diff --git a/README.org b/README.org index 6e59366..80f82f7 100644 --- a/README.org +++ b/README.org @@ -43,6 +43,7 @@ I separate my configurations into [[./profiles][profiles]] (essentially system t - [[./profiles/personal][Personal]] - What I would run on a personal laptop/desktop - [[./profiles/work][Work]] - What I would run on a work laptop/desktop (if they let me bring my own OS :P) - [[./profiles/homelab][Homelab]] - What I would run on a server or homelab +- [[./profiles/wsl][WSL]] - What I would run underneath Windows Subystem for Linux My profile can be conveniently selected in [[./flake.nix][my flake.nix]] by setting the =profile= variable. diff --git a/profiles/README.org b/profiles/README.org index c239eb6..487f229 100644 --- a/profiles/README.org +++ b/profiles/README.org @@ -6,6 +6,6 @@ Current profiles I have available are: - [[./personal][Personal]] - What I would run on a personal laptop/desktop* - [[./work][Work]] - What I would run on a work laptop/desktop (if they let me bring my own OS :P) - [[./homelab][Homelab]] - What I would run on a server or homelab -- [[./wsl][WSL]] - What I would run inside WSL on Windows +- [[./wsl][WSL]] - What I would run underneath Windows Subystem for Linux *My [[./personal][personal]] and [[./work][work]] profiles are actually functionally identical (the [[./work][work]] profile is actually imported into the [[./personal][personal]] profile)! The only difference between them is that my [[./personal][personal]] profile has a few extra things like gaming and social apps. diff --git a/profiles/wsl/README.org b/profiles/wsl/README.org index ea36442..af200da 100644 --- a/profiles/wsl/README.org +++ b/profiles/wsl/README.org @@ -1,3 +1,5 @@ #+title: Trying to use a computer without Linux is hard -This is my =WSL= profile, which is a minimal installation I use on Windows underneath WSL. This is essentially just for Emacs, some useful CLI apps I can't live without (namely ranger), and LibreOffice, which runs strangely slow on Windows. +This is my =WSL= profile, which is a minimal installation I use on Windows underneath WSL. This (obviously) requires [[https://github.com/nix-community/NixOS-WSL][NixOS-WSL]] to be installed. I essentially just use this for Emacs, some useful CLI apps I can't live without (namely ranger), and LibreOffice, which runs strangely slow on Windows (hmm, I wonder why? It's not like Microsoft has a competing office suite or anything...) + +The [[./nixos-wsl][nixos-wsl]] directory is taken directly from [[https://github.com/nix-community/NixOS-WSL][NixOS-WSL]] and merely patched slightly to allow it to run with the unstable channel of nixpkgs. diff --git a/profiles/wsl/configuration.nix b/profiles/wsl/configuration.nix index 50c7ac0..c4172d6 100644 --- a/profiles/wsl/configuration.nix +++ b/profiles/wsl/configuration.nix @@ -3,9 +3,16 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, blocklist-hosts, username, name, hostname, timezone, locale, wm, theme, ... }: + +with lib; +let + nixos-wsl = import ./nixos-wsl; +in { imports = - [ ../../system/hardware-configuration.nix + [ #"${modulesPath}/profiles/minimal.nix" + nixos-wsl.nixosModules.wsl + #../../system/hardware-configuration.nix ../../system/hardware/kernel.nix # Kernel config ../../system/hardware/opengl.nix ../../system/hardware/printing.nix @@ -18,6 +25,20 @@ ../../system/style/stylix.nix ]; + wsl = { + enable = true; + automountPath = "/mnt"; + defaultUser = username; + startMenuLaunchers = true; + + # Enable native Docker support + # docker-native.enable = true; + + # Enable integration with Docker Desktop (needs to be installed) + # docker-desktop.enable = true; + + }; + # Fix nix path nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=$HOME/dotfiles/system/configuration.nix" @@ -27,20 +48,20 @@ # Experimental features nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Ensure nix flakes are enabled + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + # I'm sorry Stallman-taichou nixpkgs.config.allowUnfree = true; # Kernel modules boot.kernelModules = [ "i2c-dev" "i2c-piix4" "cpufreq_powersave" ]; - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Networking networking.hostName = hostname; # Define your hostname. - networking.networkmanager.enable = true; # Use networkmanager # Timezone and locale time.timeZone = timezone; # time zone @@ -89,6 +110,6 @@ }; # It is ok to leave this unchanged for compatibility purposes - system.stateVersion = "22.11"; + system.stateVersion = "22.05"; } diff --git a/profiles/wsl/home.nix b/profiles/wsl/home.nix index 66d7d56..5520ec2 100644 --- a/profiles/wsl/home.nix +++ b/profiles/wsl/home.nix @@ -27,6 +27,7 @@ # Core zsh git + syncthing # Office libreoffice-fresh-unwrapped @@ -37,6 +38,8 @@ nodePackages.ungit ]; + services.syncthing.enable = true; + xdg.enable = true; xdg.userDirs = { enable = true; diff --git a/profiles/wsl/nixos-wsl/LICENSE b/profiles/wsl/nixos-wsl/LICENSE new file mode 100755 index 0000000..ef51da2 --- /dev/null +++ b/profiles/wsl/nixos-wsl/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/profiles/wsl/nixos-wsl/README.md b/profiles/wsl/nixos-wsl/README.md new file mode 100755 index 0000000..b3a4ff9 --- /dev/null +++ b/profiles/wsl/nixos-wsl/README.md @@ -0,0 +1,112 @@ +

+ NixOS on WSL
+ Matrix Chat + nixpkgs 22.05 + Downloads +

+ +A minimal root filesystem for running NixOS on WSL. It can be used with +[DistroLauncher](https://github.com/microsoft/WSL-DistroLauncher) as +`install.tar.gz` or as input to `wsl --import --version 2`. + +## Quick start + +First, [download the latest release\'s installer](https://github.com/nix-community/NixOS-WSL/releases/latest). + +Then open up a Terminal, PowerShell or Command Prompt and run: + +```sh +wsl --import NixOS .\NixOS\ nixos-wsl-installer.tar.gz --version 2 +``` + +This sets up a new WSL distribution `NixOS` that is installed under +`.\NixOS`. `nixos-wsl-installer.tar.gz` is the path to the file you +downloaded earlier. You might need to change this path or change to the download directory first. + +You can now run NixOS: + +```sh +wsl -d NixOS +``` + +The installer will unpack the file system and subsequently start NixOS. +A few warnings about file systems and locales will pop up. You can +safely ignore them. After systemd has started, you should be greeted +with a bash prompt inside your fresh NixOS installation. + +If you want to make NixOS your default distribution, you can do so with + +```sh +wsl -s NixOS +``` + +## Building your own system tarball + +This requires access to a system that already has Nix installed. Please refer to the [Nix installation guide](https://nixos.org/guides/install-nix.html) if that\'s not the case. + +If you have a flakes-enabled Nix, you can use the following command to +build your own tarball instead of relying on a prebuilt one: + +```cmd +nix build github:nix-community/NixOS-WSL#nixosConfigurations.mysystem.config.system.build.installer +``` + +Or, if you want to build with local changes, run inside your checkout: + +```cmd +nix build .#nixosConfigurations.mysystem.config.system.build.installer +``` + +Without a flakes-enabled Nix, you can build a tarball using: + +```cmd +nix-build -A nixosConfigurations.mysystem.config.system.build.installer +``` + +The resulting installer tarball can then be found under +`./result/tarball/nixos-wsl-installer.tar.gz`. + +You can also build a rootfs tarball without wrapping it in the installer +by replacing `installer` with `tarball` in the above commands. The +rootfs tarball can then be found under +`./result/tarball/nixos-wsl-x86_64-linux.tar.gz`. + +## Design + +Getting NixOS to run under WSL requires some workarounds: + +### systemd support + +WSL comes with its own (non-substitutable) init system while NixOS uses +systemd. Simply starting systemd later on does not work out of the box, +because systemd as system instance refuses to start if it is not PID 1. +This unfortunate combination is resolved in two ways: + +- the user\'s default shell is replaced by a wrapper script that acts + is init system and then drops to the actual shell +- systemd is started in