init commit

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -0,0 +1,4 @@
+*.img
+*.qcow2
+.direnv
+linux*

flake.lock

@@ -0,0 +1,25 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1707238373,
+        "narHash": "sha256-WKxT0yLzWbFZwYi92lI0yWJpYtRaFSWHGX8QXzejapw=",
+        "rev": "fb0c047e30b69696acc42e669d02452ca1b55755",
+        "revCount": 555442,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2311.555442%2Brev-fb0c047e30b69696acc42e669d02452ca1b55755/018d8628-6732-76b7-b9c7-12c4fc4e280f/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/%2A.tar.gz"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,75 @@
+{
+  inputs = {
+    # a better way of using the latest stable version of nixpkgs
+    # without specifying specific release
+    nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*.tar.gz";
+  };
+
+  outputs = { self, nixpkgs }:
+    let
+      # helpers for producing system-specific outputs
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit system; };
+      });
+    in {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          inputsFrom = with pkgs; [ linux_latest ];
+          packages = with pkgs; [
+            # for a better kernel developer workflow
+            b4
+            neovim
+            rustup
+
+            # for "make menuconfig"
+            pkg-config
+            ncurses.dev
+
+            # formatting this flake
+            nixpkgs-fmt
+          ]
+          # testing the built kernel in a VM using QEMU
+          ++ (with pkgs; [
+            qemu_kvm
+            debootstrap # fur creating ze rootfs
+          ])
+          # extra utilities _I_ find useful
+          ++ (with pkgs; [
+            bat
+            broot
+            choose
+            fd
+            ripgrep
+          ])
+          # packages related to debugging
+          # BE CAREFUL NOT TO MIX LLVM TOOLCHAIN'S TOOLS WITH GNU'S TOOLS
+          ++ (with pkgs; [
+            #clang-tools
+            #gdb
+            #lldb
+          ])
+          # LLVM 15 toolchain (as per Linux 6.6)
+          # but commented out since there is some Nix fuckery with stdenv which has
+          # GNU toolchain and that interferes with LLVM's
+          ++ (with pkgs.llvmPackages_15; [
+            #bintools
+            #clang
+            #libcxx
+            #lld
+          ]);
+
+          # Disable '-fno-strict-overflow' compiler flag because it causes the build to fail with the following error:
+          # clang-16: error: argument unused during compilation: '-fno-strict-overflow' [-Werror,-Wunused-command-line-argument]
+          hardeningDisable = [ "strictoverflow" ];
+
+          env = {
+            #LLVM = 1;
+          };
+
+          shellHook = ''
+          '';
+        };
+      });
+    };
+}

scripts/boot-kernel.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -xeuf
+
+qemu-kvm \
+    -machine virt \
+    -cpu host \
+    -smp 2 \
+    -m 2048 \
+    -accel kvm \
+    -nographic \
+    -kernel "$1" \
+    -hda "$2" \
+    -netdev user,id=mynet0,hostfwd=tcp::6902-:22 \
+    -device virtio-net-pci,netdev=mynet0 \
+    -append 'root=/dev/vda rw systemd.show_status=false'

scripts/build-kernel-and-install.sh

@@ -0,0 +1,97 @@
+#!/usr/bin/env bash
+
+set -xeu -o pipefail
+
+# TODO:
+# 1. Verify options' states
+# 2. UKI
+
+ALL_JOBS=$(( $(nproc) + 2 ))
+SUDO_ALIAS='sudo --preserve-env=PATH env' # use this alias for su-do-ing binaries provided by Nix
+K_CONFIG="${1:-}"
+K_LOCALVERSION="-$(date +%Y.%m.%d.%H%M)"
+
+function remove_kernel() {
+    INSTALL_DIRS=(/boot /lib/modules /usr)
+    K_RELEASE="$(make -s kernelrelease)"
+    for d in "${INSTALL_DIRS[@]}"; do
+        sudo rm -rvf "$d"/*"${K_RELEASE}"*
+    done
+}
+
+if [[ "${K_CONFIG}" == 'clean' ]]; then
+    remove_kernel
+    exit 0
+fi
+
+function configure_kernel() {
+    if [[ -z "${K_CONFIG}" ]]; then
+        cp "/boot/config-$(uname -r)" .config
+    else
+        make "${K_CONFIG}"
+    fi
+    common_config
+}
+
+function common_config() {
+    # internal Kconfig
+    ./scripts/config --enable CONFIG_IKCONFIG
+    ./scripts/config --enable CONFIG_IKCONFIG_PROC
+    # internal headers
+    ./scripts/config --enable CONFIG_IKHEADERS
+
+    # UKI
+    ./scripts/config --enable CONFIG_EFI_ZBOOT
+
+    # debugging
+    ./scripts/config --enable CONFIG_SCHED_DEBUG
+
+    if [[ "${K_CONFIG}" == 'tinyconfig' ]]; then
+        tinyconfig_prep
+    elif [[ "${K_CONFIG}" == 'defconfig' ]]; then
+        defconfig_prep
+    else
+        # disable the Debian/Ubuntu module signing key thingy
+        ./scripts/config --disable CONFIG_MODULE_SIG
+
+        # disable AEGIS-128 (ARM{,64} NEON})
+        # https://github.com/NixOS/nixpkgs/issues/74744
+        # plus, this kernel won't run in "prod", so this isn't even a "nice to have"
+        ./scripts/config --disable CONFIG_CRYPTO_AEGIS128_SIMD
+    fi
+}
+
+function defconfig_prep() {
+    # empty for now
+    echo 'empati'
+}
+function tinyconfig_prep() {
+    # initramfs
+    ./scripts/config --enable CONFIG_BLK_DEV_INITRD
+    ./scripts/config --set-str CONFIG_INITRAMFS_SOURCE ''
+    ./scripts/config --enable CONFIG_RD_ZSTD
+    ./scripts/config --enable CONFIG_XXHASH
+    ./scripts/config --enable CONFIG_ZSTD_COMMON
+    ./scripts/config --enable CONFIG_ZSTD_DECOMPRESS
+    ./scripts/config --enable CONFIG_DECOMPRESS_ZSTD
+
+    # EFI stub
+    ./scripts/config --enable CONFIG_EFI
+    ./scripts/config --enable CONFIG_EFI_STUB
+}
+
+rm -vf .config*
+${SUDO_ALIAS} make distclean
+configure_kernel
+./scripts/config --set-str LOCALVERSION "${K_LOCALVERSION}"
+make -j$ALL_JOBS olddefconfig all
+
+sudo cp .config "/boot/config-$(make -s kernelrelease)"
+${SUDO_ALIAS} make -j$ALL_JOBS headers_install dtbs_install modules_install || remove_kernel
+${SUDO_ALIAS} make install || echo "WARNING: \`sudo make install\` failed, you're on your own now."
+
+if command -v update-grub > /dev/null; then
+    sudo update-grub
+elif command -v grub2-mkconfig > /dev/null; then
+    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+fi

