nixos-modules/microvm/store-disk: fallback to squashfs when the nixos…

… hardened profile is imported Fixes Github issue #202
astro · Feb 14, 2024 · 39b18d3 · 39b18d3
1 parent 4de244c
commit 39b18d3
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/checks/default.nix b/checks/default.nix
@@ -100,6 +100,16 @@ let
         boot.initrd.systemd.enable = true;
       } ];
     } ]
+    # hardened profile
+    [ {
+      # no
+      id = null;
+    } {
+      id = "hardened";
+      modules = [ ({ modulesPath, ... }: {
+        imports = [ "${modulesPath}/profiles/hardened.nix" ];
+      }) ];
+    } ]
   ];
 
   allVariants =

diff --git a/nixos-modules/microvm/store-disk.nix b/nixos-modules/microvm/store-disk.nix
@@ -24,7 +24,11 @@ in
   options.microvm = with lib; {
     storeDiskType = mkOption {
       type = types.enum [ "squashfs" "erofs" ];
-      default = "erofs";
+      # nixos/modules/profiles/hardened.nix forbids erofs
+      default =
+        if builtins.elem "erofs" config.boot.blacklistedKernelModules
+        then "squashfs"
+        else "erofs";
       description = ''
         Boot disk file system type: squashfs is smaller, erofs is supposed to be faster.
       '';