its own PID namespace; therefore, it is PID 1. + The shell wrapper (see above) enters the systemd namespace before + dropping to the shell. + +### Installer + +Usually WSL distributions ship as a tarball of their root file system. +These tarballs however, can not contain any hard-links due to the way +they are unpacked by WSL, resulting in an \"Unspecified Error\". By +default some Nix-derivations will contain hard-links when they are +built. This results in system tarballs that can not be imported into +WSL. To circumvent this problem, the rootfs tarball is wrapped in that +of a minimal distribution (the installer), that is packaged without any +hard-links. When the installer system is started for the first time, it +overwrites itself with the contents of the rootfs tarball. + +## License + +Apache License, Version 2.0. See `LICENSE` or for details. + +## Further links + +- [DistroLauncher](https://github.com/microsoft/WSL-DistroLauncher) +- [A quick way into a systemd \"bottle\" for WSL](https://github.com/arkane-systems/genie) +- [NixOS in Windows Store for Windows Subsystem for Linux](https://github.com/NixOS/nixpkgs/issues/30391) +- [wsl2-hacks](https://github.com/shayne/wsl2-hacks) diff --git a/profiles/wsl/nixos-wsl/default.nix b/profiles/wsl/nixos-wsl/default.nix new file mode 100755 index 0000000..873ece4 --- /dev/null +++ b/profiles/wsl/nixos-wsl/default.nix @@ -0,0 +1,13 @@ +(import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { + src = ./.; + }).defaultNix diff --git a/profiles/wsl/nixos-wsl/flake.lock b/profiles/wsl/nixos-wsl/flake.lock new file mode 100755 index 0000000..ba649f6 --- /dev/null +++ b/profiles/wsl/nixos-wsl/flake.lock @@ -0,0 +1,59 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1660318005, + "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/profiles/wsl/nixos-wsl/flake.nix b/profiles/wsl/nixos-wsl/flake.nix new file mode 100755 index 0000000..8a62b47 --- /dev/null +++ b/profiles/wsl/nixos-wsl/flake.nix @@ -0,0 +1,56 @@ +{ + description = "NixOS WSL"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-22.05"; + flake-utils.url = "github:numtide/flake-utils"; + + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { self, nixpkgs, flake-utils, ... }: + { + + nixosModules.wsl = { + imports = [ + ./modules/build-tarball.nix + ./modules/docker-desktop.nix + ./modules/docker-native.nix + ./modules/installer.nix + ./modules/interop.nix + ./modules/wsl-distro.nix + ]; + }; + + nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ]; + }; + + } // + flake-utils.lib.eachSystem + (with flake-utils.lib.system; [ "x86_64-linux" "aarch64-linux" ]) + (system: + let + pkgs = import nixpkgs { inherit system; }; + in + { + checks.check-format = pkgs.runCommand "check-format" + { + buildInputs = with pkgs; [ nixpkgs-fmt ]; + } '' + nixpkgs-fmt --check ${./.} + mkdir $out # success + ''; + + devShell = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ nixpkgs-fmt ]; + }; + } + ); +} diff --git a/profiles/wsl/nixos-wsl/modules/build-tarball.nix b/profiles/wsl/nixos-wsl/modules/build-tarball.nix new file mode 100755 index 0000000..feba78d --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/build-tarball.nix @@ -0,0 +1,97 @@ +{ config, pkgs, lib, ... }: +with builtins; with lib; +let + pkgs2storeContents = l: map (x: { object = x; symlink = "none"; }) l; + + nixpkgs = lib.cleanSource pkgs.path; + + channelSources = pkgs.runCommand "nixos-${config.system.nixos.version}" + { preferLocalBuild = true; } + '' + mkdir -p $out + cp -prd ${nixpkgs.outPath} $out/nixos + chmod -R u+w $out/nixos + if [ ! -e $out/nixos/nixpkgs ]; then + ln -s . $out/nixos/nixpkgs + fi + echo -n ${toString config.system.nixos.revision} > $out/nixos/.git-revision + echo -n ${toString config.system.nixos.versionSuffix} > $out/nixos/.version-suffix + echo ${toString config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision + ''; + + preparer = pkgs.writeShellScriptBin "wsl-prepare" '' + set -e + + mkdir -m 0755 ./bin ./etc + mkdir -m 1777 ./tmp + + # WSL requires a /bin/sh - only