muhammed/dev-vm: Add development VM

4 files changed, 126 insertions, 0 deletions

diff --git a/hosts/muhammed/dev-vm/configuration/configuration.nix b/hosts/muhammed/dev-vm/configuration/configuration.nix
new file mode 100644
index 0000000..9659293
--- /dev/null
+++ b/hosts/muhammed/dev-vm/configuration/configuration.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  hostPkgs,
+  workingDirectory,
+  ...
+}: {
+  imports = [
+    ../../../../shared/nixos/danish
+    ../../../../shared/nixos/common-nix-settings
+    ../../../../shared/nixos/common-shell-settings
+    ../../../../shared/nixos-and-darwin/common-hm-settings
+
+    ./virtualization.nix
+    ./ssh.nix
+    ./user.nix
+  ];
+
+  networking.hostName = "dev-vm";
+
+  system.build.macos-vm-installer = hostPkgs.writeShellScriptBin "create-builder" ''
+    set -euo pipefail
+
+    ${lib.optionalString (workingDirectory != ".") ''
+      # When running as non-interactively as part of a DarwinConfiguration the working directory
+      # must be set to a writeable directory.
+      ${hostPkgs.coreutils}/bin/mkdir --parent -- ${lib.escapeShellArg workingDirectory}
+      cd -- ${lib.escapeShellArg workingDirectory}
+    ''}
+
+    ${lib.getExe config.system.build.vm}
+  '';
+}
diff --git a/hosts/muhammed/dev-vm/configuration/ssh.nix b/hosts/muhammed/dev-vm/configuration/ssh.nix
new file mode 100644
index 0000000..fbafc62
--- /dev/null
+++ b/hosts/muhammed/dev-vm/configuration/ssh.nix
@@ -0,0 +1,24 @@
+{...}: {
+  services.openssh.enable = true;
+
+  # Allow incomming connections from the VM host.
+  users.users.linus.openssh.authorizedKeys.keyFiles = [(toString ../keys/ssh_vmhost_ed25519_key.pub)];
+
+  # Don't generate any host keys automatically. We will use these hardcoded
+  # ones instead. Storing keys in plaintext would normally be SUPER SUPER BAD
+  # but in this case it doesn't matter, since it's just a local VM.
+  services.openssh.hostKeys = [];
+
+  # Install the very public private key.
+  environment.etc = {
+    # Note the seemingly reversed file names: "host" in this filename is relative to the VM guest.
+    "ssh/ssh_host_ed25519_key" = {
+      mode = "0600";
+      source = ../keys/ssh_vmguest_ed25519_key;
+    };
+    "ssh/ssh_host_ed25519_key.pub" = {
+      mode = "0644";
+      source = ../keys/ssh_vmguest_ed25519_key.pub;
+    };
+  };
+}
diff --git a/hosts/muhammed/dev-vm/configuration/user.nix b/hosts/muhammed/dev-vm/configuration/user.nix
new file mode 100644
index 0000000..bf2b93f
--- /dev/null
+++ b/hosts/muhammed/dev-vm/configuration/user.nix
@@ -0,0 +1,23 @@
+{
+  # Register the user which we will be logging into from the host.
+  users.users.linus = {
+    isNormalUser = true;
+    password = "diller"; # Don't care. No security implications.
+    extraGroups = ["wheel"];
+  };
+
+  home-manager.users.linus = {
+    imports = [
+      ../../../../shared/home-manager/development-full
+    ];
+    home.stateVersion = "24.05";
+  };
+
+  # Allow passwordless sudo for easy use. We don't have to be too worried about wrecking the system.
+  security.sudo.extraRules = [
+    {
+      users = ["linus"];
+      commands = ["ALL"];
+    }
+  ];
+}
diff --git a/hosts/muhammed/dev-vm/configuration/virtualization.nix b/hosts/muhammed/dev-vm/configuration/virtualization.nix
new file mode 100644
index 0000000..bf24b4b
--- /dev/null
+++ b/hosts/muhammed/dev-vm/configuration/virtualization.nix
@@ -0,0 +1,46 @@
+{
+  hostPkgs,
+  hostPort,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    "${modulesPath}/virtualisation/qemu-vm.nix"
+  ];
+
+  virtualisation.host = {pkgs = hostPkgs;};
+
+  # DNS fails for QEMU user networking (SLiRP) on macOS.
+  #
+  # This works around that by using a public DNS server other than the DNS
+  # server that QEMU provides (normally 10.0.2.3)
+  #
+  # See: https://github.com/utmapp/UTM/issues/2353
+  networking.nameservers = ["8.8.8.8"];
+
+  # System is deployed by image.
+  system.disableInstallerTools = true;
+
+  virtualisation.forwardPorts = [
+    {
+      from = "host";
+      guest.port = 22;
+      host.port = hostPort;
+    }
+  ];
+
+  # We will be connecting over SSH.
+  virtualisation.graphics = false;
+
+  # When the Nix store is shared with the VM host via 9p (the default) and the
+  # VM host is a Darwin system with the store mounted on a case-insensitive
+  # APFS volume (also the default), the case-hack will be visible on the guest.
+  #
+  # With NixOS/nixpkgs#347636 this is fixed for store images, but not for the
+  # 9P protocol. So for now we will use that as a temporary fix.
+  #
+  # See: https://github.com/NixOS/nix/issues/9319
+  # See: https://nix.dev/manual/nix/2.24/command-ref/conf-file.html#conf-use-case-hack
+  virtualisation.useNixStoreImage = true;
+  virtualisation.writableStore = true; # Only default for mounted store.
+}