2024-05-01 00:07:12 +00:00
|
|
|
{ config, lib, options, pkgs, ... }:
|
|
|
|
let
|
|
|
|
packageName = "custom-nixos-vm";
|
|
|
|
|
2024-05-01 02:51:49 +00:00
|
|
|
# Determine `system.build` configuration without this file's influence
|
2024-05-01 02:42:31 +00:00
|
|
|
mergedBuildOption =
|
2024-05-01 00:07:12 +00:00
|
|
|
with options.system;
|
|
|
|
lib.mergeDefinitions
|
|
|
|
build.loc
|
|
|
|
build.type
|
|
|
|
(lib.lists.forEach
|
|
|
|
(
|
|
|
|
builtins.filter
|
|
|
|
(item:
|
|
|
|
!(lib.path.hasPrefix ./. (/. + item.file)))
|
|
|
|
build.definitionsWithLocations)
|
|
|
|
(item: { inherit (item) file value; }));
|
|
|
|
|
2024-05-01 02:51:49 +00:00
|
|
|
# Get vanilla `config.system.build.vm`
|
2024-05-01 02:42:31 +00:00
|
|
|
vanillaVM = mergedBuildOption.mergedValue.vm;
|
2024-05-01 00:07:12 +00:00
|
|
|
in {
|
2024-04-30 23:38:03 +00:00
|
|
|
options =
|
|
|
|
let
|
2024-05-01 02:51:49 +00:00
|
|
|
# Add new options to `config.virtualisation.vmVariant` and `config.virtualisation.vmVariantWithBootLoader`
|
2024-04-30 23:38:03 +00:00
|
|
|
vmVariantOptions = {
|
|
|
|
virtualisation = {
|
|
|
|
runAsRoot = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "Whether to launch the VM as root.";
|
2024-04-30 23:38:03 +00:00
|
|
|
default = false;
|
|
|
|
};
|
2024-04-30 22:50:02 +00:00
|
|
|
|
2024-04-30 23:38:03 +00:00
|
|
|
sharedHostKeys = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "Whether to share the local host SSH keys with the VM.";
|
2024-04-30 23:38:03 +00:00
|
|
|
default = false;
|
|
|
|
};
|
2024-04-30 23:22:21 +00:00
|
|
|
|
2024-05-08 09:13:07 +00:00
|
|
|
usb-redirect = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
description = lib.mdDoc "Whether to enable USB redirection to the VM.";
|
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
|
2024-05-01 01:21:34 +00:00
|
|
|
virt-viewer = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "Whether to use `remote-viewer` for displaying the VM.";
|
2024-05-01 01:21:34 +00:00
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
|
2024-05-01 01:07:42 +00:00
|
|
|
qemu = {
|
|
|
|
runInBackground = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "Whether to run the QEMU command in a background job";
|
2024-05-01 01:07:42 +00:00
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
spice = {
|
|
|
|
enable = lib.mkEnableOption "spice";
|
|
|
|
|
|
|
|
bindAddress = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "The IP address for listening to incoming SPICE connections.";
|
2024-05-01 01:07:42 +00:00
|
|
|
default = "127.0.0.1";
|
|
|
|
};
|
|
|
|
|
|
|
|
port = lib.mkOption {
|
|
|
|
type = lib.types.port;
|
2024-05-01 02:54:38 +00:00
|
|
|
description = "The port for listening to incoming SPICE connections.";
|
2024-05-01 01:07:42 +00:00
|
|
|
default = 5900;
|
|
|
|
};
|
|
|
|
};
|
2024-04-30 23:38:03 +00:00
|
|
|
};
|
2024-04-30 22:50:02 +00:00
|
|
|
};
|
2024-04-30 22:03:35 +00:00
|
|
|
};
|
2024-04-30 23:38:03 +00:00
|
|
|
in {
|
|
|
|
virtualisation = {
|
|
|
|
vmVariant = vmVariantOptions;
|
|
|
|
vmVariantWithBootLoader = vmVariantOptions;
|
|
|
|
};
|
2024-04-30 22:27:07 +00:00
|
|
|
};
|
2024-04-30 11:08:18 +00:00
|
|
|
|
2024-04-30 22:27:07 +00:00
|
|
|
config = {
|
2024-04-30 22:40:00 +00:00
|
|
|
virtualisation =
|
|
|
|
let
|
2024-04-30 23:22:21 +00:00
|
|
|
extendVMConfig =
|
2024-05-02 11:16:42 +00:00
|
|
|
vmVariant: {
|
2024-05-01 02:51:49 +00:00
|
|
|
# Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader`
|
2024-04-30 23:22:21 +00:00
|
|
|
boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot";
|
|
|
|
|
2024-04-30 23:38:03 +00:00
|
|
|
virtualisation = {
|
2024-05-01 02:51:49 +00:00
|
|
|
# Enable root permissions to get access to the `/etc/ssh` directory
|
2024-05-08 09:13:07 +00:00
|
|
|
runAsRoot = lib.mkIf
|
|
|
|
(vmVariant.virtualisation.sharedHostKeys || vmVariant.virtualisation.usb-redirect)
|
|
|
|
true;
|
2024-04-30 23:38:03 +00:00
|
|
|
|
2024-05-01 02:51:49 +00:00
|
|
|
# Enable spice and run QEMU in background to let `remote-viewer` take over
|
