From 3b6f4c7f286de26fade8ea74cdd415190cdb8e80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Mon, 23 Feb 2026 00:52:39 +0100 Subject: [PATCH] wip --- flake.nix | 6 ++ hosts/sandbox/configuration.nix | 132 +++++++++++++++++++++++ hosts/sandbox/hardware-configuration.nix | 18 ++++ justfile | 34 ++++++ modules/nixos/vm-guest.nix | 55 ++++++++++ users/gorazd/home-manager.nix | 20 ++++ 6 files changed, 265 insertions(+) create mode 100644 hosts/sandbox/configuration.nix create mode 100644 hosts/sandbox/hardware-configuration.nix create mode 100644 modules/nixos/vm-guest.nix diff --git a/flake.nix b/flake.nix index 7c040dd..7f611f5 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,12 @@ system = "x86_64-linux"; users = [ ]; }; + + # nixos-rebuild build-image --image-variant qemu --flake .#sandbox + sandbox = mkHost "sandbox" { + system = "x86_64-linux"; + users = [ "gorazd" ]; + }; }; nixosModules = import ./modules/nixos { diff --git a/hosts/sandbox/configuration.nix b/hosts/sandbox/configuration.nix new file mode 100644 index 0000000..bea42a2 --- /dev/null +++ b/hosts/sandbox/configuration.nix @@ -0,0 +1,132 @@ +{ + pkgs, + lib, + inputs, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + inputs.self.nixosModules.vm-guest + inputs.self.nixosModules.desktop + inputs.self.nixosModules.zsh + ]; + + vm-guest.enable = true; + desktop.enable = true; + zsh.enable = true; + + programs.labwc.enable = true; + + # labwc stacking compositor with auto-login + services.greetd = + let + labwc-session = pkgs.writeShellScript "labwc-session" '' + export XDG_SESSION_TYPE=wayland + export XDG_CURRENT_DESKTOP=labwc:wlroots + # software renderer for qemu virtio-vga + export WLR_RENDERER=pixman + export WLR_DRM_NO_ATOMIC=1 + exec ${pkgs.labwc}/bin/labwc + ''; + in + { + enable = true; + settings = { + default_session = { + command = labwc-session; + user = "gorazd"; + }; + initial_session = { + command = labwc-session; + user = "gorazd"; + }; + }; + }; + + users = { + groups.gorazd = { + gid = 1000; + }; + users.gorazd = { + group = "gorazd"; + uid = 1000; + isNormalUser = true; + home = "/home/gorazd"; + createHome = true; + password = "sandbox"; + extraGroups = [ + "wheel" + "users" + ]; + }; + }; + + # 9p mounts for host files + fileSystems."/home/gorazd/projects" = { + device = "projects"; + fsType = "9p"; + options = [ + "trans=virtio" + "version=9p2000.L" + "msize=65536" + "nofail" + ]; + }; + + fileSystems."/mnt/host-claude" = { + device = "hostclaude"; + fsType = "9p"; + options = [ + "trans=virtio" + "version=9p2000.L" + "msize=65536" + "nofail" + ]; + }; + + fileSystems."/mnt/host-home" = { + device = "hosthome"; + fsType = "9p"; + options = [ + "trans=virtio" + "version=9p2000.L" + "msize=65536" + "nofail" + "ro" + ]; + }; + + # pre-auth claude-code from host config + systemd.services.claude-auth = { + description = "Copy claude-code credentials from host mount"; + after = [ + "mnt-host\\x2dclaude.mount" + "mnt-host\\x2dhome.mount" + ]; + requires = [ + "mnt-host\\x2dclaude.mount" + "mnt-host\\x2dhome.mount" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "claude-auth" '' + mkdir -p /home/gorazd/.claude + cp -a /mnt/host-claude/. /home/gorazd/.claude/ + cp /mnt/host-home/.claude.json /home/gorazd/.claude.json || true + chown -R gorazd:gorazd /home/gorazd/.claude /home/gorazd/.claude.json + ''; + }; + }; + + environment.systemPackages = with pkgs; [ + claude-code + labwc + sfwbar + foot + firefox + ]; + + system.stateVersion = "25.11"; +} diff --git a/hosts/sandbox/hardware-configuration.nix b/hosts/sandbox/hardware-configuration.nix new file mode 