Docker + Modular Kernel Config Support

.dockerignore

@@ -0,0 +1 @@
+.gitignore

DEVELOPMENT.md

@@ -184,13 +184,12 @@ For comprehensive mkosi options, see: [mkosi Documentation](https://github.com/s
 ## Custom Kernel Configuration
 
 Flashboxes supports custom kernel configurations through base configs and snippets.
-However, this functionality is only available once [PR #11](https://github.com/flashbots/flashboxes/pull/11) is merged.
 
 ### Using Kernel Snippets
 
-Create kernel configuration snippets in `kernel/snippets/`:
+Create a custom kernel config snippet in your module folder:
 
-**`kernel/snippets/myfeature.config`**:
+**`module/kernel.config`**:
 ```
 # Enable custom features
 CONFIG_MY_FEATURE=y
@@ -199,10 +198,10 @@ CONFIG_MY_FEATURE=y
 **Enable in your module**:
 ```ini
 [Build]
-Environment=KERNEL_CONFIG_SNIPPETS=myfeature,another-snippet
+Environment=KERNEL_CONFIG_SNIPPETS=module/kernel.config,module/another-kernel-snippet.config
 ```
 
-These snippets will be applied on top of the base configuration in `kernel/kernel-yocto.config`
+These snippets will be applied over the base configuration in `kernel/kernel-yocto.config`
 
 ## Adding Source Repositories
 
@@ -605,6 +604,36 @@ sudo dpkg -i mypackage-1.0.deb
 
 For comprehensive .deb creation, see: [Debian New Maintainers' Guide](https://www.debian.org/doc/manuals/maint-guide/)
 
+## Building with Podman (Not Recommended)
+For systems without systemd v250+ or where Nix installation isn't feasible, you can use the experimental Podman containerization support. This approach is not recommended due to slower build times and a complex setup process.
+1. Configure the Podman daemon to use a storage driver other than OverlayFS  
+   - The btrfs driver is fastest, but requires that you have a btrfs filesystem
+   - The storage driver can be configuring by editing `/etc/containers/storage.conf`
+2. Build the development container:
+   ```
+   sudo podman build -t flashbots-images .
+   ```
+3. Create required directories
+   ```
+   mkdir mkosi.packages mkosi.cache mkosi.builddir build 
+   ```
+4. Run the container with proper mounts and privilages
+   ```
+   sudo podman run \
+     --storage-driver btrfs \
+     --privileged \
+     --cap-add=ALL \
+     --security-opt label=disable \
+     -it \
+     -v $(pwd)/mkosi.packages:/home/ubuntu/mkosi/mkosi.packages \
+     -v $(pwd)/mkosi.cache:/home/ubuntu/mkosi/mkosi.cache \
+     -v $(pwd)/mkosi.builddir:/home/ubuntu/mkosi/mkosi.builddir \
+     -v $(pwd)/build:/home/ubuntu/mkosi/build \
+     flashbots-images
+   ```
+   > Replace "btrfs" with your chosen storage driver
+5. Run the desired `mkosi` command inside the shell Podman environment
+
 ## Debugging and Troubleshooting
 
 ### mkosi Debugging

Dockerfile

@@ -4,20 +4,19 @@ RUN apt-get update && apt-get install -y \
     curl git sudo qemu-system-x86 qemu-utils \
     debian-archive-keyring systemd-boot reprepro xz-utils
 
-RUN adduser --disabled-password --gecos '' nix && \
-    echo "nix ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nix && \
-    chmod 0440 /etc/sudoers.d/nix
+RUN echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && \
+    chmod 0440 /etc/sudoers.d/ubuntu
 
-COPY --chown=nix:nix . /home/nix/mkosi
-RUN mkdir -p /home/nix/mkosi/mkosi.packages /home/nix/mkosi/mkosi.cache \
-        /home/nix/mkosi/mkosi.builddir /home/nix/mkosi/build /nix && \
-    chown -R nix:nix /home/nix/mkosi /nix
+COPY --chown=ubuntu:ubuntu . /home/ubuntu/mkosi
+RUN mkdir -p /home/ubuntu/mkosi/mkosi.packages /home/ubuntu/mkosi/mkosi.cache \
