Add NixOS support, CHANGLOG and other changes #17
Conversation
|
@phodina whoa! Awesome work. Now I owe you to ditch Ubuntu and go to Nix. 😛 If you would present that at https://fosdem.org/2026/schedule/track/nix-and-nixos/ then I would merge that as is. 😆 Otherwise, seems not everything is through: would you please double-check actions? I am not sure aarch64/darwin will do here... Also, please P.S. Absolutely cool! |
|
@Ichmed could you take a second look, please? |
Sure will run the Clippy check to pass. Regarding the Darwin, i do own a Mac Mini M1 machine to test but it runs Asahi Linux :D I intend to use it mainly for Mobile Nixos (surprise :) mobile-nixos/mobile-nixos#853 and also later for embedded systems. The pull request stalls as the initramfs there uses Ruby. It offers a lot of features but having embedded background I appreciate the effort but IMHO don't thing Ruby is good choice. Mostly I'm used to busybox+shell scripts style initramfs but for some time I thought about single binary init system also written in Rust. So thanks for bootstrapping the effort! Also noticed OpenSUSE on your profile, what's you affiliation? |
Yes! Please rebase on master and then
Yes, I was about to suggest that. Let's just drop that for now.
❤️!
"Embedded system" and "lots of features"? An embedded system must have only what it must use. Basically, you should have no
10 years worked there making SLES. Actually Feel free to add stuff to it. 😉 |
|
@phodina BTW, there is also a very good reason why we don't update embedded systems with the packages: they introduce config drift and then you risk bricking your device. There are some distros on the market with pkgs, but this is a very tricky/risky business. I am not entirely sure NixOS is a good idea for the embedded in general, as it looks to be overlybloated, but trying? — why not... Maybe it is a good idea, I still need to explore that. RedHat's OS Tree is actually a right thing to do, but it is also way too bloated at the moment. Canonocal's Ubuntu Core is a good idea too, but the implementation is catastrophically bad. So the best of best for now I would suggest this: https://elbe-rfs.org/new_site/index.html |
We are interested in machine architecture and want to get: ``` $ uname -m aarch64 $ uname -m x86_64 ``` Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Done ;-) Dropped support for Darwin, WSL2 not tested but normally packages build there in nix work.
Totally agree with you on the just boot the system as fast as possible. It should not be swiss knife nor have there kitchen sink otherwise it's prone to failure or worse attack vector. However, I do understand the need to have some features. The mobile phones are locked down and the bootloaders can't be changed. So the idea with mobile nixos is to have Now back to features. I also don't like the feature creep but there are some that should be implemented in the initramfs. Definitely the LUKS unlock. Which on phone requires the framebuffer passed by Android bootloader and the touchscreen. Sure the Both options require drivers or components currently not present in So better to draw keyboard and text input in the initramfs for the LUKS key. In similar fashion if we would be able to store the key in the TrustZone we could use the As an alternative NFC with some security token e.g. Yubikey could be also used. That would also require the NFC driver and daemon. So even though I agree with the minimal and fast boot approach there are some valid usecases where it will require more functionality which could be gated using the rust features. Other stuff like which slot to boot can be handled by the Also I'm aware that the initramfs, kernel, bootloader are risky parts to update. In embedded systems and Android there are usually slots - A and B. So if the company does due diligence on the Q&A of the OTA updates the device should not be bricked. Ideally it should not be updated frequently in the field.
Build mostly in the past systems either through buildroot, OpenWrt or Yocto. Since it was custom hardware and SoC which was far better supported in the vendor SDK there was no intention to reduce the size and time of the build (what a waste of resources). Well I like Yocto, but then for each device you build custom image, which if you are a bigger company and don't care about the updates for the product is guess fine. But for normal system I'd either go with Debian based system or NixOS. Sure it's not targeted for that but the descriptive language, remote builders and also certain immutability with generations has an edge (at least for me). So specifically on phones it would allow me and others to try the latest features on next kernel and if it breaks just reboot and pick older generation that works.
