From 39b18d3bbc8324ed870cfe770c9973801e9cf0dd Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Wed, 14 Feb 2024 21:49:18 +0100
Subject: [PATCH] nixos-modules/microvm/store-disk: fallback to squashfs when
 the nixos hardened profile is imported

Fixes Github issue #202
---
 checks/default.nix                   | 10 ++++++++++
 nixos-modules/microvm/store-disk.nix |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/checks/default.nix b/checks/default.nix
index 8ac5cb06..bf787daf 100644
--- a/checks/default.nix
+++ b/checks/default.nix
@@ -100,6 +100,16 @@ let
         boot.initrd.systemd.enable = true;
       } ];
     } ]
+    # hardened profile
+    [ {
+      # no
+      id = null;
+    } {
+      id = "hardened";
+      modules = [ ({ modulesPath, ... }: {
+        imports = [ "${modulesPath}/profiles/hardened.nix" ];
+      }) ];
+    } ]
   ];
 
   allVariants =
diff --git a/nixos-modules/microvm/store-disk.nix b/nixos-modules/microvm/store-disk.nix
index 1607b079..811cb148 100644
--- a/nixos-modules/microvm/store-disk.nix
+++ b/nixos-modules/microvm/store-disk.nix
@@ -24,7 +24,11 @@ in
   options.microvm = with lib; {
     storeDiskType = mkOption {
       type = types.enum [ "squashfs" "erofs" ];
-      default = "erofs";
+      # nixos/modules/profiles/hardened.nix forbids erofs
+      default =
+        if builtins.elem "erofs" config.boot.blacklistedKernelModules
+        then "squashfs"
+        else "erofs";
       description = ''
         Boot disk file system type: squashfs is smaller, erofs is supposed to be faster.
       '';