From 0c8cca406a935f514cfc2b1a5061a461bc13f817 Mon Sep 17 00:00:00 2001 From: mwojcik Date: Wed, 16 Feb 2022 16:34:11 +0800 Subject: [PATCH 01/12] flake: first implementation --- flake.lock | 27 +++ flake.nix | 591 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 618 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f68af98 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1644837400, + "narHash": "sha256-treFS89w/xKzeTjJSJdYp/Ceddv6oqq7bL9mZMQDPi0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..af1b4a5 --- /dev/null +++ b/flake.nix @@ -0,0 +1,591 @@ +{ + description = "A Nix library to create and manage virtual machines running Windows."; + inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-21.11; + outputs = { self, nixpkgs }: + let + pkgs = import nixpkgs { system = "x86_64-linux"; }; + # common settings + baseRtc = "2020-04-20T14:21:42"; + cores = "4"; + qemuMem = "4G"; + efi = true; + # utils + utils = rec { + # qemu_test is a smaller closure only building for a single system arch + qemu = pkgs.qemu; + + mkQemuFlags = extraFlags: [ + "-enable-kvm" + "-cpu host" + "-smp ${cores}" + "-m ${qemuMem}" + "-M q35" + "-vga qxl" + "-rtc base=${baseRtc}" + "-device qemu-xhci" + "-device virtio-net-pci,netdev=n1" + ] ++ pkgs.lib.optionals efi [ + "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" + ] ++ extraFlags; + + # Pass empty config file to prevent ssh from failing to create ~/.ssh + sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1"; + win-exec = pkgs.writeShellScriptBin "win-exec" '' + set -e + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/ssh -np 2022 ${sshOpts} \ + wfvm@localhost \ + $1 + ''; + win-wait = pkgs.writeShellScriptBin "win-wait" '' + set -e + + # If the machine is not up within 10 minutes it's likely never coming up + timeout=600 + + # Wait for VM to be accessible + sleep 20 + echo "Waiting for SSH..." + while true; do + if test "$timeout" -eq 0; then + echo "SSH connection timed out" + exit 1 + fi + + output=$(${win-exec}/bin/win-exec 'echo|set /p="Ran command"' || echo "") + if test "$output" = "Ran command"; then + break + fi + + echo "Retrying in 1 second, timing out in $timeout seconds" + + ((timeout=$timeout-1)) + + sleep 1 + done + echo "SSH OK" + ''; + win-put = pkgs.writeShellScriptBin "win-put" '' + set -e + echo win-put $1 -\> $2 + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ + wfvm@localhost -b- << EOF + cd $2 + put $1 + EOF + ''; + win-get = pkgs.writeShellScriptBin "win-get" '' + set -e + echo win-get $1 + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ + wfvm@localhost:$1 . + ''; + + wfvm-run = { name, image, script, display ? false, isolateNetwork ? true, forwardedPorts ? [], fakeRtc ? true }: + let + restrict = + if isolateNetwork + then "on" + else "off"; + # use socat instead of `tcp:...` to allow multiple connections + guestfwds = + builtins.concatStringsSep "" + (map ({ listenAddr, targetAddr, port }: + ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}" + ) forwardedPorts); + qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ + "-drive" + "file=${image},index=0,media=disk,cache=unsafe" + "-snapshot" + "-netdev user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}" + ]); + in pkgs.writeShellScriptBin "wfvm-run-${name}" '' + set -e -m + ${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} & + + ${win-wait}/bin/win-wait + + ${script} + + echo "Shutting down..." + ${win-exec}/bin/win-exec 'shutdown /s' + echo "Waiting for VM to terminate..." + fg + echo "Done" + ''; + }; # end of utils + + # ============ + + # layers + layers = { + anaconda3 = { + name = "Anaconda3"; + script = let + Anaconda3 = pkgs.fetchurl { + name = "Anaconda3.exe"; + url = "https://repo.anaconda.com/archive/Anaconda3-2021.05-Windows-x86_64.exe"; + sha256 = "1lpk7k4gydyk524z1nk4rrninrwi20g2ias2njc9w0a40hwl5nwk"; + }; + in + '' + ln -s ${Anaconda3} ./Anaconda3.exe + win-put Anaconda3.exe . + echo Running Anaconda installer... + win-exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3' + echo Anaconda installer finished + ''; + }; + msys2 = { + name = "MSYS2"; + buildInputs = [ pkgs.expect ]; + script = let + msys2 = pkgs.fetchurl { + name = "msys2.exe"; + url = "https://github.com/msys2/msys2-installer/releases/download/2020-06-02/msys2-x86_64-20200602.exe"; + sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4"; + }; + msys2-auto-install = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/msys2/msys2-installer/7b4b35f65904d03399d5dfb8fc4e5729b0b4d81f/auto-install.js"; + sha256 = "17fq1xprbs00j8wb4m0w1x4dvb48qb5hwa3zx77snlhw8226d81y"; + }; + in '' + ln -s ${msys2} ./msys2.exe + ln -s ${msys2-auto-install} ./auto-install.js + win-put msys2.exe . + win-put auto-install.js . + echo Running MSYS2 installer... + # work around MSYS2 installer bug that prevents it from closing at the end of unattended install + expect -c 'set timeout 600; spawn win-exec ".\\msys2.exe --script auto-install.js -v InstallPrefix=C:\\msys64"; expect FinishedPageCallback { close }' + echo MSYS2 installer finished + ''; + }; + msys2-packages = msys-packages: { + name = "MSYS2-packages"; + script = let + msys-packages-put = pkgs.lib.strings.concatStringsSep "\n" + (map (package: ''win-put ${package} 'msyspackages' '') msys-packages); + in + # Windows command line is so shitty it can't even do glob expansion. Why do people use Windows? + '' + win-exec 'mkdir msyspackages' + ${msys-packages-put} + cat > installmsyspackages.bat << EOF + set MSYS=c:\msys64 + set ARCH=64 + set PATH=%MSYS%\usr\bin;%MSYS%\mingw%ARCH%\bin;%PATH% + bash -c "pacman -U --noconfirm C:/Users/wfvm/msyspackages/*" + EOF + win-put installmsyspackages.bat . + win-exec installmsyspackages + ''; + }; + msvc = { + # Those instructions are vaguely correct: + # https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2019 + name = "MSVC"; + script = let + bootstrapper = pkgs.fetchurl { + name = "RESTRICTDIST-vs_Community.exe"; + url = "https://aka.ms/vs/16/release/vs_community.exe"; + sha256 = "0b3csxz0qsafnvc0d74ywfpralwz8chv4zf9k07akpm8lp8ycgq0"; + }; + # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. + download-vs = utils.wfvm-run { + name = "download-vs"; + image = makeWindowsImage { }; + isolateNetwork = false; + script = + '' + ln -s ${bootstrapper} vs_Community.exe + ${utils.win-put}/bin/win-put vs_Community.exe + rm vs_Community.exe + ${utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" + ${utils.win-get}/bin/win-get /c:/vslayout + ''; + }; + cache = pkgs.stdenv.mkDerivation { + name = "RESTRICTDIST-vs"; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag"; + + phases = [ "buildPhase" ]; + buildInputs = [ download-vs ]; + buildPhase = + '' + mkdir $out + cd $out + wfvm-run-download-vs + ''; + }; + in + '' + ln -s ${cache}/vslayout vslayout + win-put vslayout /c:/ + echo "Running Visual Studio installer" + win-exec "cd \vslayout && start /wait vs_Community.exe --passive --wait && echo %errorlevel%" + ''; + }; + # You need to run the IDE at least once or else most of the Visual Studio trashware won't actually work. + # With the /ResetSettings flag, it will actually start without pestering you about opening a Microsoft account. + msvc-ide-unbreak = { + name = "MSVC-ide-unbreak"; + script = + '' + win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE" && devenv /ResetSettings' + sleep 40 + ''; + }; + # Disable the Windows firewall + disable-firewall = { + name = "disable-firewall"; + script = '' + echo Disabling firewall + win-exec "netsh advfirewall set allprofiles state off" + ''; + }; + # Disable automatic power management which causes the machine to go + # into standby after periods without mouse wiggling. + disable-autosleep = { + name = "disable-autosleep"; + script = '' + echo Disabling autosleep + win-exec "powercfg /x -hibernate-timeout-ac 0" + win-exec "powercfg /x -hibernate-timeout-dc 0" + win-exec "powercfg /x -disk-timeout-ac 0" + win-exec "powercfg /x -disk-timeout-dc 0" + win-exec "powercfg /x -monitor-timeout-ac 0" + win-exec "powercfg /x -monitor-timeout-dc 0" + win-exec "powercfg /x -standby-timeout-ac 0" + win-exec "powercfg /x -standby-timeout-dc 0" + ''; + }; + # Turn off automatic locking of idle user sessions + disable-autolock = { + name = "disable-autolock"; + script = '' + echo Disabling autolock + win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" + ''; + }; + # Don't let Windows start completely rewriting gigabytes of disk + # space. Defragmentation increases the size of our qcow layers + # needlessly. + disable-scheduled-defrag = { + name = "disable-scheduled-defrag"; + script = '' + echo Disabling scheduled defragmentation service + win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"' + ''; + }; + + # Chain together layers that are quick to run so that the VM does + # not have to be started/shutdown for each. + collapseLayers = scripts: { + name = pkgs.lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; + script = builtins.concatStringsSep "\n" ( + map ({ script, ... }: script) scripts + ); + buildInputs = + builtins.concatMap ({ buildInputs ? [], ... }: buildInputs) scripts; + }; + }; # end of layers + + # ============ + + # makeWindowsImage + makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {} + , impureMode ? false, installCommands ? [] + , users ? {} + # autounattend always installs index 1, so this default is backward-compatible + , imageSelection ? "Windows 10 Pro" + , ... + }@attrs: + let + lib = pkgs.lib; + libguestfs = pkgs.libguestfs-with-appliance; + + # p7zip on >20.03 has known vulns but we have no better option + p7zip = pkgs.p7zip.overrideAttrs(old: { + meta = old.meta // { + knownVulnerabilities = []; + }; + }); + + runQemuCommand = name: command: ( + pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; } + ( + '' + if ! test -f; then + echo "KVM not available, bailing out" >> /dev/stderr + exit 1 + fi + '' + command + ) + ); + + windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { + name = "Win10_21H1_English_x64.iso"; + sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; + message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; + }; + + # stable as of 2021-04-08 + virtioWinIso = pkgs.fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso"; + sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; + }; + + openSshServerPackage = pkgs.fetchurl { + url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"; + sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; + }; + + autounattend = import ./autounattend.nix ( + attrs // { + inherit pkgs; + users = users // { + wfvm = { + password = "1234"; + description = "WFVM Administrator"; + groups = [ + "Administrators" + ]; + }; + }; + } + ); + + # bundle + bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' + mkdir bundle + cd bundle + cp ${./bundle/go.mod} go.mod + cp ${./bundle/main.go} main.go + env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build + mv bundle.exe $out + ''; + + # Packages required to drive installation of other packages + bootstrapPkgs = + runQemuCommand "bootstrap-win-pkgs.img" '' + 7z x -y ${virtioWinIso} -opkgs/virtio + + cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" + + # Install optional windows features + cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip + + # SSH setup script goes here because windows XML parser sucks + cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 + cp ${autounattend.setupScript} pkgs/setup.ps1 + + virt-make-fs --partition --type=fat pkgs/ $out + ''; + + installScript = pkgs.writeScript "windows-install-script" ( + let + qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ + # "CD" drive with bootstrap pkgs + "-drive" + "id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on" + "-device" + "usb-storage,drive=virtio-win" + # USB boot + "-drive" + "id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}" + "-device" + "usb-storage,drive=win-install" + # Output image + "-drive" + "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" + # Network + "-netdev user,id=n1,net=192.168.1.0/24,restrict=on" + ]); + in + '' + #!${pkgs.runtimeShell} + set -euxo pipefail + export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs pkgs.wimlib ]}:$PATH + + # Create a bootable "USB" image + # Booting in USB mode circumvents the "press any key to boot from cdrom" prompt + # + # Also embed the autounattend answer file in this image + mkdir -p win + mkdir -p win/nix-win + 7z x -y ${windowsIso} -owin + + # Split image so it fits in FAT32 partition + wimsplit win/sources/install.wim win/sources/install.swm 4090 + rm win/sources/install.wim + + cp ${autounattend.autounattendXML} win/autounattend.xml + + ${if efi then '' + virt-make-fs --partition --type=fat win/ usbimage.img + '' else '' + ${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/ + ''} + rm -rf win + + # Qemu requires files to be rw + qemu-img create -f qcow2 c.img ${diskImageSize} + qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} + '' + ); + + baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} '' + ${installScript} + mv c.img $out + ''; + + finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" { + buildInputs = with utils; [ + qemu win-wait win-exec win-put + ] ++ (v.buildInputs or []); + } (let + script = pkgs.writeScript "${v.name}-script" v.script; + qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ + # Output image + "-drive" + "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" + # Network - enable SSH forwarding + "-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22" + ]); + + in '' + # Create an image referencing the previous image in the chain + qemu-img create -f qcow2 -b ${acc} c.img + + set -m + qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & + + win-wait + + echo "Executing script to build layer..." + ${script} + echo "Layer script done" + + echo "Shutting down..." + win-exec 'shutdown /s' + echo "Waiting for VM to terminate..." + fg + echo "Done" + + mv c.img $out + '')) baseImage ( + [ + { + name = "DisablePasswordExpiry"; + script = '' + win-exec 'wmic UserAccount set PasswordExpires=False' + ''; + } + ] ++ + installCommands + ); + in + if !(impureMode) then finalImage else assert installCommands == []; installScript; + # end of makeWindowsImage + + in { + inherit utils; + inherit makeWindowsImage; + + demo-ssh = utils.wfvm-run { + name = "demo-ssh"; + image = import ./demo-image.nix { inherit pkgs; }; + isolateNetwork = false; + script = '' + ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + ''; + }; + + packages.x86_64-linux = { + demo-image = makeWindowsImage { + # Build install script & skip building iso + impureMode = false; + + # Custom base iso + # windowsImage = pkgs.requireFile rec { + # name = "Win10_21H1_English_x64.iso"; + # sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; + # message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; + # }; + + # impureShellCommands = [ + # "powershell.exe echo Hello" + # ]; + + # User accounts + # users = { + # artiq = { + # password = "1234"; + # # description = "Default user"; + # # displayName = "Display name"; + # groups = [ + # "Administrators" + # ]; + # }; + # }; + + # Auto login + # defaultUser = "artiq"; + + # fullName = "M-Labs"; + # organization = "m-labs"; + # administratorPassword = "12345"; + + # Imperative installation commands, to be installed incrementally + installCommands = with layers; [ + (collapseLayers [ + disable-autosleep + disable-autolock + disable-firewall + ]) + anaconda3 msys2 msvc msvc-ide-unbreak + ]; + + # services = { + # # Enable remote management + # WinRm = { + # Status = "Running"; + # PassThru = true; + # }; + # }; + + # License key (required) + # productKey = throw "Search the f* web" + imageSelection = "Windows 10 Pro"; + + + # Locales + # uiLanguage = "en-US"; + # inputLocale = "en-US"; + # userLocale = "en-US"; + # systemLocale = "en-US"; + }; + + make-msys-packages = utils.wfvm-run { + name = "get-msys-packages"; + image = makeWindowsImage { installCommands = [ layers.msys2 ]; }; + script = '' + cat > getmsyspackages.bat << EOF + set MSYS=C:\\MSYS64 + set TOOLPREF=mingw-w64-x86_64- + set PATH=%MSYS%\usr\bin;%MSYS%\mingw64\bin;%PATH% + pacman -Sp %TOOLPREF%gcc %TOOLPREF%binutils make autoconf automake libtool texinfo > packages.txt + EOF + \${utils.win-put}/bin/win-put getmsyspackages.bat + \${utils.win-exec}/bin/win-exec getmsyspackages + \${utils.win-get}/bin/win-get packages.txt + ''; + }; + }; + }; +} \ No newline at end of file -- 2.42.0 From ced84432cd341991ff08001ab4f7aec1f5dc4c0e Mon Sep 17 00:00:00 2001 From: mwojcik Date: Thu, 17 Feb 2022 16:07:06 +0800 Subject: [PATCH 02/12] flake: move autounnatend, move files out from wfvm --- {wfvm/bundle => bundle}/default.nix | 0 {wfvm/bundle => bundle}/go.mod | 0 {wfvm/bundle => bundle}/main.go | 0 {wfvm/bundle => bundle}/shell.nix | 0 flake.nix | 396 ++++++++++++++++-- {wfvm/layers => layers}/default.nix | 0 {wfvm/layers => layers}/make_msys_packages.sh | 0 wfvm/autounattend.nix | 325 -------------- 8 files changed, 366 insertions(+), 355 deletions(-) rename {wfvm/bundle => bundle}/default.nix (100%) rename {wfvm/bundle => bundle}/go.mod (100%) rename {wfvm/bundle => bundle}/main.go (100%) rename {wfvm/bundle => bundle}/shell.nix (100%) rename {wfvm/layers => layers}/default.nix (100%) rename {wfvm/layers => layers}/make_msys_packages.sh (100%) delete mode 100644 wfvm/autounattend.nix diff --git a/wfvm/bundle/default.nix b/bundle/default.nix similarity index 100% rename from wfvm/bundle/default.nix rename to bundle/default.nix diff --git a/wfvm/bundle/go.mod b/bundle/go.mod similarity index 100% rename from wfvm/bundle/go.mod rename to bundle/go.mod diff --git a/wfvm/bundle/main.go b/bundle/main.go similarity index 100% rename from wfvm/bundle/main.go rename to bundle/main.go diff --git a/wfvm/bundle/shell.nix b/bundle/shell.nix similarity index 100% rename from wfvm/bundle/shell.nix rename to bundle/shell.nix diff --git a/flake.nix b/flake.nix index af1b4a5..3d82254 100644 --- a/flake.nix +++ b/flake.nix @@ -297,6 +297,333 @@ # ============ + # autounattend + build-autounattend = { fullName ? "John Doe" + , organization ? "KVM Authority" + , administratorPassword ? "123456" + , uiLanguage ? "en-US" + , inputLocale ? "en-US" + , userLocale ? "en-US" + , systemLocale ? "en-US" + , users ? { wfvm = { password = "1234"; + description = "WFVM Administrator"; + groups = [ "Administrators" ]; }; } + , productKey ? null + , defaultUser ? "wfvm" + , setupCommands ? [] + , timeZone ? "UTC" + , services ? {} + , impureShellCommands ? [] + , driveLetter ? "D:" + , imageSelection ? "Windows 10 Pro" + , ... + }: + + let + lib = pkgs.lib; + serviceCommands = lib.mapAttrsToList ( + serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + ( + lib.concatStringsSep " " ( + ( + lib.mapAttrsToList ( + n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}" + ) + ) ( + # Always run without interaction + { Force = true; } // attrs + ) + ) + ) + ) services; + + sshSetupCommands = + # let + # makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users; + # writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let + # commands = [ + # ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' '' + # ]; + # in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users); + # mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs; + # writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys; + # in + # mkDirsDesc ++ writeKeysDesc ++ + [ + { + Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; + Description = "Install OpenSSH service."; + } + ]; + + assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c; + + commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) ( + [ + { + Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted"; + Description = "Allow unsigned powershell scripts."; + } + ] + ++ [ + { + Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe''; + Description = "Install any declared packages."; + } + ] + ++ setupCommands + ++ [ + { + Path = ''powershell.exe ${driveLetter}\setup.ps1''; + Description = "Setup SSH and keys"; + } + ] + ++ serviceCommands + ++ impureShellCommands + ); + + mkCommand = attrs: '' + + ${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}") attrs)} + + ''; + mkCommands = commands: ( + builtins.foldl' ( + acc: v: rec { + i = acc.i + 1; + values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ]; + } + ) { + i = 0; + values = []; + } commands + ).values; + + mkUser = + { name + , password + , description ? "" + , displayName ? "" + , groups ? [] + # , sshKeys ? [] # Handled in scripts + }: '' + + + ${password} + true</PlainText> + </Password> + <Description>${description}</Description> + <DisplayName>${displayName}</DisplayName> + <Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group> + <Name>${name}</Name> + </LocalAccount> + ''; + + # Windows expects a flat list of users while we want to manage them as a set + flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users); + + diskId = + if efi then 2 else 1; + + autounattendXML = pkgs.writeText "autounattend.xml" '' + <?xml version="1.0" encoding="utf-8"?> + <unattend xmlns="urn:schemas-microsoft-com:unattend"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <DriverPaths> + <PathAndCredentials wcm:action="add" wcm:keyValue="1"> + <Path>D:\</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="2"> + <Path>E:\</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="3"> + <Path>C:\virtio\amd64\w10</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="4"> + <Path>C:\virtio\NetKVM\w10\amd64</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="5"> + <Path>C:\virtio\qxldod\w10\amd64</Path> + </PathAndCredentials> + </DriverPaths> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + <DiskConfiguration> + <Disk wcm:action="add"> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>${if efi then "EFI" else "Primary"}</Type> + <Size>300</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>${if efi then "MSR" else "Primary"}</Type> + <Size>16</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <Format>${if efi then "FAT32" else "NTFS"}</Format> + <Label>System</Label> + <PartitionID>1</PartitionID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <PartitionID>3</PartitionID> + </ModifyPartition> + </ModifyPartitions> + <DiskID>${toString diskId}</DiskID> + <WillWipeDisk>true</WillWipeDisk> + </Disk> + </DiskConfiguration> + + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>${toString diskId}</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>${imageSelection}</Value> + </MetaData> + </InstallFrom> + </OSImage> + </ImageInstall> + + <UserData> + <ProductKey> + ${if productKey != null then "<Key>${productKey}</Key>" else ""} + <WillShowUI>OnError</WillShowUI> + </ProductKey> + <AcceptEula>true</AcceptEula> + <FullName>${fullName}</FullName> + <Organization>${organization}</Organization> + </UserData> + + </component> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <SetupUILanguage> + <UILanguage>${uiLanguage}</UILanguage> + </SetupUILanguage> + <InputLocale>${inputLocale}</InputLocale> + <SystemLocale>${systemLocale}</SystemLocale> + <UILanguage>${uiLanguage}</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>${userLocale}</UserLocale> + </component> + </settings> + + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <InputLocale>${inputLocale}</InputLocale> + <SystemLocale>${systemLocale}</SystemLocale> + <UILanguage>${uiLanguage}</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>${userLocale}</UserLocale> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <ProtectYourPC>1</ProtectYourPC> + </OOBE> + <TimeZone>${timeZone}</TimeZone> + + <UserAccounts> + ${if administratorPassword != null then '' + <AdministratorPassword> + <Value>${administratorPassword}</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + '' else ""} + <LocalAccounts> + ${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)} + </LocalAccounts> + </UserAccounts> + + ${if defaultUser == null then "" else '' + <AutoLogon> + <Password> + <Value>${(builtins.getAttr defaultUser users).password}</Value> + <PlainText>true</PlainText> + </Password> + <Enabled>true</Enabled> + <Username>${defaultUser}</Username> + </AutoLogon> + ''} + + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <Reseal> + <ForceShutdownNow>true</ForceShutdownNow> + <Mode>OOBE</Mode> + </Reseal> + </component> + </settings> + + <settings pass="specialize"> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <RunSynchronous> + ${lib.concatStringsSep "\n" (mkCommands commands)} + </RunSynchronous> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <CEIPEnabled>0</CEIPEnabled> + </component> + </settings> + + <!-- Disable Windows UAC --> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + + <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> + </unattend> + ''; + + in { + # Lint and format as a sanity check + autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} '' + ${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out + ''; + + # autounattend.xml is _super_ picky about quotes and other things + setupScript = pkgs.writeText "setup.ps1" ( + '' + # Setup SSH and keys + '' + + lib.concatStrings ( + builtins.map (c: '' + # ${c.Description} + ${c.Path} + '') sshSetupCommands + ) + ); + }; + # ============ + # makeWindowsImage makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {} , impureMode ? false, installCommands ? [] @@ -345,20 +672,16 @@ sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; }; - autounattend = import ./autounattend.nix ( - attrs // { - inherit pkgs; - users = users // { - wfvm = { - password = "1234"; - description = "WFVM Administrator"; - groups = [ - "Administrators" - ]; - }; + autounattend = build-autounattend attrs // { + users = users // { wfvm = { + password = "1234"; + description = "WFVM Administrator"; + groups = [ + "Administrators" + ]; }; - } - ); + }; + }; # bundle bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' @@ -493,23 +816,8 @@ if !(impureMode) then finalImage else assert installCommands == []; installScript; # end of makeWindowsImage - in { - inherit utils; - inherit makeWindowsImage; - - demo-ssh = utils.wfvm-run { - name = "demo-ssh"; - image = import ./demo-image.nix { inherit pkgs; }; - isolateNetwork = false; - script = '' - ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null - ''; - }; - - packages.x86_64-linux = { - demo-image = makeWindowsImage { + build-demo-image = { impureMode ? false }: makeWindowsImage { # Build install script & skip building iso - impureMode = false; # Custom base iso # windowsImage = pkgs.requireFile rec { @@ -563,7 +871,6 @@ # productKey = throw "Search the f* web" imageSelection = "Windows 10 Pro"; - # Locales # uiLanguage = "en-US"; # inputLocale = "en-US"; @@ -571,6 +878,35 @@ # systemLocale = "en-US"; }; + in { + + # bundle dev env + devShell.x86_64-linux = pkgs.mkShell { + name = "wfvm-dev-shell"; + buildInputs = with pkgs; [ + go + ]; + shellHook = '' + unset GOPATH + ''; + }; + + inherit utils; + inherit makeWindowsImage; + + demo-ssh = utils.wfvm-run { + name = "demo-ssh"; + image = import ./demo-image.nix { inherit pkgs; }; + isolateNetwork = false; + script = '' + ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + ''; + }; + + packages.x86_64-linux = { + demo-image = build-demo-image {}; + demo-image-impure = build-demo-image { impureMode = true; }; + make-msys-packages = utils.wfvm-run { name = "get-msys-packages"; image = makeWindowsImage { installCommands = [ layers.msys2 ]; }; diff --git a/wfvm/layers/default.nix b/layers/default.nix similarity index 100% rename from wfvm/layers/default.nix rename to layers/default.nix diff --git a/wfvm/layers/make_msys_packages.sh b/layers/make_msys_packages.sh similarity