+		pavucontrol
+	];
+
+	# Remove unnecessary stuff
+	services = {
+		gnome = {
+			evolution-data-server.enable = lib.mkForce false;
+			gnome-online-accounts.enable = lib.mkForce false;
+			gnome-online-miners.enable = lib.mkForce false;
+			gnome-initial-setup.enable = lib.mkForce false;
+			chrome-gnome-shell.enable = lib.mkForce false;
+		};
+		telepathy.enable = lib.mkForce false;
+		dleyna-renderer.enable = lib.mkForce false;
+		dleyna-server.enable = lib.mkForce false;
+	};
+
+	programs.geary.enable = lib.mkForce false;
+
+	environment.gnome.excludePackages = with pkgs; [
+		gnome.gnome-weather
+		gnome.epiphany
+		gnome.gnome-contacts
+		gnome-photos
+		gnome.gnome-music
+		yelp
+	];
+}