util/liveiso: Add NixOS configs for bootable live systems

Add NixOS configurations for bootable live systems containing a set of
tools which might be useful for firmware development in general and for
working on coreboot.

There are two configurations provided. One for console-only and a
graphical one, which is mostly the same as the console image but it
comes with Gnome Shell as window manager and some graphical tools in
addition.

An image can be built using `build-console.sh`, respectively
`build-graphical.sh`. The resulting iso image can be found in
`result/iso/`.

The console image results in ~700MB, while the graphical one results in
~2GB.

Change-Id: Iaf49d198e99781434bd89d2a8a125a4988b77e1c
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50194
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
This commit is contained in:
Felix Singer 2021-02-01 13:46:50 +01:00
parent 5586c79978
commit f9948a4d39
8 changed files with 268 additions and 0 deletions

View File

@ -775,6 +775,11 @@ W: https://github.com/corna/me_cleaner
S: Maintained
F: util/me_cleaner/
LIVEISO
M: Felix Singer <felixsinger@posteo.net>
S: Supported
F: util/liveiso/
################################################################################
# Miscellaneous
################################################################################

1
util/liveiso/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
result

3
util/liveiso/build-console.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env sh
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=console.nix

View File

@ -0,0 +1,3 @@
#!/usr/bin/env sh
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=graphical.nix

160
util/liveiso/common.nix Normal file
View File

@ -0,0 +1,160 @@
# SPDX-License-Identifier: GPL-2.0-only
{ config, options, pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix>
];
system.stateVersion = "21.05";
isoImage = {
makeEfiBootable = true;
makeUsbBootable = true;
isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
};
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't
# (yet) have swap set up.
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
boot = {
kernelParams = [ "console=ttyS0,115200" "console=tty0" ];
# pkgs.linuxPackages == lts
# pkgs.linuxPackages_latest == stable
kernelPackages = pkgs.linuxPackages;
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
chipsec
zfs
];
# Make programs more likely to work in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes from forking even if
# there is plenty of free memory.
kernel.sysctl."vm.overcommit_memory" = "1";
loader.grub.memtest86.enable = true;
postBootCommands = ''
mkdir -p /mnt
'';
};
console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
nixpkgs.config.allowUnfree = true;
hardware = {
cpu.intel.updateMicrocode = true;
cpu.amd.updateMicrocode = true;
enableAllFirmware = true;
bluetooth = {
enable = true;
powerOnBoot = false;
package = pkgs.bluezFull;
};
};
services = {
fwupd.enable = true;
udev.packages = with pkgs; [
rfkill_udev
];
openssh = {
enable = true;
permitRootLogin = "yes";
};
};
networking = {
hostName = "devsystem";
networkmanager.enable = true;
};
security.sudo.wheelNeedsPassword = false;
users = {
groups.user = {};
users = {
root.initialHashedPassword = "";
user = {
isNormalUser = true;
group = "user";
extraGroups = [ "users" "wheel" "networkmanager" "uucp" ];
initialHashedPassword = "";
};
};
};
environment.systemPackages = with pkgs; [
acpica-tools
btrfs-progs
bzip2
ccrypt
chipsec
coreboot-utils
cryptsetup
curl
ddrescue
dmidecode
dosfstools
e2fsprogs
efibootmgr
efivar
exfat
f2fs-tools
flashrom
fuse
fuse3
fwts
gptfdisk
gitAndTools.gitFull
gitAndTools.tig
gzip
hdparm
hexdump
htop
i2c-tools
iasl
intel-gpu-tools
inxi
iotools
jfsutils
jq
mdadm
minicom
mkpasswd
ms-sys
msr-tools
neovim
nixos-install-tools
ntfsprogs
openssl
p7zip
pacman
parted
pciutils
phoronix-test-suite
powertop
psmisc
python3Full
rsync
screen
sdparm
smartmontools
socat
sshfs-fuse
testdisk
tmate
tmux
unzip
upterm
usbutils
wget
xfsprogs.bin
zfs
zip
zstd
];
}

11
util/liveiso/console.nix Normal file
View File

@ -0,0 +1,11 @@
# SPDX-License-Identifier: GPL-2.0-only
{ ... }:
{
imports = [
./common.nix
];
services.getty.autologinUser = "user";
}

View File

@ -0,0 +1,11 @@
# Live ISO
## What is this?
NixOS configuration files for testing purposes and for working on firmware.
## TODO
- Use programs.flashrom.enable (#128205) and add `user` to `flashrom` group.
Will be usable from the next NixOS release.
- Generate customized bootloader configs; FILO is WIP
- Add coreboot toolchain

View File

@ -0,0 +1,74 @@
# SPDX-License-Identifier: GPL-2.0-only
{ pkgs, lib, ... }:
{
imports = [
./common.nix
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
extraModules = with pkgs; [ pulseaudio-modules-bt ];
};
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
};
services.xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
autoSuspend = false;
};
autoLogin = {
enable = true;
user = "user";
};
};
desktopManager.gnome.enable = true;
};
users.users.user.extraGroups = [ "audio" "video" "input" ];
environment.systemPackages = with pkgs; [
firefox
gparted
pavucontrol
];
# Remove unnecessary stuff
services = {
gnome = {
evolution-data-server.enable = lib.mkForce false;
gnome-online-accounts.enable = lib.mkForce false;
gnome-online-miners.enable = lib.mkForce false;
gnome-initial-setup.enable = lib.mkForce false;
chrome-gnome-shell.enable = lib.mkForce false;
};
telepathy.enable = lib.mkForce false;
dleyna-renderer.enable = lib.mkForce false;
dleyna-server.enable = lib.mkForce false;
};
programs.geary.enable = lib.mkForce false;
environment.gnome.excludePackages = with pkgs; [
gnome.gnome-weather
gnome.epiphany
gnome.gnome-contacts
gnome-photos
gnome.gnome-music
yelp
];
}