100644 index 0000000..0ff20d9 --- /dev/null +++ b/hosts/sandbox/hardware-configuration.nix @@ -0,0 +1,18 @@ +{ + lib, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + fsType = "ext4"; + }; + + boot.loader.grub.device = lib.mkDefault "/dev/vda"; +} diff --git a/justfile b/justfile index c1909ef..585630d 100644 --- a/justfile +++ b/justfile @@ -24,3 +24,37 @@ iso: # garbage collect old generations clean: sudo nix-collect-garbage $(nix eval --raw -f ./nix.nix nix.gc.options) + +# build sandbox VM image +sandbox-build: + nixos-rebuild build-image --image-variant qemu --flake .#sandbox + +# run sandbox with GUI (ephemeral, changes discarded) +sandbox-run: + nix shell nixpkgs#qemu -c qemu-system-x86_64 -enable-kvm -m 8G -smp 4 \ + -drive file=$(find -L result -name '*.qcow2' | head -1),format=qcow2,snapshot=on \ + -vga virtio -display gtk,zoom-to-fit=false \ + -device virtio-serial-pci \ + -chardev qemu-vdagent,id=ch1,name=vdagent,clipboard=on \ + -device virtserialport,chardev=ch1,id=ch1,name=com.redhat.spice.0 \ + -virtfs local,path=$HOME/git,mount_tag=projects,security_model=mapped-xattr,id=fs0 \ + -virtfs local,path=$HOME/.claude,mount_tag=hostclaude,security_model=mapped-xattr,id=fs1 \ + -virtfs local,path=$HOME,mount_tag=hosthome,security_model=mapped-xattr,id=fs2,readonly=on \ + -nic user,hostfwd=tcp::2222-:22 + +# run sandbox headless (ephemeral, changes discarded) +sandbox-run-headless: + nix shell nixpkgs#qemu -c qemu-system-x86_64 -enable-kvm -m 8G -smp 4 \ + -drive file=$(find -L result -name '*.qcow2' | head -1),format=qcow2,snapshot=on \ + -virtfs local,path=$HOME/git,mount_tag=projects,security_model=mapped-xattr,id=fs0 \ + -virtfs local,path=$HOME/.claude,mount_tag=hostclaude,security_model=mapped-xattr,id=fs1 \ + -virtfs local,path=$HOME,mount_tag=hosthome,security_model=mapped-xattr,id=fs2,readonly=on \ + -nic user,hostfwd=tcp::2222-:22 -nographic + +# ssh into running sandbox +sandbox-ssh: + ssh -A -p 2222 gorazd@localhost + +# hot-mount a host directory into the running sandbox +sandbox-mount path: + ssh -p 2222 gorazd@localhost "mkdir -p ~/mnt/$(basename {{path}}) && sshfs matej@10.0.2.2:{{path}} ~/mnt/$(basename {{path}})" diff --git a/modules/nixos/vm-guest.nix b/modules/nixos/vm-guest.nix new file mode 100644 index 0000000..90b6591 --- /dev/null +++ b/modules/nixos/vm-guest.nix @@ -0,0 +1,55 @@ +{ + pkgs, + lib, + config, + ... +}: +{ + + options = { + vm-guest = { + enable = lib.mkEnableOption "VM guest configuration"; + }; + }; + + config = lib.mkIf config.vm-guest.enable { + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + + # 9p for host file mounting + boot.initrd.availableKernelModules = [ + "9p" + "9pnet_virtio" + ]; + boot.kernelModules = [ + "9p" + "9pnet_virtio" + ]; + + # ssh with agent forwarding for git and hot-mount + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + PermitRootLogin = "no"; + AllowAgentForwarding = true; + StreamLocalBindUnlink = "yes"; + }; + }; + + networking = { + useDHCP = true; + firewall.allowedTCPPorts = [ 22 ]; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + curl + wget + htop + sshfs + ]; + }; +} diff --git a/users/gorazd/home-manager.nix b/users/gorazd/home-manager.nix index 850ece1..481f9b6 100644 --- a/users/gorazd/home-manager.nix +++ b/users/gorazd/home-manager.nix @@ -17,6 +17,26 @@ in pkgs.git ]; + # labwc desktop menu (right-click) + xdg.configFile."labwc/menu.xml".text = '' + + + + foot + firefox + foot -e ranger + + + + + + ''; + + # labwc autostart panel + xdg.configFile."labwc/autostart".text = '' + sfwbar & + ''; + programs.neovim = { enable = true; vimAlias = true;