From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id A67F390672;
	Mon, 10 Oct 2022 23:33:13 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 03AE39030A; Mon, 10 Oct 2022 23:32:40 +0000 (UTC)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
	by atuin.qyliss.net (Postfix) with ESMTPS id DEA7E9007D
	for <devel@spectrum-os.org>; Mon, 10 Oct 2022 23:32:13 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	by mailout.nyi.internal (Postfix) with ESMTP id 4428B5C01BE
	for <devel@spectrum-os.org>; Mon, 10 Oct 2022 19:32:10 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute4.internal (MEProxy); Mon, 10 Oct 2022 19:32:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to; s=fm2; t=1665444730; x=
	1665531130; bh=dkr5QcAjWuCcJd25VOlMkgZhH++mtaiq/bceJs50qoE=; b=D
	pwqsPTXCSZOpZGCblgsbk3BnwJKc30nl+tA9X+nNm4IE91rqw/pYN94aQ66sbk15
	10RUkjskWb982Qwob5B9QnC5SNM/BuWK3tosJEiGOG6O/8b1f7uwdzFmaSIZ8XWX
	yac+i9Pqx+tt+Igtwmlvodv5d/7mp7KUI0g49k/9J0o2ySKP5xYWOjjLFfkfnzJB
	gzlG0CyZaokk0bb9bax75QGazEGnWB3gjbL2/jsBRIeCsDkiuzEpSuVn2bJRfei0
	KJDXlvSGxoB+SHA1lCIYSN41G8h1iflUVngkrq3EJm1bJs3KAKz66ubqMadivcXK
	+V3vcte02X7KDamMdt1aw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:date:feedback-id:feedback-id:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm3; t=1665444730; x=1665531130; bh=d
	kr5QcAjWuCcJd25VOlMkgZhH++mtaiq/bceJs50qoE=; b=WqhSQY0kJ9GbDL65A
	m81F+Lsei/REfhCeegWgE/vxxCgE+mWN11/jbF7Lj0la4dABcSH1UaGvKLzlBHpG
	vNb5ckZN0iuRzQdcUDEkwUECE7EzcoVQY5DGAMR6fc3AIvMIqQQ7ZK62jgOVJApk
	55tfkLIEyW6N7iKbOnBZ59aVYsmdrO9ddAyUIA5OcZBed0P8gSPLlHXjrOAkKuEr
	DC9zvR2PcFgckJ72HyvWYREC9VB/ARyXDCKhzl+VAB+eIHQlRu/QJEP8KQ1eas17
	pU0ikB3MsaI7o2m4rF9noaS7t3A3Nv0EKU8Tvr+V3DEXkCBblNMGXspWbiT+3nwR
	WDCeQ==
X-ME-Sender: <xms:eqtEY9l11lrsltvN6vbh0Uhkq9qTT_BuLmaDlbSRN9IWClv6gIpXRg>
    <xme:eqtEY40_M3WXhCB1704Cl-krucCBi_1wB95REwxT0l4y0SNKZwV_bc70tE5D06U4g
    Li63uMsxBr7gYoQ6A>
X-ME-Received: 
 <xmr:eqtEYzoVR8VSUjNkCsFlIZ9AcbJ3CdRXOPzmc675QgWCh-nQaPPCvk_XqntLnDnuBjy9Hdydam1tZy5MbRFdoBUQfqIs9iwLig>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedvfedrfeejhedgvdduucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhggtgfgsehtke
    ertdertdejnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdr
    ihhsqeenucggtffrrghtthgvrhhnpeduffejgfetveeifeehveekudfhudekgfffleevud
    eiueejhfefgfegkeelleejteenucffohhmrghinhepphhrohhvihguvghrshdrnhgvthdp
    nhhigihoshdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih
    hlfhhrohhmpehqhihlihhsshesgidvvddtrdhqhihlihhsshdrnhgvth
X-ME-Proxy: <xmx:eqtEY9mRsf4xG4bos3kqWfSbF1foweDyuY2QQ6kA4ViBxpn_il7CTg>
    <xmx:eqtEY73T89g99Lt31XF0zUCVuse98y4AY93VU3Jpyg_3jOdLpzfA0Q>
    <xmx:eqtEY8uRLwnkxWkawbgD4AVFZZqQbkUw0wYmz-DFcLSYJA6Q9_C0Sg>
    <xmx:eqtEYwj3OCKxx2NJVzbB7xz-_it_Cqa8DK8eq2F-WW6YdAip9YAaHA>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <devel@spectrum-os.org>; Mon, 10 Oct 2022 19:32:09 -0400 (EDT)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id 04866CC2; Mon, 10 Oct 2022 23:32:07 +0000 (UTC)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH 19/22] vm/app/nix: add
Date: Mon, 10 Oct 2022 23:28:59 +0000
Message-Id: <20221010232909.1953738-20-hi@alyssa.is>
X-Mailer: git-send-email 2.37.1
In-Reply-To: <20221010232909.1953738-1-hi@alyssa.is>
References: <20221010232909.1953738-1-hi@alyssa.is>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 3UVWQH5F74PYOQOIKH5FUXAT6Q6BUHCA
X-Message-ID-Hash: 3UVWQH5F74PYOQOIKH5FUXAT6Q6BUHCA
X-MailFrom: qyliss@x220.qyliss.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.5
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/3UVWQH5F74PYOQOIKH5FUXAT6Q6BUHCA/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This is a VM that provides a shell set up to run Nix.  It has network
access, and full filesystem access to the user data partition.  The
included vm-rebuild command makes it possible to build Spectrum VMs
with Nix.  It's expected that vm-config/vms.nix be a Nix expression
that builds a directory of Spectrum VM definitions.  Code from
Spectrum (i.e. vm-lib) can be placed at vm-config/spectrum and will
appear as <spectrum> in the NIX_PATH.  This code is not included as
part of the Nix VM, because it would be bad for reproducibility if
updating the host system changed the Nix expressions used to build
VMs.

Nix-built VMs are each individually symlinked into svc/data, so that
managing VMs with Nix is not all-or-nothing.

vm-rebuild will not yet remove symlinks pointing to VMs that no longer
exist in the current generation, but that shouldn't be difficult to
fix — just delete any broken symlinks pointing into the Nix store.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/initramfs/extfs.nix  |  2 ++
 vm/app/nix/bin/vm-rebuild | 25 +++++++++++++++++++++++
 vm/app/nix/default.nix    | 43 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100755 vm/app/nix/bin/vm-rebuild
 create mode 100644 vm/app/nix/default.nix

diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix
index a510c02..9f00793 100644
--- a/host/initramfs/extfs.nix
+++ b/host/initramfs/extfs.nix
@@ -12,6 +12,7 @@ let
   appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; };
   appvm-lynx = import ../../vm/app/lynx.nix { inherit config; };
   appvm-mg = import ../../vm/app/mg.nix { inherit config; };
+  appvm-nix = import ../../vm/app/nix { inherit config; };
 in
 
 runCommand "ext.ext4" {
@@ -26,6 +27,7 @@ runCommand "ext.ext4" {
   tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x
   tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x
   tar -C ${appvm-mg} -c . | tar -C svc/data/appvm-mg -x
+  tar -C ${appvm-nix} -c . | tar -C svc/data/appvm-nix -x
 
   mkfs.ext4 -d . $out 16T
   resize2fs -M $out
diff --git a/vm/app/nix/bin/vm-rebuild b/vm/app/nix/bin/vm-rebuild
new file mode 100755
index 0000000..98eae10
--- /dev/null
+++ b/vm/app/nix/bin/vm-rebuild
@@ -0,0 +1,25 @@
+#!/bin/execlineb -S1
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+if -n {
+  if -n { test $# -eq 1 -a $1 = switch }
+  fdmove -c 1 2
+  echo "Usage: ${0} switch"
+}
+
+cd /run/virtiofs/virtiofs0
+
+backtick -E dir { mktemp -d }
+foreground {
+  if { nix-build -o ${dir}/system <spectrum-vms> }
+  if { nix-env -p nix/var/nix/profiles/vms --set ${dir}/system }
+  backtick -E vmsdir { resolve_in_root . nix/var/nix/profiles/vms }
+  cd $vmsdir
+  elglob -0 glob *
+  forx -E vm { $glob }
+  ln -s /nix/var/nix/profiles/vms/${vm} /run/virtiofs/virtiofs0/svc/data
+}
+importas -iu ? ?
+background { rm -rf $dir }
+exit $?
diff --git a/vm/app/nix/default.nix b/vm/app/nix/default.nix
new file mode 100644
index 0000000..9427ca4
--- /dev/null
+++ b/vm/app/nix/default.nix
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../../../nix/eval-config.nix {} }:
+
+import ../../make-vm.nix { inherit config; } {
+  providers.net = [ "netvm" ];
+  sharedDirs.virtiofs0.path = "/ext";
+  run = config.pkgs.pkgsStatic.callPackage (
+    { lib, runCommand, writeScript, nix }:
+    let
+      inherit (lib) concatStringsSep const hasSuffix makeBinPath;
+
+      bin = builtins.filterSource (name: _type:
+        name == toString bin/. || name == toString bin/vm-rebuild) ./.;
+
+      nixPath = [
+        "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz"
+        "spectrum=/run/virtiofs/virtiofs0/vm-config/spectrum"
+        "spectrum-vms=/run/virtiofs/virtiofs0/vm-config/vms.nix"
+      ];
+
+      resolve_in_root = import ../../../tools/resolve_in_root {
+        config = config // { pkgs = config.pkgs.pkgsStatic; };
+      };
+    in
+    writeScript "run-nix" '' 
+      #!/bin/execlineb -P
+      importas -i PATH PATH
+      export NIX_CONFIG "build-users-group ="
+      export NIX_REMOTE /run/virtiofs/virtiofs0
+      export NIX_PATH ${concatStringsSep ":" nixPath}
+      export PATH ${makeBinPath [ bin nix resolve_in_root ]}:''${PATH}
+      export XDG_CACHE_HOME /run/cache
+
+      # FIXME: can be removed when we have nix#7070.
+      export XDG_DATA_HOME /run/data
+
+      if { /etc/mdev/wait virtiofs0 }
+      /bin/sh -il
+    ''
+  ) { };
+}
-- 
2.37.1