squashfs -> ext4, which makes images ~5x larger. :(

chkno · chkno · commit 68bdafb07183 · 2023-07-21T02:49:01.000-07:00
NixOS/nixpkgs#236656 changed NixOS's qemu-vm disk-finding mechanism to use filesystem labels. squashfs doesn't support filesystem labels (see plougher/squashfs-tools#59 ). So we can't use squashfs anymore. :( The simple test's nix store image is 240M as squashfs and 1.3G as ext4.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 Isolate NixOS QEMU VMs from each other and from the host by using a
-squashfs for the VM's /nix/store that contains only the VM's dependencies
+private /nix/store image that contains only the VM's dependencies
 (like the installer has) rather than a virtio mount of the host's entire
 /nix/store.
 
diff --git a/modules/qemu-vm-isolation.nix b/modules/qemu-vm-isolation.nix
@@ -14,21 +14,35 @@ let
 
 in {
 
-  boot.initrd.availableKernelModules = [ "squashfs" ];
-
   fileSystems = mkVMOverride {
     "${storeMountPath}" = {
       device =
         lookupDriveDeviceName "nixstore" config.virtualisation.qemu.drives;
-      fsType = "squashfs";
+      fsType = "ext4";
       options = [ "ro" ];
       neededForBoot = true;
     };
   };
 
-  system.build.squashfsStore =
-    pkgs.callPackage (modulesPath + "/../lib/make-squashfs.nix") {
-      storeContents = config.virtualisation.additionalPaths;
+  # We use this to disable fsck runs on the ext4 nix store image because stage-1
+  # fsck crashes (maybe because the device is read-only?), halting boot.
+  boot.initrd.checkJournalingFS = false;
+
+  system.build.nixStoreImage =
+    import (modulesPath + "/../lib/make-disk-image.nix") {
+      inherit pkgs config lib;
+      additionalPaths = [
+        (config.virtualisation.host.pkgs.closureInfo {
+          rootPaths = config.virtualisation.additionalPaths;
+        })
+      ];
+      onlyNixStore = true;
+      label = "nix-store";
+      partitionTableType = "none";
+      installBootLoader = false;
+      diskSize = "auto";
+      additionalSpace = "0M";
+      copyChannel = false;
     };
 
   virtualisation = {
@@ -37,7 +51,7 @@ in {
 
     qemu.drives = [{
       name = "nixstore";
-      file = "${config.system.build.squashfsStore}";
+      file = "${config.system.build.nixStoreImage}/nixos.img";
       driveExtraOpts = {
         format = "raw";
         read-only = "on";
