vm-check: init

src/nixos/machines/ignucius/config/vm-build.nix

@@ -1,24 +1,112 @@
-{ ... }:
+{ config, lib, pkgs, ... }:
 
 # VM configuration of IGNUCIUS, used for testing prior to deployment
 
-{
-	# FIXME(Krey): Neither of those are working right now, see https://github.com/nix-community/disko/issues/668
+# Relevant: https://github.com/nix-community/disko/issues/668
+
+# Thank you Maroka-chan for the Cryptkey reference! <3 : https://github.com/Maroka-chan/NixOS-config/blob/c97494c2d725bfb79c0776907a6d89e4724ee21f/modules/base/default.nix#L87
+
+let
+	inherit (lib) mkForce;
+in {
 	virtualisation = {
-		# build-vm
-		vmVariant = {
+		# nix run -L .#nixosConfigurations.nixos-ignucius-stable.config.system.build.vmWithDisko
+		vmVariantWithDisko = {
 			virtualisation = {
-				memorySize = 1024 * 2;
-				cores = 2;
-			};
-		};
+				fileSystems."/nix/persist/system".neededForBoot = true;
+				fileSystems."/nix/persist/users".neededForBoot = true;
 
-		# build-vm-with-bootloader
-		vmVariantWithBootLoader = {
-			virtualisation = {
-				memorySize = 1024 * 2;
-				cores = 2;
+				# FIXME-BUG(Krey): This doesn't seem to work
+				resolution = {
+					x = 1280;
+					y = 720;
+				};
+
+				# error: EFI variables can be used only with a partition table of type: hybrid, efi, efixbootldr, or legacy+gpt.
+				# useBootLoader = true;
+				# 	# Resolve configuration config
+				# 	fileSystems."/boot".device = mkForce "/dev/disk/by-label/ESP";
+
+				# FIXME(Krey): Replace the secrets with dummies so that this can be used by others as well
+				# Mount local .ssh directory, so the secrets can be decrypted.
+				sharedDirectories."secrets_decryption_key" = {
+					source = "/nix/persist/users/kreyren/.ssh";
+					target = dirOf (builtins.head config.age.identityPaths);
+				};
 			};
+
+			services.displayManager.autoLogin.user = "kreyren";
+
+			# services.xserver.enable = mkForce false;
+			# services.xserver.desktopManager.gnome.enable = mkForce false;
+			# services.xserver.displayManager.gdm.enable = mkForce false;
+
+			# QEMU VM doesn't provide the relevant endpoints
+			services.smartd.enable = mkForce false; # Disable S.M.A.R.T. Daemon
+
+			# No internet connection so these will fail on startup
+			services.tor.enable = mkForce false;
+			services.openssh.enable = mkForce false;
+			virtualisation.waydroid.enable = mkForce false;
+			# networking.useDHCP = mkForce false;
+			# networking.interfaces.wlp2s0.useDHCP = mkForce false;
+			# networking.interfaces.docker0.useDHCP = mkForce false;
+			# networking.interfaces.wwp0s29u1u4i6.useDHCP = mkForce false;
+
+			# It errors out as we don't have the /proc/acpi/ibm/thermal in QEMU
+			services.thinkfan.enable = mkForce false; # Disable thinkfan service
+
+			# Use a Dummy Cryptkey so that we don't have to input disk password
+				# disko.devices.disk.cryptkey = {
+				# 	type = "disk";
+				# 	content.type = "gpt";
+
+				# 	content.partitions.cryptkey = {
+				# 		size = "4096";
+				# 		label = "CRYPTKEY";
+
+				# 		content = {
+				# 			type = "filesystem";
+				# 			format = "vfat";
+				# 		};
+				# 	};
+				# };
+
+				# disko.devices.disk.system.content.preCreateHook = ''
+				# 	mkdir -p /dev/disk/by-partlabel/
+				# 	dd bs=1024 count=4 if=/dev/zero of=/dev/disk/by-partlabel/CRYPTKEY iflag=fullblock
+				# 	chmod 0400 /dev/disk/by-partlabel/CRYPTKEY
+				# '';
+
+				# disko.devices.disk.system.content.postCreateHook = ''
+				# 	mkdir -p /dev/disk/by-partlabel/
+				# 	dd bs=1024 count=4 if=/dev/zero of=/dev/disk/by-partlabel/CRYPTKEY iflag=fullblock
+				# 	chmod 0400 /dev/disk/by-partlabel/CRYPTKEY
+				# '';
+
+				# # Configure the system to use the CRYPTKEY
+				# disko.devices.disk.system.content.partitions.store.content.settings = {
+				# 	keyFileSize = 4096;
+				# 	keyFile = "/dev/disk/by-partlabel/CRYPTKEY";
+
+				# 	# passwordFile = mkForce ""; # Unset Disk Password for the store
+				# 	fallbackToPassword = false;
+				# };
+				# disko.devices.disk.system.content.partitions.store.content.passwordFile = mkForce (pkgs.writeText "ignucius-disks-password" "000000").outPath;
+
+				# disko.devices.disk.system.content.partitions.swap.content.passwordFile = mkForce (pkgs.writeText "ignucius-disks-password" "000000").outPath;
+
+
+				# It's not needed for VM tests and takes a significant amount of space (~30G)
+				# disko.devices.disk.system.content.partitions.swap.size = mkForce null; # Unset swap partition
+
+			# Set Default Passwords For Users
+				users.users.kreyren = {
+					hashedPasswordFile = mkForce null;
+					password = "a"; # Fastest to brute force password
+				};
+
+				users.users.root.password = "a"; # Fastest to brute force password
 		};
 	};
 }