temporary, NixOS's activate will overwrite + ln -s ${config.users.users.root.shell} ./bin/sh + + # WSL also requires a /bin/mount, otherwise the host fs isn't accessible + ln -s /nix/var/nix/profiles/system/sw/bin/mount ./bin/mount + + # Set system profile + system=${config.system.build.toplevel} + ./$system/sw/bin/nix-store --store `pwd` --load-db < ./nix-path-registration + rm ./nix-path-registration + ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/system --set $system + + # Set channel + mkdir -p ./nix/var/nix/profiles/per-user/root + ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/per-user/root/channels --set ${channelSources} + mkdir -m 0700 -p ./root/.nix-defexpr + ln -s /nix/var/nix/profiles/per-user/root/channels ./root/.nix-defexpr/channels + + # It's now a NixOS! + touch ./etc/NIXOS + + # Write wsl.conf so that it is present when NixOS is started for the first time + cp ${config.environment.etc."wsl.conf".source} ./etc/wsl.conf + + ${lib.optionalString config.wsl.tarball.includeConfig '' + # Copy the system configuration + mkdir -p ./etc/nixos/nixos-wsl + cp -R ${lib.cleanSource ../.}/. ./etc/nixos/nixos-wsl + mv ./etc/nixos/nixos-wsl/configuration.nix ./etc/nixos/configuration.nix + # Patch the import path to avoid having a flake.nix in /etc/nixos + sed -i 's|import \./default\.nix|import \./nixos-wsl|' ./etc/nixos/configuration.nix + ''} + ''; + +in +{ + + options.wsl.tarball = { + includeConfig = mkOption { + type = types.bool; + default = true; + description = "Whether or not to copy the system configuration into the tarball"; + }; + }; + + + config = mkIf config.wsl.enable { + # These options make no sense without the wsl-distro module anyway + + system.build.tarball = pkgs.callPackage "${nixpkgs}/nixos/lib/make-system-tarball.nix" { + # No contents, structure will be added by prepare script + contents = [ ]; + + fileName = "nixos-wsl-${pkgs.hostPlatform.system}"; + + storeContents = pkgs2storeContents [ + config.system.build.toplevel + channelSources + preparer + ]; + + extraCommands = "${preparer}/bin/wsl-prepare"; + + # Use gzip + compressCommand = "gzip"; + compressionExtension = ".gz"; + }; + + }; +} diff --git a/profiles/wsl/nixos-wsl/modules/docker-desktop.nix b/profiles/wsl/nixos-wsl/modules/docker-desktop.nix new file mode 100755 index 0000000..ade86e9 --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/docker-desktop.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +with builtins; with lib; { + + imports = [ + (mkRenamedOptionModule [ "wsl" "docker" ] [ "wsl" "docker-desktop" ]) + ]; + + options.wsl.docker-desktop = with types; { + enable = mkEnableOption "Docker Desktop integration"; + }; + + config = + let + cfg = config.wsl.docker-desktop; + in + mkIf (config.wsl.enable && cfg.enable) { + + environment.systemPackages = with pkgs; [ + docker + docker-compose + ]; + + systemd.services.docker-desktop-proxy = { + description = "Docker Desktop proxy"; + script = '' + ${config.wsl.automountPath}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.automountPath}/wsl/docker-desktop + ''; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + }; + }; + + users.groups.docker.members = [ + config.wsl.defaultUser + ]; + + }; + +} diff --git a/profiles/wsl/nixos-wsl/modules/docker-native.nix b/profiles/wsl/nixos-wsl/modules/docker-native.nix new file mode 100755 index 0000000..35d10ef --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/docker-native.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +with builtins; with lib; { + + options.wsl.docker-native = with types; { + enable = mkEnableOption "Native Docker integration in NixOS."; + + addToDockerGroup = mkOption { + type = bool; + default = config.security.sudo.wheelNeedsPassword; + description = '' + Wether to add the default user to the docker group. + + This is not recommended, if you have a password, because it essentially permits unauthenticated root access. + ''; + }; + }; + + config = + let + cfg = config.wsl.docker-native; + in + mkIf (config.wsl.enable && cfg.enable) { + nixpkgs.overlays = [ + (self: super: { + docker = super.docker.override { iptables = pkgs.iptables-legacy; }; + }) + ]; + + environment.systemPackages = with pkgs; [ + docker + docker-compose + ]; + + virtualisation.docker.enable = true; + + users.groups.docker.members = lib.mkIf cfg.addToDockerGroup [ + config.wsl.defaultUser + ]; + }; +} diff --git a/profiles/wsl/nixos-wsl/modules/installer.nix b/profiles/wsl/nixos-wsl/modules/installer.nix new file mode 100755 index 0000000..45d191a --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/installer.