[PATCH 19/22] vm/app/nix: add

[Alyssa Ross <hi@alyssa.is>]

This is a VM that provides a shell set up to run Nix.  It has network
access, and full filesystem access to the user data partition.  The
included vm-rebuild command makes it possible to build Spectrum VMs
with Nix.  It's expected that vm-config/vms.nix be a Nix expression
that builds a directory of Spectrum VM definitions.  Code from
Spectrum (i.e. vm-lib) can be placed at vm-config/spectrum and will
appear as <spectrum> in the NIX_PATH.  This code is not included as
part of the Nix VM, because it would be bad for reproducibility if
updating the host system changed the Nix expressions used to build
VMs.

Nix-built VMs are each individually symlinked into svc/data, so that
managing VMs with Nix is not all-or-nothing.

vm-rebuild will not yet remove symlinks pointing to VMs that no longer
exist in the current generation, but that shouldn't be difficult to
fix — just delete any broken symlinks pointing into the Nix store.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/initramfs/extfs.nix  |  2 ++
 vm/app/nix/bin/vm-rebuild | 25 +++++++++++++++++++++++
 vm/app/nix/default.nix    | 43 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100755 vm/app/nix/bin/vm-rebuild
 create mode 100644 vm/app/nix/default.nix

diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix
index a510c02..9f00793 100644
--- a/host/initramfs/extfs.nix
+++ b/host/initramfs/extfs.nix
@@ -12,6 +12,7 @@ let
   appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; };
   appvm-lynx = import ../../vm/app/lynx.nix { inherit config; };
   appvm-mg = import ../../vm/app/mg.nix { inherit config; };
+  appvm-nix = import ../../vm/app/nix { inherit config; };
 in
 
 runCommand "ext.ext4" {
@@ -26,6 +27,7 @@ runCommand "ext.ext4" {
   tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x
   tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x
   tar -C ${appvm-mg} -c . | tar -C svc/data/appvm-mg -x
+  tar -C ${appvm-nix} -c . | tar -C svc/data/appvm-nix -x
 
   mkfs.ext4 -d . $out 16T
   resize2fs -M $out
diff --git a/vm/app/nix/bin/vm-rebuild b/vm/app/nix/bin/vm-rebuild
new file mode 100755
index 0000000..98eae10
--- /dev/null
+++ b/vm/app/nix/bin/vm-rebuild
@@ -0,0 +1,25 @@
+#!/bin/execlineb -S1
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+if -n {
+  if -n { test $# -eq 1 -a $1 = switch }
+  fdmove -c 1 2
+  echo "Usage: ${0} switch"
+}
+
+cd /run/virtiofs/virtiofs0
+
+backtick -E dir { mktemp -d }
+foreground {
+  if { nix-build -o ${dir}/system <spectrum-vms> }
+  if { nix-env -p nix/var/nix/profiles/vms --set ${dir}/system }
+  backtick -E vmsdir { resolve_in_root . nix/var/nix/profiles/vms }
+  cd $vmsdir
+  elglob -0 glob *
+  forx -E vm { $glob }
+  ln -s /nix/var/nix/profiles/vms/${vm} /run/virtiofs/virtiofs0/svc/data
+}
+importas -iu ? ?
+background { rm -rf $dir }
+exit $?
diff --git a/vm/app/nix/default.nix b/vm/app/nix/default.nix
new file mode 100644
index 0000000..9427ca4
--- /dev/null
+++ b/vm/app/nix/default.nix
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../../../nix/eval-config.nix {} }:
+
+import ../../make-vm.nix { inherit config; } {
+  providers.net = [ "netvm" ];
+  sharedDirs.virtiofs0.path = "/ext";
+  run = config.pkgs.pkgsStatic.callPackage (
+    { lib, runCommand, writeScript, nix }:
+    let
+      inherit (lib) concatStringsSep const hasSuffix makeBinPath;
+
+      bin = builtins.filterSource (name: _type:
+        name == toString bin/. || name == toString bin/vm-rebuild) ./.;
+
+      nixPath = [
+        "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz"
+        "spectrum=/run/virtiofs/virtiofs0/vm-config/spectrum"
+        "spectrum-vms=/run/virtiofs/virtiofs0/vm-config/vms.nix"
+      ];
+
+      resolve_in_root = import ../../../tools/resolve_in_root {
+        config = config // { pkgs = config.pkgs.pkgsStatic; };
+      };
+    in
+    writeScript "run-nix" '' 
+      #!/bin/execlineb -P
+      importas -i PATH PATH
+      export NIX_CONFIG "build-users-group ="
+      export NIX_REMOTE /run/virtiofs/virtiofs0
+      export NIX_PATH ${concatStringsSep ":" nixPath}
+      export PATH ${makeBinPath [ bin nix resolve_in_root ]}:''${PATH}
+      export XDG_CACHE_HOME /run/cache
+
+      # FIXME: can be removed when we have nix#7070.
+      export XDG_DATA_HOME /run/data
+
+      if { /etc/mdev/wait virtiofs0 }
+      /bin/sh -il
+    ''
+  ) { };
+}
-- 
2.37.1