iso: avoid systemd service startup #202
Conversation
blaggacao
force-pushed
the
da/fix-194
branch
4 times, most recently
from
12cfb76
to
adcd7f0
Compare
This comment has been minimized.
This comment has been minimized.
blaggacao
force-pushed
the
da/fix-194
branch
5 times, most recently
from
13af8dd
to
54654c0
Compare
This is required so that filtering via lib.remove works against modules.core and similar which are of path type. It is also a prerequisite for disabledModules to match by module.key instead of path string relative to nixpkgs' modulePath.
IN order to avoid random startup of systemd services, filter out all profiles, except for core and user profiles. This works becasue of a fundamental devos contract, that modules only define configuration, but don't implement them and profiles only implement confguration but don't define them. So only ever an activated profile is expected to effectively start up a systemd service. closes: divnix#194
This ensures that all builds of activated profiles are included into the iso cache and don't require rebuilding within the live installer environment.
This is just for convenience, since the closuers are already in the store. It might be helpful to be able to test out some things of those deactivated profiles een on the iso isntaller.
This comment has been minimized.
This comment has been minimized.
|
Also apparently getting a segmentation faullt while building the iso is a known issue with nix that happens sometimes. A workaround is to preface the build command with |
This comment has been minimized.
This comment has been minimized.
tryAlready running a review |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Just wondering, is this because of not importing |
If I remember correctly, it was trying to download Maybe we can open an issue for air-gapped install, and try to make it work over time. |
|
I think it might try and download the registry anyways and perhaps try to update flake. I think theres a |
| @@ -27,7 +27,7 @@ let mkProfileAttrs = | |||
| f = n: _: | |||
| lib.optionalAttrs | |||
| (lib.pathExists "${dir}/${n}/default.nix") | |||
| { default = "${dir}/${n}"; } | |||
| { default = /. + "${dir}/${n}"; } | |||
There was a problem hiding this comment.
What's the motivation here?
There was a problem hiding this comment.
for the expression in devosSystem lib.remove modules.core suite.allProfiles. For the matching to work all items in the list must be the same type. And in general its better to pass around modules as paths rather than strings.
There was a problem hiding this comment.
But also.most importantly for disabledModules to filter.on module.key proper instead of a rleative to.modulePath string.
| @@ -6,27 +6,42 @@ lib.nixosSystem (args // { | |||
| let | |||
| moduleList = builtins.attrValues modules; | |||
| modpath = "nixos/modules"; | |||
| cd = "installer/cd-dvd/installation-cd-minimal-new-kernel.nix"; | |||
|
|
|||
| fullHostConfig = (lib.nixosSystem (args // { modules = moduleList; })).config; | |||
|
|
|||
| isoConfig = (lib.nixosSystem | |||
There was a problem hiding this comment.
I would really love to see the bonus goal of your PR implemented. Is it possible that we could create an isoConfig' that is everything that the current isoConfig defines with storeContents abstracted out into a separate variable, while the new isoConfig would just be something like:
{
isoConfig = isoConfig' // { isoImage.storeContents = storeContents ++ [ isoConfig' ];
}I'm trying to think of a way to do this without triggering infinite recursion, although perhaps I haven't thought this through enough and the above does cause and infinite loop. I'll have more time to test tomorrow and see if I can work it out.
There was a problem hiding this comment.
Within the devshell of a live iso, it is ultimately upstream nixos-install at this line that is hindering us, specifically: nix flake metadata evaluates very greedily. Couldn't we obtain that .url — which seemed to be a store path — more cheaply?
On the other hand, the build itself is already fully cached (auto?trusted=1) courtesy of the fullHostConfig's toplevel. That extends to the system profile, which is loaded locally from the build's output
After that there is no potential network call left. So the culprit must be indeed nix flake metadata...
There was a problem hiding this comment.
If it is only nixos-install that's blocking us (and it has other problems with flakes), perhaps we could just do what's mentioned in that comment, or something similar to work around it. I personally had to do a legacy nix-build via compat dir to install onto my laptop. Something about my configuration triggered the error mentioned in that thread.
There was a problem hiding this comment.
We just moved to a new appartment and, for a varying operational reasons, I probably will be unavailable to follow trough on this bonus item any time soon. (No inet, no setup, obly cell-phone, life getting in the way, ...)
Can we carve this out into an issue while moving on with this PR in its current state?
There was a problem hiding this comment.
Sure. I'd like to have a crack at it first though, if you don't mind, as I think it would be pretty straight-forward. If I get it working, I'll pushing a PR to your branch.
There was a problem hiding this comment.
I suspect the --offline option would get us quite some mileage (combined with a small patch to nixos-install / flakes-first reconception of it), unfortunately I havn't been able to test this in time.
There was a problem hiding this comment.
seems I don't have as much time as I'd hoped. I'll go ahead and merge this and we will try to work it out later.
bors r+
|
Build succeeded: |
tryMerge conflict. |
fixes #194
alternative to #197
Manual Tests
was unrelated
flk install NixOS --impurecorrectly onto/mnt❎ (looks like no profile is present)Issue: #204
Upstream Issue: NixOS/nixpkgs#116938
cageservice is disabled, that is: boots into terminal ✔️→ detailed rationale in the commit messages
❤️ @Pacman99 for the excellent and detailed discussions in #197 and the may ideas, suggestions and code.