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: +with builtins; with lib; { + + config = mkIf config.wsl.enable ( + let + mkTarball = pkgs.callPackage "${lib.cleanSource pkgs.path}/nixos/lib/make-system-tarball.nix"; + + pkgs2storeContents = map (x: { object = x; symlink = "none"; }); + + rootfs = let tarball = config.system.build.tarball; in "${tarball}/tarball/${tarball.fileName}.tar${tarball.extension}"; + + installer = pkgs.writeScript "installer.sh" '' + #!${pkgs.busybox}/bin/sh + BASEPATH=$PATH + export PATH=$BASEPATH:${pkgs.busybox}/bin # Add busybox to path + + set -e + cd / + + echo "Unpacking root file system..." + ${pkgs.pv}/bin/pv ${rootfs} | tar xz + + echo "Activating nix configuration..." + /nix/var/nix/profiles/system/activate + PATH=$BASEPATH:/run/current-system/sw/bin # Use packages from target system + + echo "Cleaning up installer files..." + nix-collect-garbage + rm /nix-path-registration + + echo "Optimizing store..." + nix-store --optimize + + # Don't package the shell here, it's contained in the rootfs + exec ${builtins.unsafeDiscardStringContext config.users.users.root.shell} "$@" + ''; + + # Set installer.sh as the root shell + passwd = pkgs.writeText "passwd" '' + root:x:0:0:System administrator:/root:${installer} + ''; + in + { + + system.build.installer = mkTarball { + fileName = "nixos-wsl-installer"; + compressCommand = "gzip"; + compressionExtension = ".gz"; + extraArgs = "--hard-dereference"; + + storeContents = with pkgs; pkgs2storeContents [ + installer + ]; + + contents = [ + { source = config.environment.etc."wsl.conf".source; target = "/etc/wsl.conf"; } + { source = config.environment.etc."fstab".source; target = "/etc/fstab"; } + { source = passwd; target = "/etc/passwd"; } + { source = "${pkgs.busybox}/bin/busybox"; target = "/bin/sh"; } + { source = "${pkgs.busybox}/bin/busybox"; target = "/bin/mount"; } + ]; + + extraCommands = pkgs.writeShellScript "prepare" '' + export PATH=$PATH:${pkgs.coreutils}/bin + mkdir -p bin + ln -s /init bin/wslpath + ''; + }; + + } + ); + +} diff --git a/profiles/wsl/nixos-wsl/modules/interop.nix b/profiles/wsl/nixos-wsl/modules/interop.nix new file mode 100755 index 0000000..b7babfb --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/interop.nix @@ -0,0 +1,88 @@ +{ lib, pkgs, config, ... }: + +with builtins; with lib; +{ + imports = [ + (mkRenamedOptionModule [ "wsl" "compatibility" "interopPreserveArgvZero" ] [ "wsl" "interop" "preserveArgvZero" ]) + ]; + + options.wsl.interop = with types; { + register = mkOption { + type = bool; + default = false; # Use the existing registration by default + description = "Explicitly register the binfmt_misc handler for Windows executables"; + }; + + includePath = mkOption { + type = bool; + default = true; + description = "Include Windows PATH in WSL PATH"; + }; + + preserveArgvZero = mkOption { + type = nullOr bool; + default = null; + description = '' + Register binfmt interpreter for Windows executables with 'preserves argv[0]' flag. + + Default (null): autodetect, at some performance cost. + To avoid the performance cost, set this to true for WSL Preview 0.58 and up, + or to false for any older versions, including pre-Microsoft Store and Windows 10. + ''; + }; + }; + + config = + let + cfg = config.wsl.interop; + in + mkIf config.wsl.enable { + + boot.binfmt.registrations = mkIf cfg.register { + WSLInterop = + let + compat = cfg.preserveArgvZero; + + # WSL Preview 0.58 and up registers the /init binfmt interp for Windows executable + # with the "preserve argv[0]" flag, so if you run `./foo.exe`, the interp gets invoked + # as `/init foo.exe ./foo.exe`. + # argv[0] --^ ^-- actual path + # + # Older versions expect to be called without the argv[0] bit, simply as `/init ./foo.exe`. + # + # We detect that by running `/init /known-not-existing-path.exe` and checking the exit code: + # the new style interp expects at least two arguments, so exits with exit code 1, + # presumably meaning "parsing error"; the old style interp attempts to actually run + # the executable, fails to find it, and exits with 255. + compatWrapper = pkgs.writeShellScript "nixos-wsl-binfmt-hack" '' + /init /nixos-wsl-does-not-exist.exe + [ $? -eq 255 ] && shift + exec /init "$@" + ''; + + # use the autodetect hack if unset, otherwise call /init directly + interpreter = if compat == null then compatWrapper else "/init"; + + # enable for the wrapper and autodetect hack + preserveArgvZero = if compat == false then false else true; + in + { + magicOrExtension = "MZ"; + fixBinary = true; + wrapInterpreterInShell = false; + inherit interpreter preserveArgvZero; + }; + }; + + # Include Windows %PATH% in Linux $PATH. + environment.extraInit = mkIf cfg.includePath ''PATH="$PATH:$WSLPATH"''; + + warnings = + let + registrations = config.boot.binfmt.registrations; + in + optional (!(registrations ? WSLInterop) && (length (attrNames config.boot.binfmt.registrations)) != 0) "Having any binfmt registrations without re-registering WSLInterop (wsl.interop.register) will break running .exe files from WSL2"; + }; + + +} diff --git a/profiles/wsl/nixos-wsl/modules/wsl-distro.nix b/profiles/wsl/nixos-wsl/modules/wsl-distro.nix new file mode 100755 index 0000000..6b95c3d --- /dev/null +++ b/profiles/wsl/nixos-wsl/modules/wsl-distro.nix @@ -0,0 +1,139 @@ +{ lib, pkgs, config, ... }: + +with builtins; with lib; +{ + options.wsl = with types; + let + coercedToStr = coercedTo (oneOf [ bool path int ]) (toString) str; + in + { + enable = mkEnableOption "support for running NixOS as a WSL distribution"; + automountPath = mkOption { + type = str; + default = "/mnt"; + description = "The path where windows drives are mounted (e.g. /mnt/c)"; + }; + automountOptions = mkOption { + type = str; + default = "metadata,uid=1000,gid=100"; + description = "Options to use when mounting windows drives"; + }; + defaultUser = mkOption { + type = str; + default = "nixos"; + description = "The name of the default user"; + }; + startMenuLaunchers = mkEnableOption "shortcuts for GUI applications in the windows start menu"; + wslConf = mkOption { + type = attrsOf (attrsOf (oneOf [ str int bool ])); + description = "Entries that are added to /etc/wsl.conf"; + }; + }; + + config = + let + cfg = config.wsl; + syschdemd = import ../syschdemd.nix { inherit lib pkgs config; inherit (cfg) automountPath defaultUser; defaultUserHome = config.users.users.${cfg.defaultUser}.home; }; + in + mkIf cfg.enable { + + wsl.wslConf = { + automount = { + enabled = true; + mountFsTab = true; + root = "${cfg.automountPath}/"; + options = cfg.automountOptions; + }; + network = { + generateResolvConf = mkDefault true; + generateHosts = mkDefault true; + }; + }; + + # WSL is closer to a container than anything else + boot.isContainer = true; + + environment.noXlibs = lib.mkForce false; # override xlibs not being installed (due to isContainer) to enable the use of GUI apps + hardware.opengl.enable = true; # Enable GPU acceleration + + environment = { + + etc = { + "wsl.conf".text = generators.toINI { } cfg.wslConf; + + # DNS settings are managed by WSL + hosts.enable = !config.wsl.wslConf.network.generateHosts; + "resolv.conf".enable = !config.wsl.wslConf.network.generateResolvConf; + }; + + systemPackages = [ + (pkgs.runCommand "wslpath" { } '' + mkdir -p $out/bin + ln -s /init $out/bin/wslpath + '') + ]; + }; + + networking.dhcpcd.enable = false; + + users.users.