index 100% rename from wfvm/layers/make_msys_packages.sh rename to layers/make_msys_packages.sh diff --git a/wfvm/autounattend.nix b/wfvm/autounattend.nix deleted file mode 100644 index 99b0429..0000000 --- a/wfvm/autounattend.nix +++ /dev/null @@ -1,325 +0,0 @@ -{ pkgs -, fullName ? "John Doe" -, organization ? "KVM Authority" -, administratorPassword ? "123456" -, uiLanguage ? "en-US" -, inputLocale ? "en-US" -, userLocale ? "en-US" -, systemLocale ? "en-US" -, users ? {} -, productKey ? null -, defaultUser ? "wfvm" -, setupCommands ? [] -, timeZone ? "UTC" -, services ? {} -, impureShellCommands ? [] -, driveLetter ? "D:" -, efi ? true -, imageSelection ? "Windows 10 Pro" -, ... -}: - -let - lib = pkgs.lib; - serviceCommands = lib.mapAttrsToList ( - serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + ( - lib.concatStringsSep " " ( - ( - lib.mapAttrsToList ( - n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}" - ) - ) ( - # Always run without interaction - { Force = true; } // attrs - ) - ) - ) - ) services; - - sshSetupCommands = - # let - # makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users; - # writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let - # commands = [ - # ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' '' - # ]; - # in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users); - # mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs; - # writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys; - # in - # mkDirsDesc ++ writeKeysDesc ++ - [ - { - Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; - Description = "Install OpenSSH service."; - } - ]; - - assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c; - - commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) ( - [ - { - Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted"; - Description = "Allow unsigned powershell scripts."; - } - ] - ++ [ - { - Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe''; - Description = "Install any declared packages."; - } - ] - ++ setupCommands - ++ [ - { - Path = ''powershell.exe ${driveLetter}\setup.ps1''; - Description = "Setup SSH and keys"; - } - ] - ++ serviceCommands - ++ impureShellCommands - ); - - mkCommand = attrs: '' - <RunSynchronousCommand wcm:action="add"> - ${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)} - </RunSynchronousCommand> - ''; - mkCommands = commands: ( - builtins.foldl' ( - acc: v: rec { - i = acc.i + 1; - values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ]; - } - ) { - i = 0; - values = []; - } commands - ).values; - - mkUser = - { name - , password - , description ? "" - , displayName ? "" - , groups ? [] - # , sshKeys ? [] # Handled in scripts - }: '' - <LocalAccount wcm:action="add"> - <Password> - <Value>${password}</Value> - <PlainText>true</PlainText> - </Password> - <Description>${description}</Description> - <DisplayName>${displayName}</DisplayName> - <Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group> - <Name>${name}</Name> - </LocalAccount> - ''; - - # Windows expects a flat list of users while we want to manage them as a set - flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users); - - diskId = - if efi then 2 else 1; - - autounattendXML = pkgs.writeText "autounattend.xml" '' - <?xml version="1.0" encoding="utf-8"?> - <unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DriverPaths> - <PathAndCredentials wcm:action="add" wcm:keyValue="1"> - <Path>D:\</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="2"> - <Path>E:\</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="3"> - <Path>C:\virtio\amd64\w10</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="4"> - <Path>C:\virtio\NetKVM\w10\amd64</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="5"> - <Path>C:\virtio\qxldod\w10\amd64</Path> - </PathAndCredentials> - </DriverPaths> - </component> - <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Order>1</Order> - <Type>${if efi then "EFI" else "Primary"}</Type> - <Size>300</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>${if efi then "MSR" else "Primary"}</Type> - <Size>16</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>3</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Order>1</Order> - <Format>${if efi then "FAT32" else "NTFS"}</Format> - <Label>System</Label> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Order>3</Order> - <Format>NTFS</Format> - <Label>Windows</Label> - <Letter>C</Letter> - <PartitionID>3</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>${toString diskId}</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - - <ImageInstall> - <OSImage> - <InstallTo> - <DiskID>${toString diskId}</DiskID> - <PartitionID>3</PartitionID> - </InstallTo> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME</Key> - <Value>${imageSelection}</Value> - </MetaData> - </InstallFrom> - </OSImage> - </ImageInstall> - - <UserData> - <ProductKey> - ${if productKey != null then "<Key>${productKey}</Key>" else ""} - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>${fullName}</FullName> - <Organization>${organization}</Organization> - </UserData> - - </component> - <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SetupUILanguage> - <UILanguage>${uiLanguage}</UILanguage> - </SetupUILanguage> - <InputLocale>${inputLocale}</InputLocale> - <SystemLocale>${systemLocale}</SystemLocale> - <UILanguage>${uiLanguage}</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>${userLocale}</UserLocale> - </component> - </settings> - - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <InputLocale>${inputLocale}</InputLocale> - <SystemLocale>${systemLocale}</SystemLocale> - <UILanguage>${uiLanguage}</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>${userLocale}</UserLocale> - </component> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <TimeZone>${timeZone}</TimeZone> - - <UserAccounts> - ${if administratorPassword != null then '' - <AdministratorPassword> - <Value>${administratorPassword}</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - '' else ""} - <LocalAccounts> - ${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)} - </LocalAccounts> - </UserAccounts> - - ${if defaultUser == null then "" else '' - <AutoLogon> - <Password> - <Value>${(builtins.getAttr defaultUser users).password}</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>${defaultUser}</Username> - </AutoLogon> - ''} - - </component> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <Reseal> - <ForceShutdownNow>true</ForceShutdownNow> - <Mode>OOBE</Mode> - </Reseal> - </component> - </settings> - - <settings pass="specialize"> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <RunSynchronous> - ${lib.concatStringsSep "\n" (mkCommands commands)} - </RunSynchronous> - </component> - <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <CEIPEnabled>0</CEIPEnabled> - </component> - </settings> - - <!-- Disable Windows UAC --> - <settings pass="offlineServicing"> - <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - - <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> - </unattend> - ''; - -in { - # Lint and format as a sanity check - autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} '' - ${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out - ''; - - # autounattend.xml is _super_ picky about quotes and other things - setupScript = pkgs.writeText "setup.ps1" ( - '' - # Setup SSH and keys - '' + - lib.concatStrings ( - builtins.map (c: '' - # ${c.Description} - ${c.Path} - '') sshSetupCommands - ) - ); - -} -- 2.42.0 From 35dea5d8a62a8e548601c345808d7c1625565ad1 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Thu, 17 Feb 2022 16:49:36 +0800 Subject: [PATCH 03/12] flake: clean up files, fix errors --- README.md | 13 +- bundle/default.nix | 10 -- bundle/shell.nix | 13 -- flake.nix | 25 +-- wfvm/install-ssh.ps1 => install-ssh.ps1 | 0 layers/default.nix | 178 --------------------- wfvm/default.nix | 7 - wfvm/demo-image.nix | 72 --------- wfvm/demo-ssh.nix | 13 -- wfvm/utils.nix | 108 ------------- wfvm/win.nix | 195 ------------------------ 11 files changed, 17 insertions(+), 617 deletions(-) delete mode 100644 bundle/default.nix delete mode 100644 bundle/shell.nix rename wfvm/install-ssh.ps1 => install-ssh.ps1 (100%) delete mode 100644 layers/default.nix delete mode 100644 wfvm/default.nix delete mode 100644 wfvm/demo-image.nix delete mode 100644 wfvm/demo-ssh.nix delete mode 100644 wfvm/utils.nix delete mode 100644 wfvm/win.nix diff --git a/README.md b/README.md index 4b8e9c8..9dbd617 100644 --- a/README.md +++ b/README.md @@ -28,21 +28,14 @@ How to use Install a Windows image ----------------------- -1. Adjust demo-image.nix accordingly +1. Adjust demo-image in ``flake.nix`` accordingly 2. Run: -If in impure mode ```shell -nix-build demo-image.nix +nix build .#demo-image ./result ``` -Results in a file called c.img -If in pure mode -```shell -nix-build demo-image.nix -ls -la ./result -``` Results in a symlink to the image in the nix store @@ -52,3 +45,5 @@ Impure/pure mode Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes. For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image. + +When building an image with flakes, use ``nix build .#demo-image-impure`` instead. \ No newline at end of file diff --git a/bundle/default.nix b/bundle/default.nix deleted file mode 100644 index 16a0fed..0000000 --- a/bundle/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs }: - -pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' - mkdir bundle - cd bundle - cp ${./go.mod} go.mod - cp ${./main.go} main.go - env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build - mv bundle.exe $out -'' diff --git a/bundle/shell.nix b/bundle/shell.nix deleted file mode 100644 index 20c60ed..0000000 --- a/bundle/shell.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs ? import <nixpkgs> {} }: - -pkgs.mkShell { - - buildInputs = [ - pkgs.go - ]; - - shellHook = '' - unset GOPATH - ''; - -} diff --git a/flake.nix b/flake.nix index 3d82254..e655aee 100644 --- a/flake.nix +++ b/flake.nix @@ -622,7 +622,18 @@ ) ); }; - # ============ + # /autounattend ============ + + # bundle + bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' + mkdir bundle + cd bundle + cp ${./bundle/go.mod} go.mod + cp ${./bundle/main.go} main.go + env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build + mv bundle.exe $out + ''; + # /bundle =========== # makeWindowsImage makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {} @@ -683,16 +694,6 @@ }; }; - # bundle - bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' - mkdir bundle - cd bundle - cp ${./bundle/go.mod} go.mod - cp ${./bundle/main.go} main.go - env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build - mv bundle.exe $out - ''; - # Packages required to drive installation of other packages bootstrapPkgs = runQemuCommand "bootstrap-win-pkgs.img" '' @@ -704,7 +705,7 @@ cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip # SSH setup script goes here because windows XML parser sucks - cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 + cp ${self}/install-ssh.ps1 pkgs/install-ssh.ps1 cp ${autounattend.setupScript} pkgs/setup.ps1 virt-make-fs --partition --type=fat pkgs/ $out diff --git a/wfvm/install-ssh.ps1 b/install-ssh.ps1 similarity index 100% rename from wfvm/install-ssh.ps1 rename to install-ssh.ps1 diff --git a/layers/default.nix b/layers/default.nix deleted file mode 100644 index a9068a6..0000000 --- a/layers/default.nix +++ /dev/null @@ -1,178 +0,0 @@ -{ pkgs }: -let - wfvm = import ../. { inherit pkgs; }; -in -{ - anaconda3 = { - name = "Anaconda3"; - script = let - Anaconda3 = pkgs.fetchurl { - name = "Anaconda3.exe"; - url = "https://repo.anaconda.com/archive/Anaconda3-2021.05-Windows-x86_64.exe"; - sha256 = "1lpk7k4gydyk524z1nk4rrninrwi20g2ias2njc9w0a40hwl5nwk"; - }; - in - '' - ln -s ${Anaconda3} ./Anaconda3.exe - win-put Anaconda3.exe . - echo Running Anaconda installer... - win-exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3' - echo Anaconda installer finished - ''; - }; - msys2 = { - name = "MSYS2"; - buildInputs = [ pkgs.expect ]; - script = let - msys2 = pkgs.fetchurl { - name = "msys2.exe"; - url = "https://github.com/msys2/msys2-installer/releases/download/2020-06-02/msys2-x86_64-20200602.exe"; - sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4"; - }; - msys2-auto-install = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/msys2/msys2-installer/7b4b35f65904d03399d5dfb8fc4e5729b0b4d81f/auto-install.js"; - sha256 = "17fq1xprbs00j8wb4m0w1x4dvb48qb5hwa3zx77snlhw8226d81y"; - }; - in '' - ln -s ${msys2} ./msys2.exe - ln -s ${msys2-auto-install} ./auto-install.js - win-put msys2.exe . - win-put auto-install.js . - echo Running MSYS2 installer... - # work around MSYS2 installer bug that prevents it from closing at the end of unattended install - expect -c 'set timeout 600; spawn win-exec ".\\msys2.exe --script auto-install.js -v InstallPrefix=C:\\msys64"; expect FinishedPageCallback { close }' - echo MSYS2 installer finished - ''; - }; - msys2-packages = msys-packages: { - name = "MSYS2-packages"; - script = let - msys-packages-put = pkgs.lib.strings.concatStringsSep "\n" - (map (package: ''win-put ${package} 'msyspackages' '') msys-packages); - in - # Windows command line is so shitty it can't even do glob expansion. Why do people use Windows? - '' - win-exec 'mkdir msyspackages' - ${msys-packages-put} - cat > installmsyspackages.bat << EOF - set MSYS=c:\msys64 - set ARCH=64 - set PATH=%MSYS%\usr\bin;%MSYS%\mingw%ARCH%\bin;%PATH% - bash -c "pacman -U --noconfirm C:/Users/wfvm/msyspackages/*" - EOF - win-put installmsyspackages.bat . - win-exec installmsyspackages - ''; - }; - msvc = { - # Those instructions are vaguely correct: - # https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2019 - name = "MSVC"; - script = let - bootstrapper = pkgs.fetchurl { - name = "RESTRICTDIST-vs_Community.exe"; - url = "https://aka.ms/vs/16/release/vs_community.exe"; - sha256 = "0b3csxz0qsafnvc0d74ywfpralwz8chv4zf9k07akpm8lp8ycgq0"; - }; - # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. - download-vs = wfvm.utils.wfvm-run { - name = "download-vs"; - image = wfvm.makeWindowsImage { }; - isolateNetwork = false; - script = - '' - ln -s ${bootstrapper} vs_Community.exe - ${wfvm.utils.win-put}/bin/win-put vs_Community.exe - rm vs_Community.exe - ${wfvm.utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" - ${wfvm.utils.win-get}/bin/win-get /c:/vslayout - ''; - }; - cache = pkgs.stdenv.mkDerivation { - name = "RESTRICTDIST-vs"; - - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag"; - - phases = [ "buildPhase" ]; - buildInputs = [ download-vs ]; - buildPhase = - '' - mkdir $out - cd $out - wfvm-run-download-vs - ''; - }; - in - '' - ln -s ${cache}/vslayout vslayout - win-put vslayout /c:/ - echo "Running Visual Studio installer" - win-exec "cd \vslayout && start /wait vs_Community.exe --passive --wait && echo %errorlevel%" - ''; - }; - # You need to run the IDE at least once or else most of the Visual Studio trashware won't actually work. - # With the /ResetSettings flag, it will actually start without pestering you about opening a Microsoft account. - msvc-ide-unbreak = { - name = "MSVC-ide-unbreak"; - script = - '' - win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE" && devenv /ResetSettings' - sleep 40 - ''; - }; - # Disable the Windows firewall - disable-firewall = { - name = "disable-firewall"; - script = '' - echo Disabling firewall - win-exec "netsh advfirewall set allprofiles state off" - ''; - }; - # Disable automatic power management which causes the machine to go - # into standby after periods without mouse wiggling. - disable-autosleep = { - name = "disable-autosleep"; - script = '' - echo Disabling autosleep - win-exec "powercfg /x -hibernate-timeout-ac 0" - win-exec "powercfg /x -hibernate-timeout-dc 0" - win-exec "powercfg /x -disk-timeout-ac 0" - win-exec "powercfg /x -disk-timeout-dc 0" - win-exec "powercfg /x -monitor-timeout-ac 0" - win-exec "powercfg /x -monitor-timeout-dc 0" - win-exec "powercfg /x -standby-timeout-ac 0" - win-exec "powercfg /x -standby-timeout-dc 0" - ''; - }; - # Turn off automatic locking of idle user sessions - disable-autolock = { - name = "disable-autolock"; - script = '' - echo Disabling autolock - win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" - ''; - }; - # Don't let Windows start completely rewriting gigabytes of disk - # space. Defragmentation increases the size of our qcow layers - # needlessly. - disable-scheduled-defrag = { - name = "disable-scheduled-defrag"; - script = '' - echo Disabling scheduled defragmentation service - win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"' - ''; - }; - - # Chain together layers that are quick to run so that the VM does - # not have to be started/shutdown for each. - collapseLayers = scripts: { - name = pkgs.lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; - script = builtins.concatStringsSep "\n" ( - map ({ script, ... }: script) scripts - ); - buildInputs = - builtins.concatMap ({ buildInputs ? [], ... }: buildInputs) scripts; - }; -} diff --git a/wfvm/default.nix b/wfvm/default.nix deleted file mode 100644 index 7846583..0000000 --- a/wfvm/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs }: - -{ - makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs); - layers = (import ./layers { inherit pkgs; }); - utils = (import ./utils.nix { inherit pkgs; }); -} diff --git a/wfvm/demo-image.nix b/wfvm/demo-image.nix deleted file mode 100644 index a928de1..0000000 --- a/wfvm/demo-image.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ pkgs ? import <nixpkgs> {}, impureMode ? false }: - -let - wfvm = (import ./default.nix { inherit pkgs; }); -in -wfvm.makeWindowsImage { - # Build install script & skip building iso - inherit impureMode; - - # Custom base iso - # windowsImage = pkgs.requireFile rec { - # name = "Win10_21H1_English_x64.iso"; - # sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; - # message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; - # }; - - # impureShellCommands = [ - # "powershell.exe echo Hello" - # ]; - - # User accounts - # users = { - # artiq = { - # password = "1234"; - # # description = "Default user"; - # # displayName = "Display name"; - # groups = [ - # "Administrators" - # ]; - # }; - # }; - - # Auto login - # defaultUser = "artiq"; - - # fullName = "M-Labs"; - # organization = "m-labs"; - # administratorPassword = "12345"; - - # Imperative installation commands, to be installed incrementally - installCommands = - if impureMode - then [] - else with wfvm.layers; [ - (collapseLayers [ - disable-autosleep - disable-autolock - disable-firewall - ]) - anaconda3 msys2 msvc msvc-ide-unbreak - ]; - - # services = { - # # Enable remote management - # WinRm = { - # Status = "Running"; - # PassThru = true; - # }; - # }; - - # License key (required) - # productKey = throw "Search the f* web" - imageSelection = "Windows 10 Pro"; - - - # Locales - # uiLanguage = "en-US"; - # inputLocale = "en-US"; - # userLocale = "en-US"; - # systemLocale = "en-US"; - -} diff --git a/wfvm/demo-ssh.nix b/wfvm/demo-ssh.nix deleted file mode 100644 index 47c60e4..0000000 --- a/wfvm/demo-ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs ? import <nixpkgs> {} }: - -let - wfvm = (import ./default.nix { inherit pkgs; }); -in - wfvm.utils.wfvm-run { - name = "demo-ssh"; - image = import ./demo-image.nix { inherit pkgs; }; - isolateNetwork = false; - script = '' - ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null - ''; - } diff --git a/wfvm/utils.nix b/wfvm/utils.nix deleted file mode 100644 index 9039682..0000000 --- a/wfvm/utils.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ pkgs, baseRtc ? "2020-04-20T14:21:42", cores ? "4", qemuMem ? "4G", efi ? true }: - -rec { - # qemu_test is a smaller closure only building for a single system arch - qemu = pkgs.qemu; - - mkQemuFlags = extraFlags: [ - "-enable-kvm" - "-cpu host" - "-smp ${cores}" - "-m ${qemuMem}" - "-M q35" - "-vga qxl" - "-rtc base=${baseRtc}" - "-device qemu-xhci" - "-device virtio-net-pci,netdev=n1" - ] ++ pkgs.lib.optionals efi [ - "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" - ] ++ extraFlags; - - # Pass empty config file to prevent ssh from failing to create ~/.ssh - sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1"; - win-exec = pkgs.writeShellScriptBin "win-exec" '' - set -e - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/ssh -np 2022 ${sshOpts} \ - wfvm@localhost \ - $1 - ''; - win-wait = pkgs.writeShellScriptBin "win-wait" '' - set -e - - # If the machine is not up within 10 minutes it's likely never coming up - timeout=600 - - # Wait for VM to be accessible - sleep 20 - echo "Waiting for SSH..." - while true; do - if test "$timeout" -eq 0; then - echo "SSH connection timed out" - exit 1 - fi - - output=$(${win-exec}/bin/win-exec 'echo|set /p="Ran command"' || echo "") - if test "$output" = "Ran command"; then - break - fi - - echo "Retrying in 1 second, timing out in $timeout seconds" - - ((timeout=$timeout-1)) - - sleep 1 - done - echo "SSH OK" - ''; - win-put = pkgs.writeShellScriptBin "win-put" '' - set -e - echo win-put $1 -\> $2 - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ - wfvm@localhost -b- << EOF - cd $2 - put $1 - EOF - ''; - win-get = pkgs.writeShellScriptBin "win-get" '' - set -e - echo win-get $1 - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ - wfvm@localhost:$1 . - ''; - - wfvm-run = { name, image, script, display ? false, isolateNetwork ? true, forwardedPorts ? [], fakeRtc ? true }: - let - restrict = - if isolateNetwork - then "on" - else "off"; - # use socat instead of `tcp:...` to allow multiple connections - guestfwds = - builtins.concatStringsSep "" - (map ({ listenAddr, targetAddr, port }: - ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}" - ) forwardedPorts); - qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ - "-drive" - "file=${image},index=0,media=disk,cache=unsafe" - "-snapshot" - "-netdev user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}" - ]); - in pkgs.writeShellScriptBin "wfvm-run-${name}" '' - set -e -m - ${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} & - - ${win-wait}/bin/win-wait - - ${script} - - echo "Shutting down..." - ${win-exec}/bin/win-exec 'shutdown /s' - echo "Waiting for VM to terminate..." - fg - echo "Done" - ''; -} diff --git a/wfvm/win.nix b/wfvm/win.nix deleted file mode 100644 index 0e153e4..0000000 --- a/wfvm/win.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ pkgs -, diskImageSize ? "70G" -, windowsImage ? null -, autoUnattendParams ? {} -, impureMode ? false -, installCommands ? [] -, users ? {} -# autounattend always installs index 1, so this default is backward-compatible -, imageSelection ? "Windows 10 Pro" -, efi ? true -, ... -}@attrs: - -let - lib = pkgs.lib; - utils = import ./utils.nix { inherit pkgs efi; }; - libguestfs = pkgs.libguestfs-with-appliance; - - # p7zip on >20.03 has known vulns but we have no better option - p7zip = pkgs.p7zip.overrideAttrs(old: { - meta = old.meta // { - knownVulnerabilities = []; - }; - }); - - runQemuCommand = name: command: ( - pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; } - ( - '' - if ! test -f; then - echo "KVM not available, bailing out" >> /dev/stderr - exit 1 - fi - '' + command - ) - ); - - windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { - name = "Win10_21H1_English_x64.iso"; - sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; - message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; - }; - - # stable as of 2021-04-08 - virtioWinIso = pkgs.fetchurl { - url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso"; - sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; - }; - - openSshServerPackage = pkgs.fetchurl { - url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"; - sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; - }; - - autounattend = import ./autounattend.nix ( - attrs // { - inherit pkgs; - users = users // { - wfvm = { - password = "1234"; - description = "WFVM Administrator"; - groups = [ - "Administrators" - ]; - }; - }; - } - ); - - bundleInstaller = pkgs.callPackage ./bundle {}; - - # Packages required to drive installation of other packages - bootstrapPkgs = - runQemuCommand "bootstrap-win-pkgs.img" '' - 7z x -y ${virtioWinIso} -opkgs/virtio - - cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" - - # Install optional windows features - cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip - - # SSH setup script goes here because windows XML parser sucks - cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 - cp ${autounattend.setupScript} pkgs/setup.ps1 - - virt-make-fs --partition --type=fat pkgs/ $out - ''; - - installScript = pkgs.writeScript "windows-install-script" ( - let - qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ - # "CD" drive with bootstrap pkgs - "-drive" - "id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on" - "-device" - "usb-storage,drive=virtio-win" - # USB boot - "-drive" - "id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}" - "-device" - "usb-storage,drive=win-install" - # Output image - "-drive" - "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" - # Network - "-netdev user,id=n1,net=192.168.1.0/24,restrict=on" - ]); - in - '' - #!${pkgs.runtimeShell} - set -euxo pipefail - export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs pkgs.wimlib ]}:$PATH - - # Create a bootable "USB" image - # Booting in USB mode circumvents the "press any key to boot from cdrom" prompt - # - # Also embed the autounattend answer file in this image - mkdir -p win - mkdir -p win/nix-win - 7z x -y ${windowsIso} -owin - - # Split image so it fits in FAT32 partition - wimsplit win/sources/install.wim win/sources/install.swm 4090 - rm win/sources/install.wim - - cp ${autounattend.autounattendXML} win/autounattend.xml - - ${if efi then '' - virt-make-fs --partition --type=fat win/ usbimage.img - '' else '' - ${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/ - ''} - rm -rf win - - # Qemu requires files to be rw - qemu-img create -f qcow2 c.img ${diskImageSize} - qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} - '' - ); - - baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} '' - ${installScript} - mv c.img $out - ''; - - finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" { - buildInputs = with utils; [ - qemu win-wait win-exec win-put - ] ++ (v.buildInputs or []); - } (let - script = pkgs.writeScript "${v.name}-script" v.script; - qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ - # Output image - "-drive" - "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" - # Network - enable SSH forwarding - "-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22" - ]); - - in '' - # Create an image referencing the previous image in the chain - qemu-img create -f qcow2 -b ${acc} c.img - - set -m - qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & - - win-wait - - echo "Executing script to build layer..." - ${script} - echo "Layer script done" - - echo "Shutting down..." - win-exec 'shutdown /s' - echo "Waiting for VM to terminate..." - fg - echo "Done" - - mv c.img $out - '')) baseImage ( - [ - { - name = "DisablePasswordExpiry"; - script = '' - win-exec 'wmic UserAccount set PasswordExpires=False' - ''; - } - ] ++ - installCommands - ); - -in - -# impureMode is meant for debugging the base image, not the full incremental build process -if !(impureMode) then finalImage else assert installCommands == []; installScript -- 2.42.0 From 0e53281c09069f38962155dec4e06ce58c92ff07 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Thu, 17 Feb 2022 17:24:36 +0800 Subject: [PATCH 04/12] flake: slight cleanup of redundant code --- flake.nix | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/flake.nix b/flake.nix index e655aee..8633038 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ outputs = { self, nixpkgs }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; + lib = pkgs.lib; # common settings baseRtc = "2020-04-20T14:21:42"; cores = "4"; @@ -24,7 +25,7 @@ "-rtc base=${baseRtc}" "-device qemu-xhci" "-device virtio-net-pci,netdev=n1" - ] ++ pkgs.lib.optionals efi [ + ] ++ lib.optionals efi [ "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" ] ++ extraFlags; @@ -95,7 +96,7 @@ (map ({ listenAddr, targetAddr, port }: ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}" ) forwardedPorts); - qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ + qemuParams = mkQemuFlags (lib.optional (!display) "-display none" ++ lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ "-drive" "file=${image},index=0,media=disk,cache=unsafe" "-snapshot" @@ -103,7 +104,7 @@ ]); in pkgs.writeShellScriptBin "wfvm-run-${name}" '' set -e -m - ${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} & + ${qemu}/bin/qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & ${win-wait}/bin/win-wait @@ -165,7 +166,7 @@ msys2-packages = msys-packages: { name = "MSYS2-packages"; script = let - msys-packages-put = pkgs.lib.strings.concatStringsSep "\n" + msys-packages-put = lib.strings.concatStringsSep "\n" (map (package: ''win-put ${package} 'msyspackages' '') msys-packages); in # Windows command line is so shitty it can't even do glob expansion. Why do people use Windows? @@ -286,7 +287,7 @@ # Chain together layers that are quick to run so that the VM does # not have to be started/shutdown for each. collapseLayers = scripts: { - name = pkgs.lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; + name = lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; script = builtins.concatStringsSep "\n" ( map ({ script, ... }: script) scripts ); @@ -305,9 +306,7 @@ , inputLocale ? "en-US" , userLocale ? "en-US" , systemLocale ? "en-US" - , users ? { wfvm = { password = "1234"; - description = "WFVM Administrator"; - groups = [ "Administrators" ]; }; } + , additionalUsers ? {} , productKey ? null , defaultUser ? "wfvm" , setupCommands ? [] @@ -320,7 +319,9 @@ }: let - lib = pkgs.lib; + users = additionalUsers // { wfvm = { password = "1234"; + description = "WFVM Administrator"; + groups = [ "Administrators" ]; }; }; serviceCommands = lib.mapAttrsToList ( serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + ( lib.concatStringsSep " " ( @@ -644,7 +645,7 @@ , ... }@attrs: let - lib = pkgs.lib; + libguestfs = pkgs.libguestfs-with-appliance; # p7zip on >20.03 has known vulns but we have no better option @@ -667,7 +668,7 @@ ); windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { - name = "Win10_21H1_English_x64.iso"; + name = "Win10_21H2_English_x64.iso"; sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; }; @@ -684,14 +685,7 @@ }; autounattend = build-autounattend attrs // { - users = users // { wfvm = { - password = "1234"; - description = "WFVM Administrator"; - groups = [ - "Administrators" - ]; - }; - }; + additionalUsers = users; }; # Packages required to drive installation of other packages -- 2.42.0 From a76b223b0ba5d3d0942453dc7fadb23d4cdbb712 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Fri, 18 Feb 2022 11:21:28 +0800 Subject: [PATCH 05/12] flake: update win10 iso, vs community sha256 --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 8633038..d0f484a 100644 --- a/flake.nix +++ b/flake.nix @@ -191,7 +191,7 @@ bootstrapper = pkgs.fetchurl { name = "RESTRICTDIST-vs_Community.exe"; url = "https://aka.ms/vs/16/release/vs_community.exe"; - sha256 = "0b3csxz0qsafnvc0d74ywfpralwz8chv4zf9k07akpm8lp8ycgq0"; + sha256 = "sha256-uva5YDG/sJepWBeZhjubyo5zynaBC0I3DKadRXSiQr0="; }; # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. download-vs = utils.wfvm-run { @@ -669,7 +669,7 @@ windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { name = "Win10_21H2_English_x64.iso"; - sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; + sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz"; message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; }; -- 2.42.0 From da2102d504ad67eb14e227d0f88f82ce3e39863f Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Fri, 18 Feb 2022 14:36:29 +0800 Subject: [PATCH 06/12] flake: export layers, update make_msys_packages for flakes --- flake.nix | 1 + layers/make_msys_packages.sh | 22 +--------------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/flake.nix b/flake.nix index d0f484a..d209721 100644 --- a/flake.nix +++ b/flake.nix @@ -888,6 +888,7 @@ inherit utils; inherit makeWindowsImage; + inherit layers; demo-ssh = utils.wfvm-run { name = "demo-ssh"; diff --git a/layers/make_msys_packages.sh b/layers/make_msys_packages.sh index fa8595e..ef39678 100755 --- a/layers/make_msys_packages.sh +++ b/layers/make_msys_packages.sh @@ -2,27 +2,7 @@ set -e -nix-build -E " -let - pkgs = import <nixpkgs> {}; - wfvm = import ../default.nix { inherit pkgs; }; -in - wfvm.utils.wfvm-run { - name = \"get-msys-packages\"; - image = wfvm.makeWindowsImage { installCommands = [ wfvm.layers.msys2 ]; }; - script = '' - cat > getmsyspackages.bat << EOF - set MSYS=C:\\MSYS64 - set TOOLPREF=mingw-w64-x86_64- - set PATH=%MSYS%\usr\bin;%MSYS%\mingw64\bin;%PATH% - pacman -Sp %TOOLPREF%gcc %TOOLPREF%binutils make autoconf automake libtool texinfo > packages.txt - EOF - \${wfvm.utils.win-put}/bin/win-put getmsyspackages.bat - \${wfvm.utils.win-exec}/bin/win-exec getmsyspackages - \${wfvm.utils.win-get}/bin/win-get packages.txt - ''; - } -" +nix build .#make-msys-packages ./result/bin/wfvm-run-get-msys-packages -- 2.42.0 From 2dc90870b8865d9b4d15d0afbdbe04424b4aa994 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Mon, 21 Feb 2022 12:58:24 +0800 Subject: [PATCH 07/12] flakes: restore previous hierarchy --- flake.lock | 6 +- flake.nix | 799 +----------------- wfvm/autounattend.nix | 325 +++++++ {bundle => wfvm/bundle}/go.mod | 0 {bundle => wfvm/bundle}/main.go | 0 wfvm/default.nix | 7 + wfvm/demo-image.nix | 72 ++ wfvm/demo-ssh.nix | 13 + install-ssh.ps1 => wfvm/install-ssh.ps1 | 0 wfvm/layers/default.nix | 178 ++++ {layers => wfvm/layers}/make_msys_packages.sh | 0 wfvm/utils.nix | 108 +++ wfvm/win.nix | 194 +++++ 13 files changed, 907 insertions(+), 795 deletions(-) create mode 100644 wfvm/autounattend.nix rename {bundle => wfvm/bundle}/go.mod (100%) rename {bundle => wfvm/bundle}/main.go (100%) create mode 100644 wfvm/default.nix create mode 100644 wfvm/demo-image.nix create mode 100644 wfvm/demo-ssh.nix rename install-ssh.ps1 => wfvm/install-ssh.ps1 (100%) create mode 100644 wfvm/layers/default.nix rename {layers => wfvm/layers}/make_msys_packages.sh (100%) create mode 100644 wfvm/utils.nix create mode 100644 wfvm/win.nix diff --git a/flake.lock b/flake.lock index f68af98..381544a 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1644837400, - "narHash": "sha256-treFS89w/xKzeTjJSJdYp/Ceddv6oqq7bL9mZMQDPi0=", + "lastModified": 1645010845, + "narHash": "sha256-hO9X4PvxkSLMQnGGB7tOrKPwufhLMiNQMNXNwzLqneo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57", + "rev": "2128d0aa28edef51fd8fef38b132ffc0155595df", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d209721..ba7faef 100644 --- a/flake.nix +++ b/flake.nix @@ -5,811 +5,26 @@ let pkgs = import nixpkgs { system = "x86_64-linux"; }; lib = pkgs.lib; - # common settings - baseRtc = "2020-04-20T14:21:42"; - cores = "4"; - qemuMem = "4G"; - efi = true; # utils - utils = rec { - # qemu_test is a smaller closure only building for a single system arch - qemu = pkgs.qemu; - - mkQemuFlags = extraFlags: [ - "-enable-kvm" - "-cpu host" - "-smp ${cores}" - "-m ${qemuMem}" - "-M q35" - "-vga qxl" - "-rtc base=${baseRtc}" - "-device qemu-xhci" - "-device virtio-net-pci,netdev=n1" - ] ++ lib.optionals efi [ - "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" - ] ++ extraFlags; - - # Pass empty config file to prevent ssh from failing to create ~/.ssh - sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1"; - win-exec = pkgs.writeShellScriptBin "win-exec" '' - set -e - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/ssh -np 2022 ${sshOpts} \ - wfvm@localhost \ - $1 - ''; - win-wait = pkgs.writeShellScriptBin "win-wait" '' - set -e - - # If the machine is not up within 10 minutes it's likely never coming up - timeout=600 - - # Wait for VM to be accessible - sleep 20 - echo "Waiting for SSH..." - while true; do - if test "$timeout" -eq 0; then - echo "SSH connection timed out" - exit 1 - fi - - output=$(${win-exec}/bin/win-exec 'echo|set /p="Ran command"' || echo "") - if test "$output" = "Ran command"; then - break - fi - - echo "Retrying in 1 second, timing out in $timeout seconds" - - ((timeout=$timeout-1)) - - sleep 1 - done - echo "SSH OK" - ''; - win-put = pkgs.writeShellScriptBin "win-put" '' - set -e - echo win-put $1 -\> $2 - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ - wfvm@localhost -b- << EOF - cd $2 - put $1 - EOF - ''; - win-get = pkgs.writeShellScriptBin "win-get" '' - set -e - echo win-get $1 - ${pkgs.sshpass}/bin/sshpass -p1234 -- \ - ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ - wfvm@localhost:$1 . - ''; - - wfvm-run = { name, image, script, display ? false, isolateNetwork ? true, forwardedPorts ? [], fakeRtc ? true }: - let - restrict = - if isolateNetwork - then "on" - else "off"; - # use socat instead of `tcp:...