scripts/debian-rootfs/chroot-script.sh

@@ -0,0 +1,41 @@
+PKGS=(
+    network-manager
+    sudo
+)
+USER_COMMENT='Pratham Patel'
+USER_NAME='pratham'
+USER_GROUPS='sudo'
+
+apt-get update
+apt-get install -y "${PKGS[@]}"
+apt-get upgrade -y
+
+useradd \
+    --uid 1000 \
+    --create-home \
+    --comment "${USER_COMMENT}" \
+    --user-group "${USER_NAME}" \
+    --groups "${USER_GROUPS}"
+sed -i "s/# %wheel\tALL=(ALL)\tNOPASSWD: ALL/%wheel\tALL=(ALL)\tNOPASSWD: ALL/" /etc/sudoers
+chsh -s "$(which bash)" "${USER_NAME}"
+passwd -d "${USER_NAME}"
+chsh -s "$(which bash)" root
+passwd -d root
+
+systemctl enable NetworkManager.service
+mkdir -p /etc/systemd/system/getty@tty1.service.d/
+mkdir -p /etc/systemd/system/serial-getty@tty{AMA,S}0.service.d/
+cat << EOF > /etc/systemd/system/getty@tty1.service.d/autologin.conf
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin ${USER_NAME} %I \$TERM
+EOF
+cat << EOF > /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --keep-baud --autologin ${USER_NAME} 1500000,115200,57600,38400,9600 - \$TERM
+EOF
+cp /etc/systemd/system/serial-getty@tty{S,AMA}0.service.d/autologin.conf
+
+echo 'debian' | tee /etc/hostname
+echo '127.0.0.1       debian' | tee -a /etc/hosts

scripts/debian-rootfs/create-debian-rootfs.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -xeuf -o pipefail
+
+# unless specified, use stable since bootstrapping sid **has** resulted in failed bootstraps
+VERSION_CODENAME="${1:-stable}"
+BOOTSTRAP_DIR='bootstrap.tmp'
+IMAGE_NAME="debian-$(uname -m)-${VERSION_CODENAME}-$(TZ='Asia/Kolkata' date +%Y%m%d).img"
+IMAGE_SIZE='10240M'
+export VERSION_CODENAME BOOTSTRAP_DIR IMAGE_NAME IMAGE_SIZE PKGS
+
+function errr() {
+    # 1. unmount
+    # 2. rmdir bootstrap_dir
+    # 3. detach from loopback
+    # 4. rm image
+    if mount | grep "${BOOTSTRAP_DIR}" > /dev/null; then
+        sudo umount -R "${BOOTSTRAP_DIR}"
+    fi
+    rmdir "${BOOTSTRAP_DIR}"
+
+    if losetup --list --all | grep "${LOOP_DEV}" > /dev/null; then
+        sudo losetup -d "${LOOP_DEV}"
+    fi
+    rm "${IMAGE_NAME}"
+}
+trap errr ERR
+
+if [[ -f "${IMAGE_NAME}" ]]; then
+    echo 'Image already exists, no need to run this script.'
+    exit 0
+fi
+
+# create img and bootstrap_dir
+truncate -s "${IMAGE_SIZE}" "${IMAGE_NAME}"
+mkdir -p "${BOOTSTRAP_DIR}"
+
+# format
+# mount to loopback
+# mount loopback to bootstrap_dir
+mkfs.ext4 "${IMAGE_NAME}"
+LOOP_DEV="$(sudo losetup --find --partscan --show "${IMAGE_NAME}")"
+export LOOP_DEV
+sudo mount "${LOOP_DEV}" "${BOOTSTRAP_DIR}"
+
+# bootstrap and set empty password for root
+# shellcheck disable=SC2046
+sudo $(command -v debootstrap) "${VERSION_CODENAME}" "${BOOTSTRAP_DIR}"
+sudo cp chroot-script.sh "${BOOTSTRAP_DIR}/root/chroot-script.sh"
+sudo chroot "${BOOTSTRAP_DIR}" bash -c 'bash /root/chroot-script.sh'
+
+# "cleanup"
+sudo umount -R "${BOOTSTRAP_DIR}"
+rmdir "${BOOTSTRAP_DIR}"