2024-05-01 01:21:34 +00:00
|
|
|
qemu = {
|
|
|
|
spice.enable = lib.mkIf vmVariant.virtualisation.virt-viewer true;
|
|
|
|
runInBackground = lib.mkIf vmVariant.virtualisation.virt-viewer true;
|
|
|
|
|
|
|
|
options =
|
|
|
|
with {
|
|
|
|
inherit (vmVariant.virtualisation.qemu) spice;
|
2024-05-08 09:13:07 +00:00
|
|
|
inherit (vmVariant.virtualisation) usb-redirect;
|
2024-05-01 01:21:34 +00:00
|
|
|
};
|
2024-05-08 09:13:07 +00:00
|
|
|
(
|
|
|
|
lib.optionals usb-redirect (
|
|
|
|
[
|
|
|
|
"-usb"
|
|
|
|
"-device qemu-xhci"
|
|
|
|
] ++ (builtins.concatMap
|
|
|
|
(index:
|
|
|
|
let
|
|
|
|
devName = "usbredirchardev${toString index}";
|
|
|
|
in [
|
|
|
|
"-chardev spicevmc,name=usbredir,id=${devName}"
|
|
|
|
"-device usb-redir,chardev=${devName},id=usbredirdev${toString index}"
|
|
|
|
])
|
|
|
|
(lib.lists.range 1 3)))) ++
|
2024-05-01 01:21:34 +00:00
|
|
|
(
|
|
|
|
lib.optional (spice.enable)
|
|
|
|
("-spice " + (
|
|
|
|
lib.concatStringsSep "," [
|
|
|
|
"addr=${lib.escapeShellArg spice.bindAddress}"
|
|
|
|
"port=${toString spice.port}"
|
|
|
|
"disable-ticketing=on"
|
|
|
|
])));
|
|
|
|
};
|
2024-05-01 01:07:42 +00:00
|
|
|
|
2024-05-01 02:51:49 +00:00
|
|
|
# Map SSH keys into the vm if necessary
|
2024-04-30 23:38:03 +00:00
|
|
|
sharedDirectories = lib.optionalAttrs (vmVariant.virtualisation.sharedHostKeys) {
|
|
|
|
hostKeys =
|
|
|
|
let
|
|
|
|
path = "/etc/ssh";
|
|
|
|
in {
|
|
|
|
source = path;
|
|
|
|
target = path;
|
|
|
|
};
|
2024-04-30 23:22:21 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-05-01 13:06:31 +00:00
|
|
|
inherit (config.virtualisation)
|
|
|
|
vmVariant
|
|
|
|
vmVariantWithBootLoader
|
|
|
|
;
|
2024-04-30 22:40:00 +00:00
|
|
|
in {
|
2024-05-01 13:06:31 +00:00
|
|
|
vmVariant = extendVMConfig vmVariant;
|
2024-05-02 11:02:52 +00:00
|
|
|
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
|
2024-04-30 22:40:00 +00:00
|
|
|
};
|
|
|
|
|
2024-04-30 22:27:07 +00:00
|
|
|
system.build =
|
|
|
|
{
|
2024-05-01 00:55:42 +00:00
|
|
|
vm = lib.mkForce (
|
2024-05-01 13:06:31 +00:00
|
|
|
let
|
|
|
|
vm = vanillaVM;
|
|
|
|
in
|
|
|
|
if (vm.name == packageName)
|
|
|
|
then
|
|
|
|
vm
|
|
|
|
else
|
|
|
|
let
|
|
|
|
originalCommand = "${vm}/bin/run-${config.system.name}-vm";
|
|
|
|
|
|
|
|
# Have the command run in background if requested
|
|
|
|
suffix =
|
|
|
|
lib.concatStringsSep " " (
|
|
|
|
lib.optional config.virtualisation.qemu.runInBackground "&");
|
|
|
|
|
|
|
|
vmRunner = pkgs.writeShellApplication {
|
|
|
|
name = "run-${config.system.name}-vm";
|
2024-05-08 09:13:07 +00:00
|
|
|
runtimeInputs = lib.optional config.virtualisation.usb-redirect pkgs.spice-gtk;
|
2024-05-01 13:06:31 +00:00
|
|
|
|
|
|
|
text = lib.strings.concatLines (
|
|
|
|
[
|
|
|
|
"${originalCommand} ${suffix}"
|
|
|
|
] ++ (
|
|
|
|
# Run `remote-viewer` as normal user to limit access
|
|
|
|
(
|
|
|
|
lib.optionals
|
|
|
|
config.virtualisation.virt-viewer (
|
|
|
|
let
|
|
|
|
spice = config.virtualisation.qemu.spice;
|
|
|
|
remoteAddress = "spice://${lib.escapeShellArg spice.bindAddress}:${toString spice.port}";
|
|
|
|
in
|
2024-05-01 01:21:34 +00:00
|
|
|
[
|
2024-05-08 09:13:07 +00:00
|
|
|
"${pkgs.virt-viewer}/bin/remote-viewer ${remoteAddress}"
|
2024-05-01 02:51:49 +00:00
|
|
|
# Kill QEMU after `remote-viewer` finished running
|
2024-05-01 01:21:34 +00:00
|
|
|
"kill %1"
|
2024-05-01 13:06:31 +00:00
|
|
|
]))));
|
|
|
|
};
|
2024-05-01 02:40:38 +00:00
|
|
|
|
2024-05-01 13:06:31 +00:00
|
|
|
# Run VM as root if requested
|
|
|
|
wrapped =
|
|
|
|
if !config.virtualisation.runAsRoot
|
|
|
|
then
|
|
|
|
vmRunner
|
|
|
|
else
|
|
|
|
pkgs.writeShellApplication {
|
|
|
|
inherit (vmRunner) name;
|
|
|
|
|
|
|
|
text = ''
|
|
|
|
sudo -E "${vmRunner}/bin/${vmRunner.name}"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
in
|
|
|
|
pkgs.symlinkJoin {
|
|
|
|
name = packageName;
|
|
|
|
paths = [ wrapped ];
|
|
|
|
});
|
2024-04-30 22:27:07 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|