diff options
Diffstat (limited to 'modules/by-name/ni')
| -rw-r--r-- | modules/by-name/ni/nix-index/command_not_found.sh | 74 | ||||
| -rw-r--r-- | modules/by-name/ni/nix-index/module.nix | 44 | ||||
| -rw-r--r-- | modules/by-name/ni/nix/module.nix | 20 | ||||
| -rw-r--r-- | modules/by-name/ni/nixos-shell/module.nix | 128 | ||||
| -rwxr-xr-x | modules/by-name/ni/nixos-shell/nixos-shell.sh | 60 | ||||
| -rw-r--r-- | modules/by-name/ni/nixos-shell/shell_setup.nix | 191 | ||||
| -rw-r--r-- | modules/by-name/ni/nixpkgs/config.nix | 19 | ||||
| -rw-r--r-- | modules/by-name/ni/nixpkgs/module.nix | 44 |
8 files changed, 570 insertions, 10 deletions
diff --git a/modules/by-name/ni/nix-index/command_not_found.sh b/modules/by-name/ni/nix-index/command_not_found.sh new file mode 100644 index 00000000..f650cf7b --- /dev/null +++ b/modules/by-name/ni/nix-index/command_not_found.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env dash + +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. + +# This was taken from the +# `${pkgs.nix-index}/etc/profile.d/command-not-found.sh` file on 2024-02-28 + +# for bash 4 +# this will be called when a command is entered +# but not found in the user’s path + environment +command_not_found_handle() { + # taken from http://www.linuxjournal.com/content/bash-command-not-found + # - do not run when inside Midnight Commander or within a Pipe + if [ -n "${MC_SID-}" ] || ! [ -t 1 ]; then + >&2 echo "$1: command not found" + return 127 + fi + + toplevel=nixpkgs # nixpkgs should always be available even in NixOS + cmd="$1" + attrs=$(nix-locate --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$cmd") + len=$(if [ -n "$attrs" ]; then echo "$attrs" | wc -l; else echo 0; fi) + + case "$len" in + 0) + eprintln "$cmd: command not found" + ;; + 1) + # If only one package provides this, then we can invoke it + # without asking the user. + + # These will not return 127 if they worked correctly. + + >&2 cat <<EOF +The program '$cmd' is currently not installed. A shell will be opened +with it. +EOF + if nix build "$toplevel#$attrs" --no-link; then + nix shell "$toplevel#$attrs" + return $? + else + >&2 cat <<EOF +Failed to build: '$toplevel#$attrs' +$cmd: command not found +EOF + fi + ;; + *) + >&2 cat <<EOF +The program '$cmd' is currently not installed. It is provided by +several packages. You can run it once with: +EOF + echo "$attrs" | awk --assign=toplevel="$toplevel" 'BEGIN{counter=0} {printf("%3s)", counter); printf(" nix shell %s#%s\n", toplevel, $1); counter+=1}' + ;; + esac + + return 127 # command not found should always exit with 127 +} + +# for zsh... +# we just pass it to the bash handler above +# apparently they work identically +command_not_found_handler() { + command_not_found_handle "$@" + return $? +} diff --git a/modules/by-name/ni/nix-index/module.nix b/modules/by-name/ni/nix-index/module.nix new file mode 100644 index 00000000..06acfc8a --- /dev/null +++ b/modules/by-name/ni/nix-index/module.nix @@ -0,0 +1,44 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +{ + config, + lib, + modules, + ... +}: let + cfg = config.soispha.programs.nix-index; +in { + options.soispha.programs.nix-index = { + enable = lib.mkEnableOption "nix-index"; + }; + + config = lib.mkIf cfg.enable { + soispha.programs.zsh.integrations.nix-index = ./command_not_found.sh; + home-manager.users.soispha = { + imports = [ + modules.nix-index-database.hmModules.nix-index + ]; + + programs.nix-index = { + enable = true; + symlinkToCacheHome = true; + + # Handled by myself (and the script is overridden) + enableBashIntegration = false; + enableZshIntegration = false; + enableFishIntegration = false; + }; + + programs.nix-index-database = { + comma.enable = false; + }; + }; + }; +} diff --git a/modules/by-name/ni/nix/module.nix b/modules/by-name/ni/nix/module.nix index 48834b2d..2b91f59b 100644 --- a/modules/by-name/ni/nix/module.nix +++ b/modules/by-name/ni/nix/module.nix @@ -1,24 +1,32 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. { pkgs, # flakes - nixpkgs_as_input, - templates, self, system, + externalDependencies, ... }: { # TODO(@bpeetz): Modularize <2025-02-08> nix = { - package = pkgs.lix; + package = pkgs.lixPackageSets.latest.lix; # Disable nix channels (this is a remnant of old days) channel.enable = false; registry = { - nixpkgs.flake = nixpkgs_as_input; + nixpkgs.flake = self.inputs.nixpkgs; n.flake = - nixpkgs_as_input + self.inputs.nixpkgs // { # Otherwise nixpkgs's config and overlays are not available: @@ -27,7 +35,7 @@ legacyPackages."${system}" = pkgs; }; - t.flake = templates; + t.flake = externalDependencies.templates; my_flake.flake = self; m.flake = self; diff --git a/modules/by-name/ni/nixos-shell/module.nix b/modules/by-name/ni/nixos-shell/module.nix new file mode 100644 index 00000000..219f080d --- /dev/null +++ b/modules/by-name/ni/nixos-shell/module.nix @@ -0,0 +1,128 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Jörg Thalheim and contributors +# SPDX-License-Identifier: MIT +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +{ + lib, + config, + pkgs, + self, + ... +}: let + cfg = config.soispha.nixos-shell; +in { + options.soispha.nixos-shell = { + enable = lib.mkEnableOption "nixos-shell"; + + user_name = lib.mkOption { + type = lib.types.str; + default = "soispha"; + description = "The user to auto-login into the vm."; + }; + + configuration = { + specialArgs = lib.mkOption { + type = lib.types.attrsOf lib.types.anything; + default = {}; + description = '' + The arguments to pass to the `specialArgs` attribute set. + ''; + }; + value = lib.mkOption { + type = lib.types.deferredModule; + default = {}; + description = '' + Additional NixOS configuration to load into the VM's config. + ''; + }; + }; + + mounts = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + target = lib.mkOption { + type = lib.types.path; + description = "Target on the guest."; + }; + + cache_mode = lib.mkOption { + type = lib.types.enum ["none" "loose" "fscache" "mmap"]; + default = "loose"; # bad idea? Well, at least it is fast!1!! + description = "9p caching policy"; + }; + + readOnly = + (lib.mkEnableOption "mount this disk in read-only mode") + // { + default = true; + }; + + tag = lib.mkOption { + type = lib.types.str; + internal = true; + }; + }; + + config.tag = lib.mkDefault ( + builtins.substring 0 31 ( # tags must be shorter than 32 bytes + "a" + + # tags must not begin with a digit + builtins.hashString "md5" config._module.args.name + ) + ); + })); + default = {}; + description = '' + Extra paths to make available in the vm. + These will be mounted ro to their `target.` + ''; + }; + }; + + config = let + vmSystem = self.inputs.nixpkgs.lib.nixosSystem { + inherit (cfg.configuration) specialArgs; + + modules = [ + { + # TODO(@bpeetz): This should be bumped each release. <2025-05-17> + system.stateVersion = "25.05"; + } + + cfg.configuration.value + + (import ./shell_setup.nix {inherit cfg;}) + ]; + }; + + nixos-shell = pkgs.writeShellApplication { + name = "nixos-shell"; + text = builtins.readFile ./nixos-shell.sh; + + # We need to keep the PATH, as we otherwise can't pass it along. + inheritPath = true; + + runtimeInputs = [ + vmSystem.config.system.build.vm + pkgs.mktemp + pkgs.coreutils + pkgs.moreutils # for sponge + ]; + runtimeEnv = { + HOST_NAME = vmSystem.config.system.name; + }; + }; + in + lib.mkIf cfg.enable { + environment.systemPackages = [ + nixos-shell + ]; + + system.build.nixos-shell = vmSystem.config.system.build.vm; + }; +} diff --git a/modules/by-name/ni/nixos-shell/nixos-shell.sh b/modules/by-name/ni/nixos-shell/nixos-shell.sh new file mode 100755 index 00000000..390e60b1 --- /dev/null +++ b/modules/by-name/ni/nixos-shell/nixos-shell.