janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
171 Commits 1 Branch 0 Tags
0c17996d1605873e143dbd22394bf86bfba79230
Commit Graph

8 Commits

Author SHA1 Message Date
Matej Janežič
fbcded1f9d feat: ephvm-run.sh virtio devices, require kvm 
explicit virtio-blk-pci (cache=writeback, discard=unmap,
detect-zeroes=unmap, aio=threads), virtio-net-pci, virtio-rng-pci
for guest entropy. hard-require /dev/kvm and always pass -cpu host;
drop the tcg fallback since this host always has kvm.
 2026-04-23 21:29:57 +00:00
Matej Janežič
082057226d feat: ephvm-run.sh resilience 
poll for real SSH banner instead of TCP accept (qemu's user-mode
nic accepts before guest sshd is listening), preserve qemu log
on abnormal exit for inspection, use a throwaway ed25519 key
since the guest accepts any key.
 2026-04-23 21:29:24 +00:00
Matej Janežič
620acf68a6 feat: harden ephvm-run.sh 
reject running as root, bind ssh hostfwd to 127.0.0.1 only,
reject commas in --mount and claude paths (prevents -virtfs csv
injection), pre-check --mount path exists, enable qemu seccomp
sandbox.
 2026-04-23 21:28:51 +00:00
Matej Janežič
f7d86e7718 feat: improve ephvm ux 2026-04-13 11:48:18 +02:00
Matej Janežič
d8ab6207d5 feat: improve scripts setup (lint, format, refactor) 2026-03-21 17:38:19 +01:00
Matej Janežič
1975659715 feat: ephvm improvements 2026-03-16 09:49:55 +01:00
Matej Janežič
c5afcb10f7 feat: add ephvm related scripts 2026-03-07 23:17:45 +01:00
Matej Janežič
8406979975 feat: extract initrd-ssh module from hardware config 2026-02-21 20:45:24 +01:00