Skip to main content

SigilOS — the base image

SigilOS is the NixOS-based image that the Kenaz Sandbox VM boots into. It's defined as a Nix flake in sigil-tech/sigil-os, extended for the workbench in sigil-tech/kenaz-sandbox under nix/sigil-workbench.nix.

🚧 This page is a stub. Fill in as the image stabilizes.

What's in the image

  • Linux kernel (TBD — pin version once the base flake stabilizes)
  • systemd as PID 1
  • greetd for autologin
  • sway as the window manager (kiosk-mode config — see docs/sway-kiosk-security-review.md in kenaz-sandbox)
  • The workbench-app systemd service (started after greetd autologin)
  • vsock kernel module loaded at boot
  • Hardened defaults: TBD — document the specific sysctls + module blocklists once they're locked in

Building the image

From the kenaz-sandbox repo on a Linux aarch64 host:

make image-aarch64

macOS engineers download the latest CI-built image instead of building locally:

make download-image

This pulls the workbench-vm-aarch64 artifact from the latest CI run on the main branch via gh run download.

Customizing the image

Add or replace NixOS modules in nix/. The workbench-specific module is nix/sigil-workbench.nix; the SigilOS base modules live in the upstream flake.

📝 TODO: document the layering — what's in the SigilOS flake vs. what kenaz-sandbox adds, and the override pattern for adding a new systemd service or kernel module.

Image distribution

Today, images are distributed via GitHub Actions artifacts (90-day retention, 10 GB job cap). For wider distribution we'll likely move to an S3 bucket fronted by CloudFront with presigned URLs — not done yet. See docs/build-profile.md in the kenaz-sandbox repo for current image size + boot-time targets.