The reason I asked about the OpenSUSE affiliation is that with David Heidlberg we are trying to get the Linux next kernel running on mobile phones and SUSE in Prague helps us by providing spaces for hackadays. Big thanks to @lkocman for making this happen! |
|
Funny I demoed Microhop booting a SLES in 2024 at OpenSUSE Con. I also tried last year to show something at DevConf.cz in Brno, but RedHat, like Microsoft, is overly obsessed with AI at the moment, so let's wait when they fail and go back to normal. Well, this is a big difference between "embedded system" and "general distro" which SUSE is making traditionally. You are NOT supposed to pull out a disk with an embedded system, plug it elsewhere and boot. But you ARE supposed to do that with a generic system. That's why adding even a braille driver in SUSE's case is the right thing to do. This is also why Microhop does not have that auto/update to kernel swappings, because by definition you are supposed to do all that routine fully manually: put a new kernel, pick your modules, reconstruct initrd, put all that together, bake an image and only then push the update. That's why I was experimenting with bootr: another project that is working like RedHat's bootable containers, except very tiny and very small. So the idea is to push image updates over an existing system, just like you do with the containers. I stopped that because my focus now is elsewhere and I have only 24 hours and two arms. 😆 While writing this: there's still one forgotten-and-unused import. Typically P.S. @lkocman see you in Nue/Z-Bau at next OpenSUSE Con! 😛 |
@isbm sorry missed the flags in actions so the warning that turned into error slipped through my fingers
Good to know there are still great humans around and not just bots creating more boilerplate work :D |
|
The only thing missing is support to copy over firmware files as these are needed on the sdm845 to boot the adreno GPU. Have a crude way to add those but will refactor that. Otherwise would be cool to present this on FOSDEM booth. It will be more about the Mobile Nixos + other stuff but I think a bumble init system also deserves mention. What do you think? @isbm Funny enough you can't pull the whole firmware to the boot.img as just the modem is almost 2x big as the partition itself :D |
Well, I think it is too late. 😢 But in any case, if you go to FOSDEM in just four days — I will be there too. |
|
@phodina OK, looks good. Anything else from your side to this PR or more improvements coming in different PRs 😛 ? |
isbm
added
documentation
There was a problem hiding this comment.
Pull request overview
Adds Nix/NixOS tooling and a demo boot flow, plus runtime enhancements for mounting and kernel/initramfs generation (overlayfs support, cmdline-based root selection, and kernel config validation).
Changes:
- Add overlayfs support and mount flag handling (incl. read-only root scenarios).
- Add kernel cmdline parsing + improved device resolution (UUID/label/path) and more tolerant module loading.
- Add Nix flake packaging, NixOS demo components (kernel/u-boot/rootfs/initramfs), and a GitHub Actions workflow to build Nix packages.
Reviewed changes
Copilot reviewed 25 out of 28 changed files in this pull request and generated 17 comments.
