NixOSConfig/lib/modules/custom-build-vm.nix

215 lines
7.1 KiB
Nix
Raw Normal View History

2024-05-01 00:07:12 +00:00
{ config, lib, options, pkgs, ... }:
let
packageName = "custom-nixos-vm";
2024-05-01 02:51:49 +00:00
# Determine `system.build` configuration without this file's influence
2024-05-01 02:42:31 +00:00
mergedBuildOption =
2024-05-01 00:07:12 +00:00
with options.system;
lib.mergeDefinitions
build.loc
build.type
(lib.lists.forEach
(
builtins.filter
(item:
!(lib.path.hasPrefix ./. (/. + item.file)))
build.definitionsWithLocations)
(item: { inherit (item) file value; }));
2024-05-01 02:51:49 +00:00
# Get vanilla `config.system.build.vm`
2024-05-01 02:42:31 +00:00
vanillaVM = mergedBuildOption.mergedValue.vm;
2024-05-01 00:07:12 +00:00
in {
2024-04-30 23:38:03 +00:00
options =
let
2024-05-01 02:51:49 +00:00
# Add new options to `config.virtualisation.vmVariant` and `config.virtualisation.vmVariantWithBootLoader`
2024-04-30 23:38:03 +00:00
vmVariantOptions = {
virtualisation = {
runAsRoot = lib.mkOption {
type = lib.types.bool;
2024-05-01 02:54:38 +00:00
description = "Whether to launch the VM as root.";
2024-04-30 23:38:03 +00:00
default = false;
};
2024-04-30 22:50:02 +00:00
2024-04-30 23:38:03 +00:00
sharedHostKeys = lib.mkOption {
type = lib.types.bool;
2024-05-01 02:54:38 +00:00
description = "Whether to share the local host SSH keys with the VM.";
2024-04-30 23:38:03 +00:00
default = false;
};
2024-05-08 09:13:07 +00:00
usb-redirect = lib.mkOption {
type = lib.types.bool;
description = lib.mdDoc "Whether to enable USB redirection to the VM.";
default = false;
};
virt-viewer = lib.mkOption {
type = lib.types.bool;
2024-05-01 02:54:38 +00:00
description = "Whether to use `remote-viewer` for displaying the VM.";
default = false;
};
2024-05-01 01:07:42 +00:00
qemu = {
runInBackground = lib.mkOption {
type = lib.types.bool;
2024-05-01 02:54:38 +00:00
description = "Whether to run the QEMU command in a background job";
2024-05-01 01:07:42 +00:00
default = false;
};
spice = {
enable = lib.mkEnableOption "spice";
bindAddress = lib.mkOption {
type = lib.types.str;
2024-05-01 02:54:38 +00:00
description = "The IP address for listening to incoming SPICE connections.";
2024-05-01 01:07:42 +00:00
default = "127.0.0.1";
};
port = lib.mkOption {
type = lib.types.port;
2024-05-01 02:54:38 +00:00
description = "The port for listening to incoming SPICE connections.";
2024-05-01 01:07:42 +00:00
default = 5900;
};
};
2024-04-30 23:38:03 +00:00
};
2024-04-30 22:50:02 +00:00
};
};
2024-04-30 23:38:03 +00:00
in {
virtualisation = {
vmVariant = vmVariantOptions;
vmVariantWithBootLoader = vmVariantOptions;
};
2024-04-30 22:27:07 +00:00
};
2024-04-30 22:27:07 +00:00
config = {
2024-04-30 22:40:00 +00:00
virtualisation =
let
extendVMConfig =
2024-05-02 11:16:42 +00:00
vmVariant: {
2024-05-01 02:51:49 +00:00
# Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader`
boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot";
2024-04-30 23:38:03 +00:00
virtualisation = {
2024-05-01 02:51:49 +00:00
# Enable root permissions to get access to the `/etc/ssh` directory
2024-05-08 09:13:07 +00:00
runAsRoot = lib.mkIf
(vmVariant.virtualisation.sharedHostKeys || vmVariant.virtualisation.usb-redirect)
true;
2024-04-30 23:38:03 +00:00
2024-05-01 02:51:49 +00:00
# Enable spice and run QEMU in background to let `remote-viewer` take over
qemu = {
spice.enable = lib.mkIf vmVariant.virtualisation.virt-viewer true;
runInBackground = lib.mkIf vmVariant.virtualisation.virt-viewer true;
options =
with {
inherit (vmVariant.virtualisation.qemu) spice;
2024-05-08 09:13:07 +00:00
inherit (vmVariant.virtualisation) usb-redirect;
};
2024-05-08 09:13:07 +00:00
(
lib.optionals usb-redirect (
[
"-usb"
"-device qemu-xhci"
] ++ (builtins.concatMap
(index:
let
devName = "usbredirchardev${toString index}";
in [
"-chardev spicevmc,name=usbredir,id=${devName}"
"-device usb-redir,chardev=${devName},id=usbredirdev${toString index}"
])
(lib.lists.range 1 3)))) ++
(
lib.optional (spice.enable)
("-spice " + (
lib.concatStringsSep "," [
"addr=${lib.escapeShellArg spice.bindAddress}"
"port=${toString spice.port}"
"disable-ticketing=on"
])));
};
2024-05-01 01:07:42 +00:00
2024-05-01 02:51:49 +00:00
# Map SSH keys into the vm if necessary
2024-04-30 23:38:03 +00:00
sharedDirectories = lib.optionalAttrs (vmVariant.virtualisation.sharedHostKeys) {
hostKeys =
let
path = "/etc/ssh";
in {
source = path;
target = path;
};
};
};
};
inherit (config.virtualisation)
vmVariant
vmVariantWithBootLoader
;
2024-04-30 22:40:00 +00:00
in {
vmVariant = extendVMConfig vmVariant;
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
2024-04-30 22:40:00 +00:00
};
2024-04-30 22:27:07 +00:00
system.build =
{
2024-05-01 00:55:42 +00:00
vm = lib.mkForce (
let
vm = vanillaVM;
in
if (vm.name == packageName)
then
vm
else
let
originalCommand = "${vm}/bin/run-${config.system.name}-vm";
# Have the command run in background if requested
suffix =
lib.concatStringsSep " " (
lib.optional config.virtualisation.qemu.runInBackground "&");
vmRunner = pkgs.writeShellApplication {
name = "run-${config.system.name}-vm";
2024-05-08 09:13:07 +00:00
runtimeInputs = lib.optional config.virtualisation.usb-redirect pkgs.spice-gtk;
text = lib.strings.concatLines (
[
"${originalCommand} ${suffix}"
] ++ (
# Run `remote-viewer` as normal user to limit access
(
lib.optionals
config.virtualisation.virt-viewer (
let
spice = config.virtualisation.qemu.spice;
remoteAddress = "spice://${lib.escapeShellArg spice.bindAddress}:${toString spice.port}";
in
[
2024-05-08 09:13:07 +00:00
"${pkgs.virt-viewer}/bin/remote-viewer ${remoteAddress}"
2024-05-01 02:51:49 +00:00
# Kill QEMU after `remote-viewer` finished running
"kill %1"
]))));
};
# Run VM as root if requested
wrapped =
if !config.virtualisation.runAsRoot
then
vmRunner
else
pkgs.writeShellApplication {
inherit (vmRunner) name;
text = ''
sudo -E "${vmRunner}/bin/${vmRunner.name}"
'';
};
in
pkgs.symlinkJoin {
name = packageName;
paths = [ wrapped ];
});
2024-04-30 22:27:07 +00:00
};
};
}