tasks/administration/default.nix

@@ -4,5 +4,6 @@
 		./deploy
 		./install
 		./switch
+		./vm
 	];
 }

tasks/administration/vm/default.nix

@@ -0,0 +1,28 @@
+{ ... }:
+
+# The VM Task
+
+{
+	perSystem = { pkgs, ... }: {
+		mission-control.scripts = {
+			"vm" = {
+				description = "Open the derivation in a Virtual Machine";
+				category = "Administration";
+
+				exec = pkgs.writeShellApplication {
+					name = "tasks-wm";
+
+					runtimeInputs = [
+						pkgs.nixos-install-tools
+						pkgs.nixos-rebuild
+						pkgs.gnused
+						pkgs.git
+					];
+
+					# FIXME(Krey): This should use flake-root to set absolute path
+					text = builtins.readFile ./tasks-vm.sh;
+				};
+			};
+		};
+	};
+}

tasks/administration/vm/tasks-vm.sh

@@ -0,0 +1,77 @@
+# shellcheck shell=sh # POSIX
+set +u # Do not fail on nounset as we use command-line arguments for logic
+
+hostname="$(hostname --short)" # Capture the hostname of the current system
+
+# FIXME(Krey): Implement better management for this so that ideally `die` is always present by default
+command -v die 1>/dev/null || die() { printf "FATAL: %s\n" "$2"; exit 1 ;} # Termination Helper
+
+command -v success 1>/dev/null || success() { printf "SUCCESS: %s\n" "$1"; exit 0 ;} # Termination Helper
+
+# Check current system if no argument is provided
+[ "$#" != 0 ] || {
+	# FIXME(Krey): This needs logic to determine the distribution and release
+	echo "Opening a Virtual Machine for current system: $hostname"
+
+	rm "$FLAKE_ROOT/*.fd" || true # Remove all fd files as those cause impurity
+
+	nix run -L "$FLAKE_ROOT#nixosConfigurations.nixos-$hostname-stable.config.system.build.vmWithDisko" --option builders ""
+
+	exit 0
+}
+
+# Assume that we are always checking against nixos distribution with stable release
+[ "$#" != 1 ] || {
+	echo "Opening a Virtual machine for stable release of system '$1' in NixOS distribution"
+
+	nix run -L "$FLAKE_ROOT#nixosConfigurations.nixos-$1-stable.config.system.build.vmWithDisko" --option builders ""
+
+	exit 0
+}
+
+# TBD(Krey)
+
+# nixosSystems="$(find "$FLAKE_ROOT/src/nixos/machines/"* -maxdepth 0 -type d | sed "s#^$FLAKE_ROOT/src/nixos/machines/##g" | tr '\n' ' ')" # Get a space-separated list of all systems in the nixos distribution of NiXium
+
+# # Process Arguments
+# distro="$1" # e.g. nixos
+# machine="$2" # e.g. tupac, tsvetan, sinnenfreude
+# release="$3" # Optional argument uses stable as default, ability to set supported release e.g. unstable or master
+
+# case "$distro" in
+# 	"nixos") # NixOS Management
+
+# 		# Process all systems in NixOS distribution if `nixos all` is used
+# 		[ "$machine" != "all" ] || {
+# 			for system in $nixosSystems; do
+# 				status="$(cat "$FLAKE_ROOT/src/nixos/machines/$system/status")"
+# 				case "$status" in
+# 					"OK")
+# 						echo "Building system '$system' in distribution '$distro'"
+
+# 						nixos-rebuild \
+# 							build \
+# 							--flake "git+file://$FLAKE_ROOT#nixos-$system-${release:-"stable"}" \
+# 							--option eval-cache false \
+# 							--show-trace || echo "WARNING: System '$system' in distribution '$distro' failed build!"
+# 					;;
+# 					"WIP") echo "Configuration for system '$system' in distribution '$distro' is marked a Work-in-Progress, skipping build.." ;;
+# 					*) echo "System '$system' reports undeclared status state: $status"
+# 				esac
+# 			done
+# 		}
+
+# 		# Check if the system is defined
+# 		[ -d "$FLAKE_ROOT/src/nixos/machines/$machine" ] || die 1 "This system '$machine' is not implemented in NiXium's management of distribution '$distro'"
+
+# 		# Process the system
+# 		echo "Building system '$machine' in distribution '$distro'"
+
+# 		nixos-rebuild \
+# 			build \
+# 			--flake "git+file://$FLAKE_ROOT#nixos-$machine-${release:-"stable"}" \
+# 			--option eval-cache false \
+# 			--show-trace || echo "WARNING: System '$machine' in distribution '$distro' failed evaluation!"
+# 	;;
+# 	*) die 1 "Distribution '$distro' is not implemented!"
+# esac