kata-image: allow remount service to manage /run

We're configuring a tmpfs with 50% of the VMs memory capacity in kata.nix, but this configuration is only applied by systemd-remount-fs.service, which we thus need to enable. That service tries to remount all filesystems, though, so we need to define them correctly in the first place so that they can be remounted. In our case, that meant defining the / mount as read-only.
edgelesssys · Dec 10, 2024 · cf0f2f7 · cf0f2f7
1 parent 7386451
commit cf0f2f7
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/packages/nixos/system.nix b/packages/nixos/system.nix
@@ -47,6 +47,7 @@
       "/" = {
         device = "/dev/mapper/root";
         fsType = "erofs";
+        options = [ "ro" ];
       };
     }
     # Create tmpfs on directories that need to be writable for activation.
@@ -72,10 +73,6 @@
         ]
     );
 
-  # We cant remount anything in the userspace, as we already
-  # have the rootfs mounted read-only from the initrd.
-  systemd.suppressedSystemUnits = [ "systemd-remount-fs.service" ];
-
   networking.firewall.enable = false;
 
   nixpkgs.hostPlatform.system = "x86_64-linux";