This is a VM that provides a shell set up to run Nix. It has network access, and full filesystem access to the user data partition. The included vm-rebuild command makes it possible to build Spectrum VMs with Nix. It's expected that vm-config/vms.nix be a Nix expression that builds a directory of Spectrum VM definitions. Code from Spectrum (i.e. vm-lib) can be placed at vm-config/spectrum and will appear as <spectrum> in the NIX_PATH. This code is not included as part of the Nix VM, because it would be bad for reproducibility if updating the host system changed the Nix expressions used to build VMs. Nix-built VMs are each individually symlinked into svc/data, so that managing VMs with Nix is not all-or-nothing. vm-rebuild will not yet remove symlinks pointing to VMs that no longer exist in the current generation, but that shouldn't be difficult to fix — just delete any broken symlinks pointing into the Nix store. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- host/initramfs/extfs.nix | 2 ++ vm/app/nix/bin/vm-rebuild | 25 +++++++++++++++++++++++ vm/app/nix/default.nix | 43 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100755 vm/app/nix/bin/vm-rebuild create mode 100644 vm/app/nix/default.nix diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix index a510c02..9f00793 100644 --- a/host/initramfs/extfs.nix +++ b/host/initramfs/extfs.nix @@ -12,6 +12,7 @@ let appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; }; appvm-lynx = import ../../vm/app/lynx.nix { inherit config; }; appvm-mg = import ../../vm/app/mg.nix { inherit config; }; + appvm-nix = import ../../vm/app/nix { inherit config; }; in runCommand "ext.ext4" { @@ -26,6 +27,7 @@ runCommand "ext.ext4" { tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x tar -C ${appvm-mg} -c . | tar -C svc/data/appvm-mg -x + tar -C ${appvm-nix} -c . | tar -C svc/data/appvm-nix -x mkfs.ext4 -d . $out 16T resize2fs -M $out diff --git a/vm/app/nix/bin/vm-rebuild b/vm/app/nix/bin/vm-rebuild new file mode 100755 index 0000000..98eae10 --- /dev/null +++ b/vm/app/nix/bin/vm-rebuild @@ -0,0 +1,25 @@ +#!/bin/execlineb -S1 +# SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> + +if -n { + if -n { test $# -eq 1 -a $1 = switch } + fdmove -c 1 2 + echo "Usage: ${0} switch" +} + +cd /run/virtiofs/virtiofs0 + +backtick -E dir { mktemp -d } +foreground { + if { nix-build -o ${dir}/system <spectrum-vms> } + if { nix-env -p nix/var/nix/profiles/vms --set ${dir}/system } + backtick -E vmsdir { resolve_in_root . nix/var/nix/profiles/vms } + cd $vmsdir + elglob -0 glob * + forx -E vm { $glob } + ln -s /nix/var/nix/profiles/vms/${vm} /run/virtiofs/virtiofs0/svc/data +} +importas -iu ? ? +background { rm -rf $dir } +exit $? diff --git a/vm/app/nix/default.nix b/vm/app/nix/default.nix new file mode 100644 index 0000000..9427ca4 --- /dev/null +++ b/vm/app/nix/default.nix @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> + +{ config ? import ../../../../nix/eval-config.nix {} }: + +import ../../make-vm.nix { inherit config; } { + providers.net = [ "netvm" ]; + sharedDirs.virtiofs0.path = "/ext"; + run = config.pkgs.pkgsStatic.callPackage ( + { lib, runCommand, writeScript, nix }: + let + inherit (lib) concatStringsSep const hasSuffix makeBinPath; + + bin = builtins.filterSource (name: _type: + name == toString bin/. || name == toString bin/vm-rebuild) ./.; + + nixPath = [ + "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz" + "spectrum=/run/virtiofs/virtiofs0/vm-config/spectrum" + "spectrum-vms=/run/virtiofs/virtiofs0/vm-config/vms.nix" + ]; + + resolve_in_root = import ../../../tools/resolve_in_root { + config = config // { pkgs = config.pkgs.pkgsStatic; }; + }; + in + writeScript "run-nix" '' + #!/bin/execlineb -P + importas -i PATH PATH + export NIX_CONFIG "build-users-group =" + export NIX_REMOTE /run/virtiofs/virtiofs0 + export NIX_PATH ${concatStringsSep ":" nixPath} + export PATH ${makeBinPath [ bin nix resolve_in_root ]}:''${PATH} + export XDG_CACHE_HOME /run/cache + + # FIXME: can be removed when we have nix#7070. + export XDG_DATA_HOME /run/data + + if { /etc/mdev/wait virtiofs0 } + /bin/sh -il + '' + ) { }; +} -- 2.37.1