wip

hosts/matej-nixos/configuration.nix

@@ -65,6 +65,7 @@ in
     base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml";
   };
 
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 

hosts/sandbox/configuration.nix

@@ -0,0 +1,128 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    inputs.self.nixosModules.vm-guest
+    inputs.self.nixosModules.seed-ssh
+    inputs.self.nixosModules.zsh
+    inputs.self.nixosModules.localisation
+  ];
+
+  vm-guest = {
+    enable = true;
+    headless = true;
+  };
+
+  seed-ssh = {
+    enable = true;
+    user = "gordaina";
+  };
+
+  zsh.enable = true;
+
+  localisation = {
+    enable = true;
+    timeZone = "UTC";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  users = {
+    groups.gordaina = {
+      gid = 1000;
+    };
+    users.gordaina = {
+      group = "gordaina";
+      uid = 1000;
+      isNormalUser = true;
+      home = "/home/gordaina";
+      createHome = true;
+      password = "sandbox";
+      shell = pkgs.zsh;
+      extraGroups = [
+        "wheel"
+        "users"
+      ];
+    };
+  };
+
+  # 9p mounts — silently fail if shares not provided at runtime
+  fileSystems."/home/gordaina/projects" = {
+    device = "projects";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=2s"
+    ];
+  };
+
+  fileSystems."/mnt/host-claude" = {
+    device = "hostclaude";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=2s"
+    ];
+  };
+
+  fileSystems."/mnt/host-home" = {
+    device = "hosthome";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=2s"
+      "ro"
+    ];
+  };
+
+  # pre-auth claude-code from host config
+  systemd.services.claude-auth = {
+    description = "Copy claude-code credentials from host mount";
+    after = [ "local-fs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = pkgs.writeShellScript "claude-auth" ''
+        # skip if host mounts are not available
+        if ! mountpoint -q /mnt/host-claude && ! mountpoint -q /mnt/host-home; then
+          echo "no host mounts found, skipping"
+          exit 0
+        fi
+
+        mkdir -p /home/gordaina/.claude
+        if mountpoint -q /mnt/host-claude; then
+          cp -a /mnt/host-claude/. /home/gordaina/.claude/
+        fi
+        if mountpoint -q /mnt/host-home; then
+          cp /mnt/host-home/.claude.json /home/gordaina/.claude.json || true
+        fi
+        chown -R gordaina:gordaina /home/gordaina/.claude /home/gordaina/.claude.json 2>/dev/null || true
+      '';
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    claude-code
+    git
+  ];
+
+  system.stateVersion = "25.11";
+}

hosts/sandbox/hardware-configuration.nix

@@ -0,0 +1,23 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
+
+  # x86_64: bios/grub, aarch64: uefi/systemd-boot
+  boot.loader.grub.device = lib.mkIf pkgs.stdenv.hostPlatform.isx86_64 (lib.mkDefault "/dev/vda");
+  boot.loader.grub.enable = lib.mkIf pkgs.stdenv.hostPlatform.isAarch64 false;
+  boot.loader.systemd-boot.enable = lib.mkIf pkgs.stdenv.hostPlatform.isAarch64 true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkIf pkgs.stdenv.hostPlatform.isAarch64 true;
+}