+        /home/ubuntu/mkosi/mkosi.builddir /home/ubuntu/mkosi/build /nix && \
+    chown -R ubuntu:ubuntu /home/ubuntu/mkosi /nix
 
-USER nix
+USER ubuntu
 RUN curl -L https://nixos.org/nix/install | sh -s -- --no-daemon && \
     mkdir -p ~/.config/nix ~/.cache/mkosi/ && \
     echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf
-RUN /home/nix/.nix-profile/bin/nix develop -c /bin/true
 
-WORKDIR /home/nix/mkosi
-ENTRYPOINT ["/home/nix/.nix-profile/bin/nix", "develop", "-c", "/bin/bash"]
+WORKDIR /home/ubuntu/mkosi
+RUN /home/ubuntu/.nix-profile/bin/nix develop -c /bin/true
+ENTRYPOINT ["/home/ubuntu/.nix-profile/bin/nix", "develop", "-c", "/bin/bash"]

README.md

@@ -19,7 +19,7 @@ For more information about this repository, see [the Flashbots collective post](
 
 ### Prerequisites
 
-0. Make sure you're running systemd v250 or greater, or wait for [Docker support](https://github.com/flashbots/flashboxes/pull/11)
+0. Make sure you're running systemd v250 or greater. Alternatively, you can utilize experimental [container support](DEVELOPMENT.md#building-with-podman-not-recommended).
 
 1. **Install Nix** (single user mode is sufficient):
    ```bash

base/base.conf

@@ -22,7 +22,7 @@ SkeletonTrees=base/mkosi.skeleton
 FinalizeScripts=base/debloat.sh
 PostInstallationScripts=base/debloat-systemd.sh
 PostInstallationScripts=base/efi-stub.sh
-BuildScripts=base/mkosi.build
+BuildScripts=kernel/mkosi.build
 
 CleanPackageMetadata=true
 Packages=kmod
@@ -43,3 +43,12 @@ BuildPackages=build-essential
               pkg-config
               clang
               cargo
+              flex
+              bison
+              elfutils
+              bc
+              perl
+              gawk
+              zstd
+              libssl-dev
+              libelf-dev

bob/bob.conf

@@ -1,5 +1,5 @@
 [Build]
-Environment=LIGHTHOUSE_BINARY
+Environment=LIGHTHOUSE_BINARY KERNEL_CONFIG_SNIPPETS=bob/kernel.config
 WithNetwork=true
 
 [Content]

bob/kernel.config

@@ -0,0 +1,36 @@
+CONFIG_IPV6=n
+CONFIG_NETFILTER_NETLINK=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK_MARK=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_CT_PROTO_SCTP=y
+CONFIG_NF_CT_PROTO_UDPLITE=y
+CONFIG_NF_CT_NETLINK=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NF_TABLES_ARP=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NETFILTER_XTABLES_COMPAT=y
+CONFIG_NFT_CT=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_REJECT_INET=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_NAT=y
+CONFIG_NFT_REDIR=y
+CONFIG_NFT_OBJREF=y
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_RAW=y
+CONFIG_NET_SCHED=y

buildernet/buildernet.conf

@@ -21,5 +21,4 @@ BuildPackages=libleveldb-dev
               zlib1g-dev
               libzstd-dev
               libpq-dev
-              libssl-dev
               protobuf-compiler

flake.nix

@@ -5,7 +5,6 @@
   let
     system = "x86_64-linux";
     pkgs = import nixpkgs { inherit system; };
-    kernel = import ./kernel.nix { inherit pkgs; };
     reprepro = pkgs.stdenv.mkDerivation rec {
       name = "reprepro-${version}";
       version = "4.16.0";
@@ -32,17 +31,8 @@
       ] ++ [ reprepro ];
     };
   in {
-    packages.${system} = {
-      kernel = kernel;
-      default = kernel;
-    };
-
     devShells.${system}.default = pkgs.mkShell {
       nativeBuildInputs = [ pkgs.qemu mkosi ];
-
-      KERNEL_IMAGE = "${kernel}/bzImage";
-      KERNEL_VERSION = kernel.version;
-
       shellHook = ''
         mkdir -p mkosi.packages mkosi.cache mkosi.builddir ~/.cache/mkosi
       '';