diff options
| -rw-r--r-- | hosts/muhammed/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/configuration/configuration.nix | 33 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/configuration/ssh.nix | 24 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/configuration/user.nix | 23 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/configuration/virtualization.nix | 46 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/default.nix | 68 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key | 7 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key.pub | 1 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key | 7 | ||||
| -rw-r--r-- | hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key.pub | 1 |
10 files changed, 211 insertions, 0 deletions
diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix index 54fd36e..3fa1290 100644 --- a/hosts/muhammed/configuration.nix +++ b/hosts/muhammed/configuration.nix @@ -10,6 +10,7 @@ ../../shared/nixos-and-darwin/common-hm-settings ./remote-builders + ./dev-vm ./update-git-repos ]; diff --git a/hosts/muhammed/dev-vm/configuration/configuration.nix b/hosts/muhammed/dev-vm/configuration/configuration.nix new file mode 100644 index 0000000..9659293 --- /dev/null +++ b/hosts/muhammed/dev-vm/configuration/configuration.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + hostPkgs, + workingDirectory, + ... +}: { + imports = [ + ../../../../shared/nixos/danish + ../../../../shared/nixos/common-nix-settings + ../../../../shared/nixos/common-shell-settings + ../../../../shared/nixos-and-darwin/common-hm-settings + + ./virtualization.nix + ./ssh.nix + ./user.nix + ]; + + networking.hostName = "dev-vm"; + + system.build.macos-vm-installer = hostPkgs.writeShellScriptBin "create-builder" '' + set -euo pipefail + + ${lib.optionalString (workingDirectory != ".") '' + # When running as non-interactively as part of a DarwinConfiguration the working directory + # must be set to a writeable directory. + ${hostPkgs.coreutils}/bin/mkdir --parent -- ${lib.escapeShellArg workingDirectory} + cd -- ${lib.escapeShellArg workingDirectory} + ''} + + ${lib.getExe config.system.build.vm} + ''; +} diff --git a/hosts/muhammed/dev-vm/configuration/ssh.nix b/hosts/muhammed/dev-vm/configuration/ssh.nix new file mode 100644 index 0000000..fbafc62 --- /dev/null +++ b/hosts/muhammed/dev-vm/configuration/ssh.nix @@ -0,0 +1,24 @@ +{...}: { + services.openssh.enable = true; + + # Allow incomming connections from the VM host. + users.users.linus.openssh.authorizedKeys.keyFiles = [(toString ../keys/ssh_vmhost_ed25519_key.pub)]; + + # Don't generate any host keys automatically. We will use these hardcoded + # ones instead. Storing keys in plaintext would normally be SUPER SUPER BAD + # but in this case it doesn't matter, since it's just a local VM. + services.openssh.hostKeys = []; + + # Install the very public private key. + environment.etc = { + # Note the seemingly reversed file names: "host" in this filename is relative to the VM guest. + "ssh/ssh_host_ed25519_key" = { + mode = "0600"; + source = ../keys/ssh_vmguest_ed25519_key; + }; + "ssh/ssh_host_ed25519_key.pub" = { + mode = "0644"; + source = ../keys/ssh_vmguest_ed25519_key.pub; + }; + }; +} diff --git a/hosts/muhammed/dev-vm/configuration/user.nix b/hosts/muhammed/dev-vm/configuration/user.nix new file mode 100644 index 0000000..bf2b93f --- /dev/null +++ b/hosts/muhammed/dev-vm/configuration/user.nix @@ -0,0 +1,23 @@ +{ + # Register the user which we will be logging into from the host. + users.users.linus = { + isNormalUser = true; + password = "diller"; # Don't care. No security implications. + extraGroups = ["wheel"]; + }; + + home-manager.users.linus = { + imports = [ + ../../../../shared/home-manager/development-full + ]; + home.stateVersion = "24.05"; + }; + + # Allow passwordless sudo for easy use. We don't have to be too worried about wrecking the system. + security.sudo.extraRules = [ + { + users = ["linus"]; + commands = ["ALL"]; + } + ]; +} diff --git a/hosts/muhammed/dev-vm/configuration/virtualization.nix b/hosts/muhammed/dev-vm/configuration/virtualization.nix new file mode 100644 index 0000000..bf24b4b --- /dev/null +++ b/hosts/muhammed/dev-vm/configuration/virtualization.nix @@ -0,0 +1,46 @@ +{ + hostPkgs, + hostPort, + modulesPath, + ... +}: { + imports = [ + "${modulesPath}/virtualisation/qemu-vm.nix" + ]; + + virtualisation.host = {pkgs = hostPkgs;}; + + # DNS fails for QEMU user networking (SLiRP) on macOS. + # + # This works around that by using a public DNS server other than the DNS + # server that QEMU provides (normally 