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env dash + +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Jörg Thalheim and contributors +# SPDX-License-Identifier: MIT +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. + +SHARED_DIR="$(mktemp --directory)" +cleanup() { + rm --recursive "$SHARED_DIR" +} +trap cleanup EXIT +export SHARED_DIR + +TMPDIR="$SHARED_DIR" +export TMPDIR + +cat <<EOF >"$SHARED_DIR/.env_variables" +{ + "pwd": "$PWD", + "term": "$TERM", + "path": "$PATH" +} +EOF + +mk_tag() { + additional_path="$1" + + # tags must be shorter than 32 bytes + # and must not begin with a digit. + { + printf "a" + echo "$additional_path" | sha256sum | head -c 30 + } +} + +for raw_additional_path in "$@"; do + additional_path="$(realpath "$raw_additional_path")" + tag="$(mk_tag "$additional_path")" + + if [ "$(jq --arg mount "$tag" '.mount.[$mount]' "$SHARED_DIR/.env_variables")" != "null" ]; then + echo "Path '$additional_path' alread added." + shift 1 + continue + fi + + jq --arg mount "$tag" --arg target "$additional_path" \ + '. + {mount: {$mount: $target}}' "$SHARED_DIR/.env_variables" | sponge "$SHARED_DIR/.env_variables" + + set -- "$@" -virtfs "local,path=$additional_path,security_model=none,readonly=on,mount_tag=$tag" + shift 1 +done + +# Do not exec here, as we don't want to lose our cleanup hooks. +"run-$HOST_NAME-vm" "$@" diff --git a/modules/by-name/ni/nixos-shell/shell_setup.nix b/modules/by-name/ni/nixos-shell/shell_setup.nix new file mode 100644 index 00000000..75af0678 --- /dev/null +++ b/modules/by-name/ni/nixos-shell/shell_setup.nix @@ -0,0 +1,191 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Jörg Thalheim and contributors +# SPDX-License-Identifier: MIT +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +# This file contains the code that is used to setup the VM shell. +{cfg}: { + lib, + config, + pkgs, + modulesPath, + ... +}: let + mkVMDefault = lib.mkOverride 970; + + env_file = "/tmp/shared/.env_variables"; +in { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/virtualisation/qemu-vm.nix") + ]; + + config = { + assertions = [ + { + assertion = builtins.elem cfg.user_name (lib.mapAttrsToList (name: value: name) config.users.users); + message = '' + Your user ${cfg.user_name} is not a recorded user in `config.users.users`. + Auto-login will not work. + ''; + } + ]; + + # Lock root login. + users.users.root.hashedPassword = ""; + + # Remove unneeded clutter. + system.switch.enable = false; + + virtualisation = { + # See https://wiki.qemu.org/Documentation/9psetup#Performance_Considerations. + # It is effectively a balance between ram and IO speed. + msize = let + kib = x: x * 1024; + in + mkVMDefault (kib 512); + + graphics = mkVMDefault false; + memorySize = mkVMDefault 1700; # in MB + cores = mkVMDefault 16; + + # Do not persist this VM. + diskImage = mkVMDefault null; + + fileSystems = + lib.mapAttrs' + (_: mount: { + name = mount.target; + + value = { + device = mount.tag; + fsType = "9p"; + options = + [ + "trans=virtio" + "version=9p2000.L" + "cache=${mount.cache_mode}" + "msize=${toString config.virtualisation.msize}" + ] + ++ lib.optionals mount.readOnly ["ro"]; + }; + }) + cfg.mounts; + + qemu = { + consoles = lib.mkIf (!config.virtualisation.graphics) ["tty0" "hvc0"]; + + options = let + mkMount = options: "-virtfs " + (builtins.concatStringsSep "," options); + in + lib.optionals (!config.virtualisation.graphics) [ + "-serial null" + "-device virtio-serial" + "-chardev stdio,mux=on,id=char0,signal=off" + "-mon chardev=char0,mode=readline" + "-device virtconsole,chardev=char0,nr=0" + ] + ++ (lib.mapAttrsToList + (hostPath: mount: + mkMount [ + "local" + "path=${builtins.toString hostPath}" + "security_model=none" + "readonly=on" + "mount_tag=${mount.tag}" + ]) + cfg.mounts); + }; + }; + + services = { + getty.helpLine = '' + If you are connect via serial console: + Type Ctrl-a c to switch to the qemu console + and `quit` to stop the VM. + ''; + + getty.autologinUser = cfg.user_name; + }; + + system.activationScripts = { + mountAdditionalPaths = + # bash + '' + PATH="${pkgs.jq}/bin:${pkgs.util-linux}/bin:$PATH" + export PATH + + max_index="$(jq '.mount | keys | length' --raw-output ${env_file})" + index=0 + + mount --mkdir --type=tmpfs none "/.rw" --options=rw,relatime,mode=0755 + while [ "$index" -lt "$max_index" ]; do + what="$(jq --argjson index "$index" '.mount | keys | map(.)