Show a summary per file
| File | Description |
|---|---|
| syslib/src/fs.rs | Adds mount-with-flags helper and overlayfs detection/mount support. |
| syslib/src/blk.rs | Expands block device probing to include raw devices (not only partitions). |
| src/microhop.rs | Adds mount mode support, cmdline-based root selection, and UUID/label device resolution. |
| src/main.rs | Integrates overlayfs boot flow and pivots into overlay root when configured. |
| src/kmodprobe.rs | Makes missing kernel modules a handled runtime condition (logs + returns). |
| src/cmdline.rs | New cmdline parser for /proc/cmdline to support root=, rootfstype=, rootflags=. |
| rustfmt.toml | Updates rustfmt configuration key for function parameter layout. |
| profile/src/cfg.rs | Extends config schema with an overlayfs section and accessors. |
| nixos/u-boot.nix | Adds Nix derivation to build u-boot for QEMU aarch64. |
| nixos/nixos-rootfs.nix | Adds a minimal Nix-built squashfs rootfs for the demo boot flow. |
| nixos/microhop-config.nix | Provides a microhop.conf for the QEMU demo (overlayfs + squashfs intent). |
| nixos/kernel.nix | Adds a Nix-built kernel with an embedded config tailored for the demo. |
| nixos/initramfs-microgen.nix | Builds an initramfs via microgen new with kernel-config validation inputs. |
| nixos/example-system.nix | Adds an example NixOS system configuration intended for testing microhop. |
| microgen/src/rdpack.rs | Makes initramfs packer create output directory before writing the archive. |
| microgen/src/rdgen.rs | Allows initramfs generation without kernel modules (monolithic kernels). |
| microgen/src/main.rs | Adds kernel config validation flow and new info listing commands. |
| microgen/src/kconfig_validator.rs | New kernel .config validator with filesystem/block-device support lists. |
| microgen/src/clidef.rs | Extends CLI flags for validation and supported-feature listing. |
| flake.nix | Adds flake packaging for microhop/microgen and demo QEMU boot app for aarch64. |
| flake.lock | Pins Nix inputs for reproducible builds. |
| etc/microhop.conf | Updates sample config to document UUID/label specs and overlayfs configuration. |
| README.md | Documents Nix build usage and links to changelog; references demo video. |
| Makefile | Adjusts architecture detection to use uname -m. |
| CHANGELOG.md | Introduces a changelog documenting new Nix/overlayfs/validation features. |
| .gitignore | Ignores Nix result/ output. |
| .github/workflows/build.yml | Adds CI workflow to build Nix packages across multiple platforms and publish releases. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
microgen/src/kconfig_validator.rs
Outdated
| let msg = if is_error { | ||
| format!("Block device {} is not enabled. Required for specified block device", blk_name) | ||
| } else { | ||
| format!("Block device {} is not validated (use --block-devices to validate)", blk_name) | ||
| }; | ||
|
|
||
| if is_error { | ||
| result.add_error(config_option, &msg); | ||
| } else { | ||
| result.add_warning(config_option, &msg); | ||
| } |
There was a problem hiding this comment.
Same as filesystem validation: when is_error is false, the message says the block device "is not validated", but the code did validate it and found it disabled (just downgraded to a warning). Consider rewording to avoid implying that no check was performed.
microgen/src/kconfig_validator.rs
Outdated
| let msg = if is_error { | ||
| format!("Filesystem {} is not enabled. Required for specified rootfs", fs_name) | ||
| } else { | ||
| format!("Filesystem {} is not validated (use --filesystems to validate)", fs_name) | ||
| }; | ||
|
|
||
| if is_error { | ||
| result.add_error(config_option, &msg); | ||
| } else { | ||
| result.add_warning(config_option, &msg); | ||
| } |
There was a problem hiding this comment.
When is_error is false, the message says the filesystem "is not validated", but the code did validate it and found it disabled—it's just treated as a warning. This wording is misleading; consider changing the message to indicate the feature is disabled but only enforced as an error when --filesystems is provided.
microgen/src/kconfig_validator.rs
Outdated
| let msg = format!("Unknown block device type '{}'. Use --list-block-devices to see supported types", blktype); | ||
| if is_error { | ||
| result.add_error(blktype, &msg); | ||
| } else { | ||
| result.add_warning(blktype, &msg); | ||
| } |
There was a problem hiding this comment.
The unknown block-device error suggests using --list-block-devices, but the CLI flag implemented for listing is microgen info --block-devices. Update the message to point to the correct command/flag.
Added the last missing piece, adding the firmware files. I went the way to specify file with records SRC:DST and specifying the base of the firmware in config file to limit the misuse of copying the files.
Will be nice to see you there in person. I meant only to mention it uses |
|
@phodina seems like The System ™ isn't completely happy and seems some of these points are quite valid. Could you please take a look? |
|
@isbm sure will look into it tomorrow :) |
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
…systems Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
…he generator) Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
Signed-off-by: Petr Hodina <petr.hodina@protonmail.com>
3 participants
@isbm thanks for this project, here's small MR with demo ;-)
(support for
aarch64-linuxandx86_64-linuxplatforms)overlayfsto support read-only rootfsand block device for rootfs during creation