nixos-modules/microvm/store-disk: fallback to squashfs when the nixos hardened profile is imported

astro · astro · commit 39b18d3bbc83 · 2024-02-14T21:49:18.000+01:00
Fixes Github issue #202
diff --git a/checks/default.nix b/checks/default.nix
@@ -100,6 +100,16 @@ let
         boot.initrd.systemd.enable = true;
       } ];
     } ]
+    # hardened profile
+    [ {
+      # no
+      id = null;
+    } {
+      id = "hardened";
+      modules = [ ({ modulesPath, ... }: {
+        imports = [ "${modulesPath}/profiles/hardened.nix" ];
+      }) ];
+    } ]
   ];
 
   allVariants =
diff --git a/nixos-modules/microvm/store-disk.nix b/nixos-modules/microvm/store-disk.nix
@@ -24,7 +24,11 @@ in
   options.microvm = with lib; {
     storeDiskType = mkOption {
       type = types.enum [ "squashfs" "erofs" ];
-      default = "erofs";
+      # nixos/modules/profiles/hardened.nix forbids erofs
+      default =
+        if builtins.elem "erofs" config.boot.blacklistedKernelModules
+        then "squashfs"
+        else "erofs";
       description = ''
         Boot disk file system type: squashfs is smaller, erofs is supposed to be faster.
       '';
