Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Nix Derivations

The nix/ directory contains four derivations that produce the build artifacts. Each is called from flake.nix via pkgs.callPackage.

Build Pipeline

flowchart LR
    SQUASHFS["squashfs.nix"] --> ROOTFS["rootfs.squashfs"]
    BOOTSCRIPT["boot-script.nix"] --> BOOTSCR["boot.scr"]

    ROOTFS --> IMAGE["image.nix"]
    BOOTSCR --> IMAGE
    IMAGE --> IMGOUT["flashable .img"]

    ROOTFS --> RAUCBUNDLE["rauc-bundle.nix"]
    BOOTSCR --> RAUCBUNDLE
    RAUCBUNDLE --> BUNDLEOUT["signed .raucb for OTA"]

squashfs.nix

Purpose: Builds a read-only squashfs image from the full NixOS system closure.

Function signature:

{ stdenv, squashfsTools, closureInfo, nixosConfig, maxSquashfsSize }:
ParameterSourceDescription
nixosConfigrock64System.configEvaluated NixOS configuration
maxSquashfsSizeflake.nix (1 GB)Maximum allowed image size

Delegates to: scripts/build-squashfs.sh

Build steps:

  1. Compute all Nix store paths from closureInfo of system.build.toplevel
  2. Copy all store paths into a pseudo-root directory
  3. Create /init and /sbin/init symlinks to the NixOS init
  4. Create empty mount-point directories (/proc, /sys, /dev, /run, /etc, /var, /tmp, etc.)
  5. Run mksquashfs with zstd compression (level 19), 1 MB block size
  6. Fail if the image exceeds maxSquashfsSize

Output: $out/rootfs.squashfs

Compression options:

  • Algorithm: zstd (level 19)
  • Block size: 1 MiB (1048576)
  • No xattrs
  • All files owned by root

rauc-bundle.nix

Purpose: Builds a signed RAUC bundle containing boot (kernel + initrd + DTB + boot.scr) and rootfs (squashfs) images.

Function signature:

{ stdenv, rauc, dosfstools, mtools, squashfsTools,
  nixosConfig, squashfsImage, bootScript, signingCert, signingKeyPath, caCert }:
ParameterSourceDescription
nixosConfigrock64System.configProvides kernel/initrd/DTB paths
squashfsImagepackages.squashfsThe squashfs derivation output
bootScriptpackages.boot-scriptCompiled boot.scr
signingCert./certs/dev.signing.cert.pemRAUC signing certificate
signingKeyPath./certs/dev.signing.key.pemRAUC signing private key
caCert./certs/dev.ca.cert.pemCA certificate for verification

Delegates to: scripts/build-rauc-bundle.sh

Build steps:

  1. Create a 128 MB vfat image (boot.vfat)
  2. Copy kernel Image, initrd, DTB, and boot.scr into it using mtools
  3. Copy rootfs.squashfs into the bundle directory
  4. Generate manifest.raucm with compatible=rock64 and image definitions
  5. Sign and package with rauc bundle

Output: $out/rock64.raucb

Manifest structure:

[update]
compatible=rock64
version=<nixosConfig.system.nixos.version>

[image.boot]
filename=boot.vfat
type=raw

[image.rootfs]
filename=rootfs.squashfs
type=raw

boot-script.nix

Purpose: Compiles the U-Boot boot script from source (boot.cmd -> boot.scr).

Function signature:

{ stdenv, ubootTools, buildId }:
ParameterSourceDescription
buildIdflake.nixBuild identifier echoed during U-Boot boot

Build step:

mkimage -C none -A arm64 -T script -d boot.cmd boot.scr

Output: $out/boot.scr (compiled) and $out/boot.cmd (source copy)

image.nix

Purpose: Assembles the complete flashable disk image for eMMC provisioning.

Function signature:

{ stdenv, dosfstools, mtools, util-linux,
  ubootRock64, nixosConfig, squashfsImage, bootScript }:
ParameterSourceDescription
ubootRock64nixpkgsU-Boot package for Rock64
nixosConfigrock64System.configProvides kernel, initrd, DTB
squashfsImagepackages.squashfsSquashfs derivation
bootScriptpackages.boot-scriptCompiled boot.scr

Delegates to: scripts/build-image.sh

Image layout (total ~1170 MiB sparse):

OffsetSizeContentFilesystem
016 MBU-Boot raw
16 MB128 MBboot-avfat
144 MB1024 MBrootfs-asquashfs
1168 MBremainingunallocated

Output: $out/atomicnix-<series>.img

The image name is derived from the pinned NixOS release series (e.g., atomicnix-25.11.img). The image leaves the remaining eMMC space unallocated so initrd systemd-repart can create boot-b, rootfs-b, and /data on first boot.

GPT partition types: Boot partitions use the xbootldr GUID (BC13C2FF-...). Rootfs partitions use the Linux root aarch64 GUID (B921B045-...), which is the architecturally correct type for aarch64 root filesystems.

U-Boot raw writes:

  • idbloader.img at sector 64 (32 KB)
  • u-boot.itb at sector 16384 (8 MB)

boot-a contents: kernel Image, initrd, DTB (rockchip/rk3328-rock64.dtb), boot.scr