Skip to content

sotormd/pattern

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
flag-0.0.1
flag-0.0.1
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

pattern

Immutable, atomic, image-based systems provisioned using Nix.

Goals

  • Base image generated using systemd-repart
  • Verity on erofs root Nix Store using systemd-veritysetup
  • Inflatable TPMv2 LUKS-encrypted persistent partition using systemd-repart
  • Unprivileged user setup on first boot using systemd-homed
  • Signed A/B updates over the I2P network using systemd-sysupdate
  • Distrobox, bubblewrap and xdg-dbus-proxy to install and sandbox apps
  • Minimal GNOME desktop

Demonstration

To create and run a demonstration image in virt-manager under QEMU/KVM

  1. Build the image.

    nix build github:sotormd/pattern#flag

  2. Increase the image disk size for persistent partition.

    cp result/flag_*.raw /tmp/flag.raw
chmod +w /tmp/flag.raw
qemu-img resize -f raw /tmp/flag.raw "+100G"

  3. Create a QEMU/KVM guest in virt-manager with UEFI and a TPM 2.0 device. Attach this disk and boot the guest.

About

Immutable, atomic, image-based systems provisioned using Nix.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages