From 403465935058d0ff0b62da10196f96de794d83a5 Mon Sep 17 00:00:00 2001 From: Pacman99 Date: Mon, 15 Mar 2021 17:02:20 -0700 Subject: [PATCH 1/4] lib: pass `inputs` to `./lib` library functions now can access inputs (and their sources!) directly, for example in order to copy their closure into the iso registry so that evaluating the flake does not need to fetch inputs again --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e1ff3c4..4f8cc3b 100644 --- a/flake.nix +++ b/flake.nix @@ -57,7 +57,7 @@ overlay = import ./pkgs; overlays = lib.pathsToImportedAttrs (lib.pathsIn ./overlays); - lib = import ./lib { inherit nixos pkgs self; }; + lib = import ./lib { inherit nixos pkgs self inputs; }; templates.flk.path = ./.; templates.flk.description = "flk template"; From 17aee57df455e5524a6911ff517acfb3ae2629b5 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Tue, 16 Mar 2021 16:42:58 -0500 Subject: [PATCH 2/4] iso: pin inputs as flakes This intends to avoid downloading inputs on the iso live image and is a step towards completely air-gaped installs. credits: @Pacman99 closes: #190 --- lib/devos/devosSystem.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devos/devosSystem.nix b/lib/devos/devosSystem.nix index 78b7f36..46ca965 100644 --- a/lib/devos/devosSystem.nix +++ b/lib/devos/devosSystem.nix @@ -1,4 +1,4 @@ -{ lib, nixos, self, ... }: +{ lib, nixos, self, inputs, ... }: { modules, ... } @ args: lib.nixosSystem (args // { @@ -17,6 +17,7 @@ lib.nixosSystem (args // { source = self; target = "/devos/"; }]; + nix.registry = lib.mapAttrs (n: v: { flake = v; }) inputs; # confilcts with networking.wireless which might be slightly # more useful on a stick networking.networkmanager.enable = lib.mkForce false; From 8e3777ff346e2f75f31d0813ac16fc71dc29322c Mon Sep 17 00:00:00 2001 From: David Arnold Date: Tue, 16 Mar 2021 17:33:53 -0500 Subject: [PATCH 3/4] iso: copy devShell storepath to iso This avoids for the live nixos on the iso to rebuild the devshell upon entering it. --- lib/devos/devosSystem.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/devos/devosSystem.nix b/lib/devos/devosSystem.nix index 46ca965..cece333 100644 --- a/lib/devos/devosSystem.nix +++ b/lib/devos/devosSystem.nix @@ -18,6 +18,9 @@ lib.nixosSystem (args // { target = "/devos/"; }]; nix.registry = lib.mapAttrs (n: v: { flake = v; }) inputs; + isoImage.storeContents = [ + self.devShell.${config.nixpkgs.system} + ]; # confilcts with networking.wireless which might be slightly # more useful on a stick networking.networkmanager.enable = lib.mkForce false; From faa855824058cfa01c367786051fa7e7cd1ee63c Mon Sep 17 00:00:00 2001 From: David Arnold Date: Tue, 16 Mar 2021 18:01:29 -0500 Subject: [PATCH 4/4] iso: document iso cache / closures (speed!) --- doc/start/iso.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/doc/start/iso.md b/doc/start/iso.md index 1d28e4f..daccfec 100644 --- a/doc/start/iso.md +++ b/doc/start/iso.md @@ -46,6 +46,18 @@ _Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] configured on the live installer. If you wish to enable [MulticastDNS][mDNS] for your environment, you ought to configure that in a regular [profile](../../profiles)._ +## ISO image nix store & cache + +The iso image holds the store to the live environment and _also_ acts as a binay cache +to the installer. To considerably speed up things, the image already includes all flake +`inputs` as well as the `devshell` closures. + +While you _could_ provision any machine with a single stick, a bespoke iso maximises +those local cache hits. + +For hosts that don't differ too much, a common usb stick might be ok, whereas when +there are bigger differences, a bespoke usb stick will be considerably faster. + ## EUI-64 LLA & Host Identity The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended @@ -97,11 +109,6 @@ $ flk install NixOS --impure # use same host as above -_Note: You _could_ install another machine than the one your iso was built for, -but the iso doesn't carry all the necesary build artifacts so the target would -start to build the missing parts on demand instead of substituting them from -the iso itself._ - [manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning [mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS [NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol