diff --git a/flake.lock b/flake.lock index d6496ad..4065b4a 100644 --- a/flake.lock +++ b/flake.lock @@ -150,11 +150,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1656461576, - "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6316bac..6b86d66 100644 --- a/flake.nix +++ b/flake.nix @@ -28,18 +28,18 @@ ... } @ inputs: { nixosConfigurations = let - defaultModules = [ - home-manager.nixosModules.home-manager - ./common/desktop.nix - ./common/fonts.nix - ./common/linux.nix - ./common/networking.nix - ./common/packages.nix + desktopLinuxModules = [ ./common/printing.nix - ./services/netdata/default.nix ./services/keyleds/default.nix - ./services/xautolock/default.nix + ./common/linux.nix + ./common/networking.nix + ./common/desktop.nix + ]; + defaultModules = [ + home-manager.nixosModules.home-manager + ./common/fonts.nix + ./common/packages.nix ({ config, @@ -86,6 +86,15 @@ ./machines/hephaestus/configuration.nix ./machines/hephaestus/hardware.nix ] + ++ defaultModules + ++ desktopLinuxModules; + }; + gallantis = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ + ./machines/gallantis/configuration.nix + ] ++ defaultModules; }; }; diff --git a/machines/gallantis/configuration.nix b/machines/gallantis/configuration.nix new file mode 100644 index 0000000..7eab24f --- /dev/null +++ b/machines/gallantis/configuration.nix @@ -0,0 +1,38 @@ +{ + lib, + pkgs, + config, + modulesPath, + ... +}: +with lib; let + nixos-wsl = import ./nixos-wsl; +in { + imports = [ + "${modulesPath}/profiles/minimal.nix" + + nixos-wsl.nixosModules.wsl + ]; + + nixpkgs.config.allowUnfree = true; + + system.stateVersion = "unstable"; + + networking = {hostName = "gallantis";}; + + wsl = { + enable = true; + automountPath = "/mnt"; + defaultUser = "dave"; + startMenuLaunchers = true; + + # Enable integration with Docker Desktop + docker.enable = true; + }; + + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; +} diff --git a/machines/gallantis/nixos-wsl/.envrc b/machines/gallantis/nixos-wsl/.envrc new file mode 100644 index 0000000..c4f5ea4 --- /dev/null +++ b/machines/gallantis/nixos-wsl/.envrc @@ -0,0 +1,7 @@ +use_flake() { + watch_file flake.nix + watch_file flake.lock + eval "$(nix print-dev-env)" +} + +use flake diff --git a/machines/gallantis/nixos-wsl/.github/release-drafter.yml b/machines/gallantis/nixos-wsl/.github/release-drafter.yml new file mode 100644 index 0000000..b798c14 --- /dev/null +++ b/machines/gallantis/nixos-wsl/.github/release-drafter.yml @@ -0,0 +1,17 @@ +change-template: "* $TITLE (#$NUMBER) @$AUTHOR" +categories: + - title: '🚀 Features' + labels: + - enhancement + - title: "🪲 Bugfixes" + labels: + - bug + - title: "📖 Documentation" + labels: + - documentation +template: | + # Changelog + + ## 🛠️ General Changes + + $CHANGES diff --git a/machines/gallantis/nixos-wsl/.github/workflows/main.yml b/machines/gallantis/nixos-wsl/.github/workflows/main.yml new file mode 100644 index 0000000..abebc24 --- /dev/null +++ b/machines/gallantis/nixos-wsl/.github/workflows/main.yml @@ -0,0 +1,70 @@ +name: 'Build NixOS WSL tarball' + +on: [push, pull_request, release] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + + - name: Install nix + uses: cachix/install-nix-action@v12 + with: + install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install + # Configure Nix to enable flakes + extra_nix_config: | + experimental-features = nix-command flakes + + - name: Run checks + run: | + nix flake check + + - name: Build tarball + run: | + nix build '.#nixosConfigurations.mysystem.config.system.build.tarball' + + - name: Upload tarball + uses: actions/upload-artifact@v2 + with: + name: rootfs + path: result/tarball/nixos-wsl-x86_64-linux.tar.gz + + - name: Build installer + run: | + nix build '.#nixosConfigurations.mysystem.config.system.build.installer' + + - name: Upload installer + uses: actions/upload-artifact@v2 + with: + name: installer + path: result/tarball/nixos-wsl-installer.tar.gz + + release: + if: startsWith(github.ref, 'refs/tags/') + needs: build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/download-artifact@v2 + with: + name: rootfs + + - uses: actions/download-artifact@v2 + with: + name: installer + + - name: Attach to release + uses: softprops/action-gh-release@v1 + with: + files: | + nixos-wsl-x86_64-linux.tar.gz + nixos-wsl-installer.tar.gz + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/machines/gallantis/nixos-wsl/.github/workflows/release-drafter.yml b/machines/gallantis/nixos-wsl/.github/workflows/release-drafter.yml new file mode 100644 index 0000000..cade7c0 --- /dev/null +++ b/machines/gallantis/nixos-wsl/.github/workflows/release-drafter.yml @@ -0,0 +1,19 @@ +name: Release Drafter + +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + - +jobs: + update_release_draft: + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/machines/gallantis/nixos-wsl/.github/workflows/update-flakes.yml b/machines/gallantis/nixos-wsl/.github/workflows/update-flakes.yml new file mode 100644 index 0000000..6d1b68f --- /dev/null +++ b/machines/gallantis/nixos-wsl/.github/workflows/update-flakes.yml @@ -0,0 +1,50 @@ +name: 'Update flakes' + +on: + workflow_dispatch: + schedule: + - cron: '0 2 * * 0' + +jobs: + update-flakes: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + + - name: Install nix + uses: cachix/install-nix-action@v12 + with: + install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install + # Configure Nix to enable flakes + extra_nix_config: | + experimental-features = nix-command flakes + + - name: Update flakes + run: nix flake update --recreate-lock-file + + - name: Create Pull Request + id: cpr + uses: peter-evans/create-pull-request@v3 + with: + commit-message: Update flakes + committer: GitHub + author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + signoff: false + branch: flake-updates + delete-branch: true + title: 'Update flakes' + body: | + Update report + - Updated with *today's* date + - Auto-generated by [create-pull-request][1] + + [1]: https://github.com/peter-evans/create-pull-request + + - name: Check outputs + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" diff --git a/machines/gallantis/nixos-wsl/.gitignore b/machines/gallantis/nixos-wsl/.gitignore new file mode 100644 index 0000000..750baeb --- /dev/null +++ b/machines/gallantis/nixos-wsl/.gitignore @@ -0,0 +1,2 @@ +result +result-* diff --git a/machines/gallantis/nixos-wsl/LICENSE b/machines/gallantis/nixos-wsl/LICENSE new file mode 100644 index 0000000..ef51da2 --- /dev/null +++ b/machines/gallantis/nixos-wsl/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/machines/gallantis/nixos-wsl/README.rst b/machines/gallantis/nixos-wsl/README.rst new file mode 100644 index 0000000..6126f4f --- /dev/null +++ b/machines/gallantis/nixos-wsl/README.rst @@ -0,0 +1,104 @@ +============ +NixOS on WSL +============ + +A minimal root filesystem for running NixOS on WSL. It can be used with +DistroLauncher_ as ``install.tar.gz`` or as input to ``wsl --import --version +2``. + + +Quick start +=========== + +First, `download the latest release's installer +`_. + +Then open up a Terminal, PowerShell or Command Prompt and run:: + + wsl --import NixOS .\NixOS\ nixos-wsl-installer.tar.gz --version 2 + +This sets up a new WSL distribution ``NixOS`` that is installed under +``.\NixOS``. ``nixos-wsl-installer.tar.gz`` is the path to the file you +downloaded earlier. You might need to change this path or change to the download +directory first. + +You can now run NixOS:: + + wsl -d NixOS + +The installer will unpack the file system and subsequently start NixOS. +A few warnings about file systems and locales will pop up. You can safely ignore them. +After systemd has started, you should be greeted with a bash prompt inside your fresh NixOS. + +If you want to make NixOS your default distribution, you can do so via ``wsl -s +NixOS``. + + +systemd support +=============== + +WSL comes with its own (non-substitutable) init system while NixOS uses systemd. +Simply starting systemd later on does not work out of the box, because systemd +as system instance refuses to start if it is not PID 1. This unfortunate +combination is resolved in two ways: + +* the user's default shell is replaced by a wrapper script that acts is init + system and then drops to the actual shell +* systemd is started in its own PID namespace; therefore, it is PID 1. The shell + wrapper (see above) enters the systemd namespace before dropping to the shell. + + +Installer +========= + +Usually WSL distributions ship as a tarball of their root file system. +These tarballs however, can not contain any hard-links due to the way they are unpacked by WSL, resulting in an "Unspecified Error". +By default some Nix-derivations will contain hard-links when they are built. This results in system tarballs that can not be imported into WSL. +To circumvent this problem, the rootfs tarball is wrapped in that of a minimal distribution (the installer), that is packaged without any hard-links. +When the installer system is started for the first time, it overwrites itself with the contents of the rootfs tarball. + + +Build your own system tarball +============================= + +This requires access to a system that already has Nix installed. Please refer to +the `Nix installation guide `_ if +that's not the case. + +If you have a flakes-enabled Nix, you can use the following command to build your +own tarball instead of relying on a prebuilt one:: + + nix build github:nix-community/NixOS-WSL#nixosConfigurations.mysystem.config.system.build.installer + +Or, if you want to build with local changes, run inside your checkout:: + + nix build .#nixosConfigurations.mysystem.config.system.build.installer + +Without a flakes-enabled Nix, you can build a tarball using:: + + nix-build -A nixosConfigurations.mysystem.config.system.build.installer + +The resulting mini rootfs can then be found under +``./result/tarball/nixos-wsl-installer.tar.gz``. + +You can also build a rootfs tarball without wrapping it in the installer by replacing ``installer`` with ``tarball`` in the above commands. +The rootfs tarball can then be found under ``./result/tarball/nixos-wsl-x86_64-linux.tar.gz``. + + +License +======= + +Apache License, Version 2.0. See ``LICENSE`` or +http://www.apache.org/licenses/LICENSE-2.0.html for details. + + +Further links +============= + +* DistroLauncher_ +* `A quick way into a systemd "bottle" for WSL `_ +* `NixOS in Windows Store for Windows Subsystem for Linux `_ +* `wsl2-hacks `_ + + +.. _DistroLauncher: https://github.com/microsoft/WSL-DistroLauncher diff --git a/machines/gallantis/nixos-wsl/default.nix b/machines/gallantis/nixos-wsl/default.nix new file mode 100644 index 0000000..78bc3a1 --- /dev/null +++ b/machines/gallantis/nixos-wsl/default.nix @@ -0,0 +1,14 @@ +(import +( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) +{ + src = ./.; +}) +.defaultNix diff --git a/machines/gallantis/nixos-wsl/flake.lock b/machines/gallantis/nixos-wsl/flake.lock new file mode 100644 index 0000000..69b69d1 --- /dev/null +++ b/machines/gallantis/nixos-wsl/flake.lock @@ -0,0 +1,59 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1648203577, + "narHash": "sha256-CbXZkiVTA0ByV/yncFHCAGIa/AfcSb0cjqzEa56rO+Y=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d89f18a17e51532ed5f4d45297b0ddf11e46b9c8", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.11", + "type": "indirect" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/machines/gallantis/nixos-wsl/flake.nix b/machines/gallantis/nixos-wsl/flake.nix new file mode 100644 index 0000000..7c95922 --- /dev/null +++ b/machines/gallantis/nixos-wsl/flake.nix @@ -0,0 +1,57 @@ +{ + description = "NixOS WSL"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-21.11"; + flake-utils.url = "github:numtide/flake-utils"; + + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + ... + }: + { + nixosModules.wsl = { + imports = [ + ./modules/build-tarball.nix + ./modules/wsl-distro.nix + ./modules/docker-desktop.nix + ./modules/installer.nix + ]; + }; + + nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ]; + }; + } + // flake-utils.lib.eachSystem + (with flake-utils.lib.system; ["x86_64-linux" "aarch64-linux"]) + ( + system: let + pkgs = import nixpkgs {inherit system;}; + in { + checks.check-format = + pkgs.runCommand "check-format" + { + buildInputs = with pkgs; [nixpkgs-fmt]; + } '' + nixpkgs-fmt --check ${./.} + mkdir $out # success + ''; + + devShell = pkgs.mkShell { + nativeBuildInputs = with pkgs; [nixpkgs-fmt]; + }; + } + ); +} diff --git a/machines/gallantis/nixos-wsl/modules/build-tarball.nix b/machines/gallantis/nixos-wsl/modules/build-tarball.nix new file mode 100644 index 0000000..23aa8ce --- /dev/null +++ b/machines/gallantis/nixos-wsl/modules/build-tarball.nix @@ -0,0 +1,92 @@ +{ + config, + pkgs, + lib, + ... +}: +with builtins; +with lib; let + pkgs2storeContents = l: + map (x: { + object = x; + symlink = "none"; + }) + l; + + nixpkgs = lib.cleanSource pkgs.path; + + channelSources = + pkgs.runCommand "nixos-${config.system.nixos.version}" + {preferLocalBuild = true;} + '' + mkdir -p $out + cp -prd ${nixpkgs.outPath} $out/nixos + chmod -R u+w $out/nixos + if [ ! -e $out/nixos/nixpkgs ]; then + ln -s . $out/nixos/nixpkgs + fi + echo -n ${toString config.system.nixos.revision} > $out/nixos/.git-revision + echo -n ${toString config.system.nixos.versionSuffix} > $out/nixos/.version-suffix + echo ${toString config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision + ''; + + preparer = pkgs.writeShellScriptBin "wsl-prepare" '' + set -e + + mkdir -m 0755 ./bin ./etc + mkdir -m 1777 ./tmp + + # WSL requires a /bin/sh - only temporary, NixOS's activate will overwrite + ln -s ${config.users.users.root.shell} ./bin/sh + + # WSL also requires a /bin/mount, otherwise the host fs isn't accessible + ln -s /nix/var/nix/profiles/system/sw/bin/mount ./bin/mount + + # Set system profile + system=${config.system.build.toplevel} + ./$system/sw/bin/nix-store --store `pwd` --load-db < ./nix-path-registration + rm ./nix-path-registration + ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/system --set $system + + # Set channel + mkdir -p ./nix/var/nix/profiles/per-user/root + ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/per-user/root/channels --set ${channelSources} + mkdir -m 0700 -p ./root/.nix-defexpr + ln -s /nix/var/nix/profiles/per-user/root/channels ./root/.nix-defexpr/channels + + # It's now a NixOS! + touch ./etc/NIXOS + + # Write wsl.conf so that it is present when NixOS is started for the first time + cp ${config.environment.etc."wsl.conf".source} ./etc/wsl.conf + + # Copy the system configuration + mkdir -p ./etc/nixos/nixos-wsl + cp -R ${lib.cleanSource ../.}/. ./etc/nixos/nixos-wsl + mv ./etc/nixos/nixos-wsl/configuration.nix ./etc/nixos/configuration.nix + # Patch the import path to avoid havin a flake.nix in /etc/nixos + sed -i 's|import \./default\.nix|import \./nixos-wsl|' ./etc/nixos/configuration.nix + ''; +in + mkIf config.wsl.enable { + # These options make no sense without the wsl-distro module anyway + + system.build.tarball = pkgs.callPackage "${nixpkgs}/nixos/lib/make-system-tarball.nix" { + # No contents, structure will be added by prepare script + contents = []; + + fileName = "nixos-wsl-${pkgs.hostPlatform.system}"; + + storeContents = pkgs2storeContents [ + config.system.build.toplevel + channelSources + preparer + ]; + + extraCommands = "${preparer}/bin/wsl-prepare"; + + # Use gzip + compressCommand = "gzip"; + compressionExtension = ".gz"; + }; + } diff --git a/machines/gallantis/nixos-wsl/modules/docker-desktop.nix b/machines/gallantis/nixos-wsl/modules/docker-desktop.nix new file mode 100644 index 0000000..ea983d5 --- /dev/null +++ b/machines/gallantis/nixos-wsl/modules/docker-desktop.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs, + ... +}: +with builtins; +with lib; { + options.wsl.docker = with types; { + enable = mkEnableOption "Docker Desktop integration"; + }; + + config = let + cfg = config.wsl.docker; + in + mkIf (config.wsl.enable && cfg.enable) { + environment.systemPackages = with pkgs; [ + docker + docker-compose + ]; + + systemd.services.docker-desktop-proxy = { + description = "Docker Desktop proxy"; + script = '' + ${config.wsl.automountPath}/wsl/docker-desktop/docker-desktop-proxy -docker-desktop-root ${config.wsl.automountPath}/wsl/docker-desktop + ''; + wantedBy = ["multi-user.target"]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + }; + }; + + users.groups.docker.members = [ + config.wsl.defaultUser + ]; + }; +} diff --git a/machines/gallantis/nixos-wsl/modules/installer.nix b/machines/gallantis/nixos-wsl/modules/installer.nix new file mode 100644 index 0000000..b84fe6b --- /dev/null +++ b/machines/gallantis/nixos-wsl/modules/installer.nix @@ -0,0 +1,77 @@ +{ + config, + lib, + pkgs, + ... +}: +with builtins; +with lib; { + config = mkIf config.wsl.enable ( + let + mkTarball = pkgs.callPackage "${lib.cleanSource pkgs.path}/nixos/lib/make-system-tarball.nix"; + + pkgs2storeContents = map (x: { + object = x; + symlink = "none"; + }); + + rootfs = let tarball = config.system.build.tarball; in "${tarball}/tarball/${tarball.fileName}.tar${tarball.extension}"; + + installer = pkgs.writeScript "installer.sh" '' + #!${pkgs.busybox}/bin/sh + BASEPATH=$PATH + export PATH=$BASEPATH:${pkgs.busybox}/bin # Add busybox to path + + set -e + cd / + + echo "Unpacking root file system..." + ${pkgs.pv}/bin/pv ${rootfs} | tar xz + + echo "Activating nix configuration..." + /nix/var/nix/profiles/system/activate + PATH=$BASEPATH:/run/current-system/sw/bin # Use packages from target system + + echo "Cleaning up installer files..." + nix-collect-garbage + rm /nix-path-registration + + echo "Optimizing store..." + nix-store --optimize + + + echo "Starting systemd..." + # Don't package the shell here, it's contained in the rootfs + exec ${builtins.unsafeDiscardStringContext config.users.users.root.shell} "$@" + ''; + + # Set installer.sh as the root shell + passwd = pkgs.writeText "passwd" '' + root:x:0:0:System administrator:/root:${installer} + ''; + in { + system.build.installer = mkTarball { + fileName = "nixos-wsl-installer"; + compressCommand = "gzip"; + compressionExtension = ".gz"; + extraArgs = "--hard-dereference"; + + storeContents = with pkgs; + pkgs2storeContents [ + installer + ]; + + contents = [ + { + source = config.environment.etc."wsl.conf".source; + target = "/etc/wsl.conf"; + } + { + source = passwd; + target = "/etc/passwd"; + } + ]; + }; + } + ); +} diff --git a/machines/gallantis/nixos-wsl/modules/wsl-distro.nix b/machines/gallantis/nixos-wsl/modules/wsl-distro.nix new file mode 100644 index 0000000..463459a --- /dev/null +++ b/machines/gallantis/nixos-wsl/modules/wsl-distro.nix @@ -0,0 +1,137 @@ +{ + lib, + pkgs, + config, + ... +}: +with builtins; +with lib; { + options.wsl = with types; let + coercedToStr = coercedTo (oneOf [bool path int]) toString str; + in { + enable = mkEnableOption "support for running NixOS as a WSL distribution"; + automountPath = mkOption { + type = str; + default = "/mnt"; + description = "The path where windows drives are mounted (e.g. /mnt/c)"; + }; + automountOptions = mkOption { + type = str; + default = "metadata,uid=1000,gid=100"; + description = "Options to use when mounting windows drives"; + }; + defaultUser = mkOption { + type = str; + default = "nixos"; + description = "The name of the default user"; + }; + startMenuLaunchers = mkEnableOption "shortcuts for GUI applications in the windows start menu"; + wslConf = mkOption { + type = attrsOf (attrsOf coercedToStr); + description = "Entries that are added to /etc/wsl.conf"; + }; + + interop = { + register = mkOption { + type = bool; + default = true; + description = "Explicitly register the binfmt_misc handler for Windows executables"; + }; + + includePath = mkOption { + type = bool; + default = true; + description = "Include Windows PATH in WSL PATH"; + }; + }; + }; + + config = let + cfg = config.wsl; + syschdemd = import ../syschdemd.nix { + inherit lib pkgs config; + defaultUser = cfg.defaultUser; + }; + in + mkIf cfg.enable { + wsl.wslConf = { + automount = { + enabled = true; + mountFsTab = true; + root = "${cfg.automountPath}/"; + options = cfg.automountOptions; + }; + }; + + # WSL is closer to a container than anything else + boot = { + isContainer = true; + + binfmt.registrations = mkIf cfg.interop.register { + WSLInterop = { + magicOrExtension = "MZ"; + interpreter = "/init"; + fixBinary = true; + }; + }; + }; + environment.noXlibs = lib.mkForce false; # override xlibs not being installed (due to isContainer) to enable the use of GUI apps + + environment = { + # Include Windows %PATH% in Linux $PATH. + extraInit = mkIf cfg.interop.includePath ''PATH="$PATH:$WSLPATH"''; + + etc = { + "wsl.conf".text = generators.toINI {} cfg.wslConf; + + # DNS settings are managed by WSL + hosts.enable = false; + "resolv.conf".enable = false; + }; + }; + + networking.dhcpcd.enable = false; + + users.users.${cfg.defaultUser} = { + isNormalUser = true; + extraGroups = ["wheel"]; # Allow the default user to use sudo + shell = pkgs.zsh; + }; + + users.users.root = { + shell = "${syschdemd}/bin/syschdemd"; + # Otherwise WSL fails to login as root with "initgroups failed 5" + extraGroups = ["root"]; + }; + + security.sudo = { + extraConfig = '' + Defaults env_keep+=INSIDE_NAMESPACE + ''; + wheelNeedsPassword = mkDefault false; # The default user will not have a password by default + }; + + system.activationScripts.copy-launchers = mkIf cfg.startMenuLaunchers ( + stringAfter [] '' + for x in applications icons; do + echo "Copying /usr/share/$x" + mkdir -p /usr/share/$x + ${pkgs.rsync}/bin/rsync -ar --delete $systemConfig/sw/share/$x/. /usr/share/$x + done + '' + ); + + # Disable systemd units that don't make sense on WSL + systemd.services."serial-getty@ttyS0".enable = false; + systemd.services."serial-getty@hvc0".enable = false; + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@".enable = false; + + systemd.services.firewall.enable = false; + systemd.services.systemd-resolved.enable = false; + systemd.services.systemd-udevd.enable = false; + + # Don't allow emergency mode, because we don't have a console. + systemd.enableEmergencyMode = false; + }; +} diff --git a/machines/gallantis/nixos-wsl/syschdemd.nix b/machines/gallantis/nixos-wsl/syschdemd.nix new file mode 100644 index 0000000..0e47e64 --- /dev/null +++ b/machines/gallantis/nixos-wsl/syschdemd.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + defaultUser, + ... +}: +pkgs.substituteAll { + name = "syschdemd"; + src = ./syschdemd.sh; + dir = "bin"; + isExecutable = true; + + buildInputs = with pkgs; [daemonize]; + + inherit (pkgs) daemonize; + inherit defaultUser; + inherit (config.security) wrapperDir; + fsPackagesPath = lib.makeBinPath config.system.fsPackages; + + systemdWrapper = pkgs.writeShellScript "systemd-wrapper.sh" '' + mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc || true + exec systemd + ''; +} diff --git a/machines/gallantis/nixos-wsl/syschdemd.sh b/machines/gallantis/nixos-wsl/syschdemd.sh new file mode 100644 index 0000000..a003db5 --- /dev/null +++ b/machines/gallantis/nixos-wsl/syschdemd.sh @@ -0,0 +1,72 @@ +#! @shell@ + +set -e + +sw="/nix/var/nix/profiles/system/sw/bin" +systemPath=$(${sw}/readlink -f /nix/var/nix/profiles/system) + +function start_systemd { + @wrapperDir@/umount /proc/sys/fs/binfmt_misc || true + + PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \ + LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \ + @daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc @systemdWrapper@ + + # Wait until systemd has been started to prevent a race condition from occuring + while ! /run/current-system/sw/bin/pgrep -xf systemd >/run/systemd.pid; do + $sw/sleep 1s + done + + # Wait for systemd to start services + status=1 + while [[ $status -gt 0 ]]; do + $sw/sleep 1 + status=0 + $sw/nsenter -t $(/dev/null || + status=$? + done +} + +# Needs root to work +if [[ $EUID -ne 0 ]]; then + echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root" + exit 1 +fi + +if [ ! -e "/run/current-system" ]; then + LANG="C.UTF-8" /nix/var/nix/profiles/system/activate +fi + +if [ ! -e "/run/systemd.pid" ]; then + start_systemd +fi + +userShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7) +if [[ $# -gt 0 ]]; then + # wsl seems to prefix with "-c" + shift + cmd="$@" +else + cmd="$userShell" +fi + +# Pass external environment but filter variables specific to root user. +exportCmd="$(export -p | $sw/grep -vE ' (HOME|LOGNAME|SHELL|USER)='); export WSLPATH=\"$PATH\"; export INSIDE_NAMESPACE=true" + +if [ -z "${INSIDE_NAMESPACE:-}" ]; then + + # Test whether systemd is still alive if it was started previously + if ! [ -d "/proc/$(