WFVM
A Nix library to create and manage virtual machines running Windows, a medieval operating system found on most computers in 2020. The F stands for "Functional" or a four-letter word of your choice.
- Reproducible - everything runs in the Nix sandbox with no tricks.
- Fully automatic, parameterizable Windows 11 installation.
- Uses QEMU with KVM.
- Supports incremental installation (using "layers") of additional software via QEMU copy-on-write backing chains. For example,
wfvm.makeWindowsImage { offlineInstallCommands = [ wfvm.layers.anaconda3 ]; };gives you a VM image with Anaconda3 installed, andwfvm.makeWindowsImage { offlineInstallCommands = [ wfvm.layers.anaconda3 wfvm.layers.msys2 ]; };gives you one with both Anaconda3 and MSYS2 installed. The base Windows installation and the Anaconda3 data are shared between both images, and only the MSYS2 installation is performed when building the second image after the first one has been built. - Included layers: Anaconda3, a software installer chock full of bugs that pretends to be a package manager, Visual Studio, a spamming system for Microsoft accounts that includes a compiler, and MSYS2, which is the only sane component in the whole lot.
- Supports running arbitrary commands in a VM image in snapshot mode inside a derivation and retrieving the result.
- Network access from the VM is heavily restricted to avoid issues with Microsoft spyware and similar programs.
- When used with Hydra, redistribution of nonfree content can be blocked.
- Supports internet-dependent installation steps via
internetInstallCommands. These commands are split out from the normal sandboxed image build and emitted as a local script, so they can be run outside the Nix sandbox with QEMU user networking set torestrict=off. Internet install commands are always applied as the final layer on top of the offline image and are generally not recommended because they reduce reproducibility.
Example applications:
- Creating reproducible Windows VM images with pre-installed software.
- Compiling Conda packages with Visual Studio in a fully reproducible manner and without having to deal with the constant data corruption caused by Conda.
- Running Windows unit tests on Hydra.
Thanks to Adam Höse from Tweag.io for help with this development.
How to use
Install a Windows image
-
Adjust demo-image.nix accordingly
-
Download Windows Image (update hash if necessary) and add it to nix store
nix-store --add-fixed sha256 <image> -
Run:
# Either returns an image or a script (when executed with `impureMode = true` or `internetInstallCommands`) nix build .#demoImage # Execute script if necessary (might need additional flags like `QEMU_AUDIO_DRV=none env -u LD_LIBRARY_PATH -u GIO_EXTRA_MODULES ./result`) ./result
Impure/pure mode
Sometimes it can be useful to build the image outside of the Nix sandbox for debugging purposes.
For this purpose we have an attribute called impureMode which outputs the shell script used by Nix inside the sandbox to build the image.
impureMode is meant for debugging the base image, so it does not execute the full incremental process.
Usage with Nix Flakes
This project's flake.nix exposes its functions under lib. To use
in your own project, setup your flake like this:
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
wfvm.url = "git+https://git.m-labs.hk/m-labs/wfvm";
};
outputs = { self, nixpkgs, wfvm }: {
packages."x86_64-linux".flaky-os = wfvm.lib.makeWindowsImage {
# configuration parameters go here
};
};
}