wip

2026-03-02 16:35:14 +01:00
parent d182532b34
commit 795611c517
15 changed files with 672 additions and 52 deletions
--- a/hosts/matej-nixos/configuration.nix
+++ b/hosts/matej-nixos/configuration.nix
@@ -26,6 +26,7 @@ in
    inputs.self.nixosModules.nvidia
    inputs.self.nixosModules.initrd-ssh
    inputs.self.nixosModules.localisation
+    inputs.self.nixosModules.aarch64-vm
  ];

  yubikey.enable = true;
@@ -65,6 +66,8 @@ in
    base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml";
  };

+  aarch64-vm.enable = true;
+
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

--- a/hosts/matej-tower/configuration.nix
+++ b/hosts/matej-tower/configuration.nix
@@ -24,6 +24,7 @@
    inputs.self.nixosModules.workstation
    inputs.self.nixosModules.initrd-ssh
    inputs.self.nixosModules.localisation
+    inputs.self.nixosModules.aarch64-vm
  ];

  yubikey.enable = true;
@@ -38,6 +39,7 @@
    command = "sway";
  };
  sway.enable = true;
+  aarch64-vm.enable = true;

  initrd-ssh = {
    enable = true;
--- a/hosts/sandbox/configuration.nix
+++ b/hosts/sandbox/configuration.nix
@@ -0,0 +1,163 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    inputs.self.nixosModules.vm-guest
+    inputs.self.nixosModules.seed-ssh
+    inputs.self.nixosModules.zsh
+    inputs.self.nixosModules.localisation
+  ];
+
+  vm-guest = {
+    enable = true;
+    headless = true;
+  };
+
+  seed-ssh = {
+    enable = true;
+    user = "gordaina";
+  };
+
+  zsh.enable = true;
+
+  localisation = {
+    enable = true;
+    timeZone = "UTC";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  users = {
+    groups.gordaina = {
+      gid = 1000;
+    };
+    users.gordaina = {
+      group = "gordaina";
+      uid = 1000;
+      isNormalUser = true;
+      home = "/home/gordaina";
+      createHome = true;
+      password = "sandbox";
+      shell = pkgs.zsh;
+      extraGroups = [
+        "wheel"
+        "users"
+      ];
+    };
+  };
+
+  # 9p mounts — silently fail if shares not provided at runtime
+  fileSystems."/home/gordaina/projects" = {
+    device = "projects";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.automount"
+      "x-systemd.device-timeout=2s"
+    ];
+  };
+
+  fileSystems."/mnt/host-claude" = {
+    device = "hostclaude";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.device-timeout=2s"
+    ];
+  };
+
+  fileSystems."/mnt/host-home" = {
+    device = "hosthome";
+    fsType = "9p";
+    options = [
+      "trans=virtio"
+      "version=9p2000.L"
+      "msize=65536"
+      "nofail"
+      "x-systemd.device-timeout=2s"
+      "ro"
+    ];
+  };
+
+  # pre-auth claude-code from host config
+  systemd.services.claude-auth = {
+    description = "Copy claude-code credentials from host mount";
+    after = [
+      "mnt-host\\x2dclaude.mount"
+      "mnt-host\\x2dhome.mount"
+    ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = pkgs.writeShellScript "claude-auth" ''
+        # wait for mounts to appear
+        for i in $(seq 1 10); do
+          mountpoint -q /mnt/host-claude && break
+          mountpoint -q /mnt/host-home && break
+          sleep 1
+        done
+
+        if ! mountpoint -q /mnt/host-claude && ! mountpoint -q /mnt/host-home; then
+          echo "no host mounts found, skipping"
+          exit 0
+        fi
+
+        mkdir -p /home/gordaina/.claude
+        if mountpoint -q /mnt/host-claude; then
+          cp -a /mnt/host-claude/. /home/gordaina/.claude/
+        fi
+        if mountpoint -q /mnt/host-home; then
+          cp /mnt/host-home/.claude.json /home/gordaina/.claude.json || true
+        fi
+        chown -R gordaina:gordaina /home/gordaina/.claude /home/gordaina/.claude.json 2>/dev/null || true
+      '';
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    claude-code
+    git
+  ];
+
+  # image builder VM needs more than the default 1G to copy closure
+  image.modules.qemu =
+    { config, modulesPath, ... }:
+    {
+      system.build.image = lib.mkForce (
+        import (modulesPath + "/../lib/make-disk-image.nix") {
+          inherit lib config pkgs;
+          inherit (config.virtualisation) diskSize;
+          inherit (config.image) baseName format;
+          partitionTableType = if config.image.efiSupport then "efi" else "legacy";
+          memSize = 16384;
+        }
+      );
+    };
+  image.modules.qemu-efi =
+    { config, modulesPath, ... }:
+    {
+      system.build.image = lib.mkForce (
+        import (modulesPath + "/../lib/make-disk-image.nix") {
+          inherit lib config pkgs;
+          inherit (config.virtualisation) diskSize;
+          inherit (config.image) baseName format;
+          partitionTableType = if config.image.efiSupport then "efi" else "legacy";
+          memSize = 16384;
+        }
+      );
+    };
+
+  system.stateVersion = "25.11";
+}
--- a/hosts/sandbox/hardware-configuration.nix
+++ b/hosts/sandbox/hardware-configuration.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
+
+  # image.modules (disk-image.nix) overrides boot loader per variant
+  # x86_64: qemu (grub), aarch64: qemu-efi (systemd-boot)
+  boot.loader.grub.device = lib.mkDefault "/dev/vda";
+}