[$index]' --raw-output ${env_file})" + where="$(jq --argjson index "$index" '.mount | map(.)[$index]' --raw-output ${env_file})" + + mkdir "/.rw/$what" + mount --mkdir "$what" "/.ro/$what" \ + --type=9p \ + --options=ro,trans=virtio,version=9p2000.L,msize=${toString config.virtualisation.msize},x-systemd.requires=modprobe@9pnet_virtio.service + + mkdir "/.rw/work-$what" + mount --mkdir --type=overlay overlay \ + --options=rw,relatime,lowerdir="/.ro/$what",upperdir="/.rw/$what",workdir="/.rw/work-$what",uuid=on \ + "/.ov/$what" + + index="$((index + 1))" + done + ''; + }; + + systemd.services.mountAdditionalPaths = { + after = ["local-fs.target"]; + wantedBy = ["multi-user.target"]; + path = [pkgs.jq]; + script = + # bash + '' + max_index="$(jq '.mount | keys | length' --raw-output ${env_file})" + index=0 + + while [ "$index" -lt "$max_index" ]; do + what="$(jq --argjson index "$index" '.mount | keys | map(.)[$index]' --raw-output ${env_file})" + where="$(jq --argjson index "$index" '.mount | map(.)[$index]' --raw-output ${env_file})" + + systemd-mount --type none "/.ov/$what" "$where" --options=bind + + # HACK(@bpeetz): Nearly all of the paths are in $HOME anyways. So simply avoid + # the permission issue. + # Ideally, we would pass the original owners along with the mount. <2025-05-17> + chown --recursive soispha:users "/home/soispha" + + index="$((index + 1))" + done + ''; + }; + + environment = { + systemPackages = [ + pkgs.jq + ]; + + sessionVariables = { + IN_NIXOS_SHELL = "true"; + }; + + loginShellInit = + # bash + '' + cd "$(jq '.pwd' --raw-output ${env_file})" + export TERM="$(jq '.term' --raw-output ${env_file})" + export PATH="$(jq '.path' --raw-output ${env_file}):$PATH" + ''; + }; + + networking.firewall.enable = mkVMDefault true; + }; +} diff --git a/modules/by-name/ni/nixpkgs/config.nix b/modules/by-name/ni/nixpkgs/config.nix index 1a24444d..ea8f3c45 100644 --- a/modules/by-name/ni/nixpkgs/config.nix +++ b/modules/by-name/ni/nixpkgs/config.nix @@ -1,10 +1,19 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. { cfg, - myPkgs, lib, + packageSets, ... }: let - myPkgsOverlay = self: super: myPkgs; + myPkgsOverlay = self: super: packageSets.soispha; in { nixpkgs = { hostPlatform = cfg.systemName; @@ -22,6 +31,12 @@ in { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "pypemicro" # required by pynitrokey + + # TODO(@bpeetz): Allow moving them to their respective module. <2025-04-25> + "steam" + "steam-unwrapped" + "steam-original" + "steam-run" ]; }; }; diff --git a/modules/by-name/ni/nixpkgs/module.nix b/modules/by-name/ni/nixpkgs/module.nix index eda3ac89..fcde9505 100644 --- a/modules/by-name/ni/nixpkgs/module.nix +++ b/modules/by-name/ni/nixpkgs/module.nix @@ -1,8 +1,18 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. { lib, config, + packageSets, ... -} @ args: let +}: let cfg = config.soispha.nixpkgs; in { options.soispha.nixpkgs = { @@ -13,5 +23,35 @@ in { type = lib.types.str; }; }; - config = lib.mkIf cfg.enable (import ./config.nix (args // {inherit cfg;})); + config = let + myPkgsOverlay = self: super: packageSets.soispha; + in + lib.mkIf cfg.enable + { + nixpkgs = { + hostPlatform = cfg.systemName; + + overlays = [ + myPkgsOverlay + ]; + + config = { + # TODO: this fails because of the root tempsize, which should be increased + # contentAddressedByDefault = true; + + hostSystem = cfg.systemName; + + allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "pypemicro" # required by pynitrokey + + # TODO(@bpeetz): Allow moving them to their respective module. <2025-04-25> + "steam" + "steam-unwrapped" + "steam-original" + "steam-run" + ]; + }; + }; + }; } |