10.0.2.3) + # + # See: https://github.com/utmapp/UTM/issues/2353 + networking.nameservers = ["8.8.8.8"]; + + # System is deployed by image. + system.disableInstallerTools = true; + + virtualisation.forwardPorts = [ + { + from = "host"; + guest.port = 22; + host.port = hostPort; + } + ]; + + # We will be connecting over SSH. + virtualisation.graphics = false; + + # When the Nix store is shared with the VM host via 9p (the default) and the + # VM host is a Darwin system with the store mounted on a case-insensitive + # APFS volume (also the default), the case-hack will be visible on the guest. + # + # With NixOS/nixpkgs#347636 this is fixed for store images, but not for the + # 9P protocol. So for now we will use that as a temporary fix. + # + # See: https://github.com/NixOS/nix/issues/9319 + # See: https://nix.dev/manual/nix/2.24/command-ref/conf-file.html#conf-use-case-hack + virtualisation.useNixStoreImage = true; + virtualisation.writableStore = true; # Only default for mounted store. +} diff --git a/hosts/muhammed/dev-vm/default.nix b/hosts/muhammed/dev-vm/default.nix new file mode 100644 index 0000000..e7fb05b --- /dev/null +++ b/hosts/muhammed/dev-vm/default.nix @@ -0,0 +1,68 @@ +# This module sets up a development VM which I use for developing Linux stuff +# on this Darwin host. +{ + lib, + pkgs, + flakeInputs, + flakeOutputs, + metadata, + ... +}: let + workingDirectory = "/var/lib/dev-vm"; + + # Port 22 on the guest is forwarded to this port on the host. + port = 31023; + + guest-system = import "${pkgs.path}/nixos" { + configuration = { + imports = [ + { + _module.args = { + hostPkgs = pkgs; + hostPort = port; + inherit workingDirectory flakeInputs flakeOutputs metadata; + }; + } + flakeInputs.home-manager.nixosModules.home-manager + flakeInputs.agenix.nixosModules.default + ./configuration/configuration.nix + ]; + }; + system = builtins.replaceStrings ["darwin"] ["linux"] pkgs.stdenv.hostPlatform.system; + }; +in { + system.activationScripts.preActivation.text = '' + mkdir -p ${lib.escapeShellArg workingDirectory} + ''; + + launchd.agents.dev-vm = { + script = '' + # create-builder uses TMPDIR to share files with the builder, notably certs. + # macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days. + # If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish. + # So we'll use /run/org.nixos.dev-vm instead and clean it up ourselves. + export TMPDIR=/run/org.nixos.dev-vm + export USE_TMPDIR=1 + + rm -rf "$TMPDIR" + mkdir -p "$TMPDIR" + trap 'rm -rf "$TMPDIR"' EXIT + + ${guest-system.config.system.build.macos-vm-installer}/bin/create-builder + ''; + + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + WorkingDirectory = workingDirectory; + }; + }; + + environment.etc."ssh/ssh_config.d/100-dev-vm.conf".text = '' + Host ${guest-system.config.networking.hostName} + User linus # Also hardcoded in `configuration.nix`. + Hostname localhost + Port ${toString port} + IdentityFile ${./keys/ssh_vmhost_ed25519_key} + ''; +} diff --git a/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key b/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key new file mode 100644 index 0000000..6452f7c --- /dev/null +++ b/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAO3LQOkRUaZzC8yHFW0+Wp6Ax3QsftNp6hlVsKeyh11gAAAJhSD0sNUg9L +DQAAAAtzc2gtZWQyNTUxOQAAACAO3LQOkRUaZzC8yHFW0+Wp6Ax3QsftNp6hlVsKeyh11g +AAAEClA0qa/lQtOR0/LNNl1kZy3apqcZ7sqlwxxahaEAcWiw7ctA6RFRpnMLzIcVbT5ano +DHdCx+02nqGVWwp7KHXWAAAADmxpbnVzQG11aGFtbWVkAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key.pub b/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key.pub new file mode 100644 index 0000000..1d52ccc --- /dev/null +++ b/hosts/muhammed/dev-vm/keys/ssh_vmguest_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7ctA6RFRpnMLzIcVbT5anoDHdCx+02nqGVWwp7KHXW linus@muhammed diff --git a/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key b/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key new file mode 100644 index 0000000..dc4e120 --- /dev/null +++ b/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACATv/7WLWrdsK14Ve5s8spym4lEstPnPYRG6IGHCfwbMQAAAJi/z+mkv8/p +pAAAAAtzc2gtZWQyNTUxOQAAACATv/7WLWrdsK14Ve5s8spym4lEstPnPYRG6IGHCfwbMQ +AAAECDdmZO8TzLqIjLnyB6NjU2G8GTHzAIhvIomm0n5CJBfxO//tYtat2wrXhV7mzyynKb +iUSy0+c9hEbogYcJ/BsxAAAADmxpbnVzQG11aGFtbWVkAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key.pub b/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key.pub new file mode 100644 index 0000000..60d161c --- /dev/null +++ b/hosts/muhammed/dev-vm/keys/ssh_vmhost_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBO//tYtat2wrXhV7mzyynKbiUSy0+c9hEbogYcJ/Bsx |