${cfg.defaultUser} = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; # Allow the default user to use sudo + }; + + users.users.root = { + shell = "${syschdemd}/bin/syschdemd"; + # Otherwise WSL fails to login as root with "initgroups failed 5" + extraGroups = [ "root" ]; + }; + + security.sudo = { + extraConfig = '' + Defaults env_keep+=INSIDE_NAMESPACE + ''; + wheelNeedsPassword = mkDefault false; # The default user will not have a password by default + }; + + system.activationScripts = { + copy-launchers = mkIf cfg.startMenuLaunchers ( + stringAfter [ ] '' + for x in applications icons; do + echo "Copying /usr/share/$x" + mkdir -p /usr/share/$x + ${pkgs.rsync}/bin/rsync -ar --delete $systemConfig/sw/share/$x/. /usr/share/$x + done + '' + ); + populateBin = stringAfter [ ] '' + echo "setting up /bin..." + ln -sf /init /bin/wslpath + ln -sf ${pkgs.bashInteractive}/bin/bash /bin/sh + ln -sf ${pkgs.util-linux}/bin/mount /bin/mount + ''; + }; + + systemd = { + # Disable systemd units that don't make sense on WSL + services = { + "serial-getty@ttyS0".enable = false; + "serial-getty@hvc0".enable = false; + "getty@tty1".enable = false; + "autovt@".enable = false; + firewall.enable = false; + systemd-resolved.enable = false; + systemd-udevd.enable = false; + }; + + tmpfiles.rules = [ + # Don't remove the X11 socket + "d /tmp/.X11-unix 1777 root root" + ]; + + # Don't allow emergency mode, because we don't have a console. + enableEmergencyMode = false; + }; + + warnings = (optional (config.systemd.services.systemd-resolved.enable && config.wsl.wslConf.network.generateResolvConf) "systemd-resolved is enabled, but resolv.conf is managed by WSL"); + }; +} diff --git a/profiles/wsl/nixos-wsl/syschdemd.nix b/profiles/wsl/nixos-wsl/syschdemd.nix new file mode 100755 index 0000000..406dd86 --- /dev/null +++ b/profiles/wsl/nixos-wsl/syschdemd.nix @@ -0,0 +1,28 @@ +{ lib +, pkgs +, config +, automountPath +, defaultUser +, defaultUserHome ? "/home/${defaultUser}" +, ... +}: + +pkgs.substituteAll { + name = "syschdemd"; + src = ./syschdemd.sh; + dir = "bin"; + isExecutable = true; + + buildInputs = with pkgs; [ daemonize ]; + + inherit defaultUser defaultUserHome; + inherit (pkgs) daemonize; + inherit (config.security) wrapperDir; + fsPackagesPath = lib.makeBinPath config.system.fsPackages; + + systemdWrapper = pkgs.writeShellScript "systemd-wrapper.sh" '' + mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc || true + mount --make-rshared ${automountPath} + exec systemd + ''; +} diff --git a/profiles/wsl/nixos-wsl/syschdemd.sh b/profiles/wsl/nixos-wsl/syschdemd.sh new file mode 100755 index 0000000..6223cda --- /dev/null +++ b/profiles/wsl/nixos-wsl/syschdemd.sh @@ -0,0 +1,78 @@ +#! @shell@ + +set -e + +sw="/nix/var/nix/profiles/system/sw/bin" +systemPath=$(${sw}/readlink -f /nix/var/nix/profiles/system) + +function start_systemd { + echo "Starting systemd..." >&2 + + PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \ + LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \ + @daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc @systemdWrapper@ + + # Wait until systemd has been started to prevent a race condition from occuring + while ! $sw/pgrep -xf systemd | $sw/tail -n1 >/run/systemd.pid; do + $sw/sleep 1s + done + + # Wait for systemd to start services + status=1 + while [[ $status -gt 0 ]]; do + $sw/sleep 1 + status=0 + $sw/nsenter -t $(/dev/null || + status=$? + done +} + +# Needs root to work +if [[ $EUID -ne 0 ]]; then + echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root" >&2 + exit 1 +fi + +if [ ! -e "/run/current-system" ]; then + LANG="C.UTF-8" /nix/var/nix/profiles/system/activate +fi + +if [ ! -e "/run/systemd.pid" ]; then + start_systemd +fi + +userShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7) +if [[ $# -gt 0 ]]; then + # wsl seems to prefix with "-c" + shift + cmd="$@" +else + cmd="$userShell" +fi + +# Pass external environment but filter variables specific to root user. +exportCmd="$(export -p | $sw/grep -vE ' (HOME|LOGNAME|SHELL|USER)='); export WSLPATH=\"$PATH\"; export INSIDE_NAMESPACE=true" + +if [[ -z "${INSIDE_NAMESPACE:-}" ]]; then + + # Test whether systemd is still alive if it was started previously + if ! [ -d "/proc/$(