` to allow multiple connections - guestfwds = - builtins.concatStringsSep "" - (map ({ listenAddr, targetAddr, port }: - ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}" - ) forwardedPorts); - qemuParams = mkQemuFlags (lib.optional (!display) "-display none" ++ lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ - "-drive" - "file=${image},index=0,media=disk,cache=unsafe" - "-snapshot" - "-netdev user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}" - ]); - in pkgs.writeShellScriptBin "wfvm-run-${name}" '' - set -e -m - ${qemu}/bin/qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & - - ${win-wait}/bin/win-wait - - ${script} - - echo "Shutting down..." - ${win-exec}/bin/win-exec 'shutdown /s' - echo "Waiting for VM to terminate..." - fg - echo "Done" - ''; - }; # end of utils - - # ============ - - # layers - layers = { - anaconda3 = { - name = "Anaconda3"; - script = let - Anaconda3 = pkgs.fetchurl { - name = "Anaconda3.exe"; - url = "https://repo.anaconda.com/archive/Anaconda3-2021.05-Windows-x86_64.exe"; - sha256 = "1lpk7k4gydyk524z1nk4rrninrwi20g2ias2njc9w0a40hwl5nwk"; - }; - in - '' - ln -s ${Anaconda3} ./Anaconda3.exe - win-put Anaconda3.exe . - echo Running Anaconda installer... - win-exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3' - echo Anaconda installer finished - ''; - }; - msys2 = { - name = "MSYS2"; - buildInputs = [ pkgs.expect ]; - script = let - msys2 = pkgs.fetchurl { - name = "msys2.exe"; - url = "https://github.com/msys2/msys2-installer/releases/download/2020-06-02/msys2-x86_64-20200602.exe"; - sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4"; - }; - msys2-auto-install = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/msys2/msys2-installer/7b4b35f65904d03399d5dfb8fc4e5729b0b4d81f/auto-install.js"; - sha256 = "17fq1xprbs00j8wb4m0w1x4dvb48qb5hwa3zx77snlhw8226d81y"; - }; - in '' - ln -s ${msys2} ./msys2.exe - ln -s ${msys2-auto-install} ./auto-install.js - win-put msys2.exe . - win-put auto-install.js . - echo Running MSYS2 installer... - # work around MSYS2 installer bug that prevents it from closing at the end of unattended install - expect -c 'set timeout 600; spawn win-exec ".\\msys2.exe --script auto-install.js -v InstallPrefix=C:\\msys64"; expect FinishedPageCallback { close }' - echo MSYS2 installer finished - ''; - }; - msys2-packages = msys-packages: { - name = "MSYS2-packages"; - script = let - msys-packages-put = lib.strings.concatStringsSep "\n" - (map (package: ''win-put ${package} 'msyspackages' '') msys-packages); - in - # Windows command line is so shitty it can't even do glob expansion. Why do people use Windows? - '' - win-exec 'mkdir msyspackages' - ${msys-packages-put} - cat > installmsyspackages.bat << EOF - set MSYS=c:\msys64 - set ARCH=64 - set PATH=%MSYS%\usr\bin;%MSYS%\mingw%ARCH%\bin;%PATH% - bash -c "pacman -U --noconfirm C:/Users/wfvm/msyspackages/*" - EOF - win-put installmsyspackages.bat . - win-exec installmsyspackages - ''; - }; - msvc = { - # Those instructions are vaguely correct: - # https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2019 - name = "MSVC"; - script = let - bootstrapper = pkgs.fetchurl { - name = "RESTRICTDIST-vs_Community.exe"; - url = "https://aka.ms/vs/16/release/vs_community.exe"; - sha256 = "sha256-uva5YDG/sJepWBeZhjubyo5zynaBC0I3DKadRXSiQr0="; - }; - # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. - download-vs = utils.wfvm-run { - name = "download-vs"; - image = makeWindowsImage { }; - isolateNetwork = false; - script = - '' - ln -s ${bootstrapper} vs_Community.exe - ${utils.win-put}/bin/win-put vs_Community.exe - rm vs_Community.exe - ${utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" - ${utils.win-get}/bin/win-get /c:/vslayout - ''; - }; - cache = pkgs.stdenv.mkDerivation { - name = "RESTRICTDIST-vs"; - - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag"; - - phases = [ "buildPhase" ]; - buildInputs = [ download-vs ]; - buildPhase = - '' - mkdir $out - cd $out - wfvm-run-download-vs - ''; - }; - in - '' - ln -s ${cache}/vslayout vslayout - win-put vslayout /c:/ - echo "Running Visual Studio installer" - win-exec "cd \vslayout && start /wait vs_Community.exe --passive --wait && echo %errorlevel%" - ''; - }; - # You need to run the IDE at least once or else most of the Visual Studio trashware won't actually work. - # With the /ResetSettings flag, it will actually start without pestering you about opening a Microsoft account. - msvc-ide-unbreak = { - name = "MSVC-ide-unbreak"; - script = - '' - win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE" && devenv /ResetSettings' - sleep 40 - ''; - }; - # Disable the Windows firewall - disable-firewall = { - name = "disable-firewall"; - script = '' - echo Disabling firewall - win-exec "netsh advfirewall set allprofiles state off" - ''; - }; - # Disable automatic power management which causes the machine to go - # into standby after periods without mouse wiggling. - disable-autosleep = { - name = "disable-autosleep"; - script = '' - echo Disabling autosleep - win-exec "powercfg /x -hibernate-timeout-ac 0" - win-exec "powercfg /x -hibernate-timeout-dc 0" - win-exec "powercfg /x -disk-timeout-ac 0" - win-exec "powercfg /x -disk-timeout-dc 0" - win-exec "powercfg /x -monitor-timeout-ac 0" - win-exec "powercfg /x -monitor-timeout-dc 0" - win-exec "powercfg /x -standby-timeout-ac 0" - win-exec "powercfg /x -standby-timeout-dc 0" - ''; - }; - # Turn off automatic locking of idle user sessions - disable-autolock = { - name = "disable-autolock"; - script = '' - echo Disabling autolock - win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" - ''; - }; - # Don't let Windows start completely rewriting gigabytes of disk - # space. Defragmentation increases the size of our qcow layers - # needlessly. - disable-scheduled-defrag = { - name = "disable-scheduled-defrag"; - script = '' - echo Disabling scheduled defragmentation service - win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"' - ''; - }; - - # Chain together layers that are quick to run so that the VM does - # not have to be started/shutdown for each. - collapseLayers = scripts: { - name = lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; - script = builtins.concatStringsSep "\n" ( - map ({ script, ... }: script) scripts - ); - buildInputs = - builtins.concatMap ({ buildInputs ? [], ... }: buildInputs) scripts; - }; - }; # end of layers + utils = (import wfvm/utils.nix { inherit pkgs; }); + # layers + layers = (import wfvm/layers { inherit pkgs; }); # end of layers # ============ - # autounattend - build-autounattend = { fullName ? "John Doe" - , organization ? "KVM Authority" - , administratorPassword ? "123456" - , uiLanguage ? "en-US" - , inputLocale ? "en-US" - , userLocale ? "en-US" - , systemLocale ? "en-US" - , additionalUsers ? {} - , productKey ? null - , defaultUser ? "wfvm" - , setupCommands ? [] - , timeZone ? "UTC" - , services ? {} - , impureShellCommands ? [] - , driveLetter ? "D:" - , imageSelection ? "Windows 10 Pro" - , ... - }: - - let - users = additionalUsers // { wfvm = { password = "1234"; - description = "WFVM Administrator"; - groups = [ "Administrators" ]; }; }; - serviceCommands = lib.mapAttrsToList ( - serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + ( - lib.concatStringsSep " " ( - ( - lib.mapAttrsToList ( - n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}" - ) - ) ( - # Always run without interaction - { Force = true; } // attrs - ) - ) - ) - ) services; - - sshSetupCommands = - # let - # makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users; - # writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let - # commands = [ - # ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' '' - # ]; - # in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users); - # mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs; - # writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys; - # in - # mkDirsDesc ++ writeKeysDesc ++ - [ - { - Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; - Description = "Install OpenSSH service."; - } - ]; - - assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c; - - commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) ( - [ - { - Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted"; - Description = "Allow unsigned powershell scripts."; - } - ] - ++ [ - { - Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe''; - Description = "Install any declared packages."; - } - ] - ++ setupCommands - ++ [ - { - Path = ''powershell.exe ${driveLetter}\setup.ps1''; - Description = "Setup SSH and keys"; - } - ] - ++ serviceCommands - ++ impureShellCommands - ); - - mkCommand = attrs: '' - <RunSynchronousCommand wcm:action="add"> - ${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)} - </RunSynchronousCommand> - ''; - mkCommands = commands: ( - builtins.foldl' ( - acc: v: rec { - i = acc.i + 1; - values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ]; - } - ) { - i = 0; - values = []; - } commands - ).values; - - mkUser = - { name - , password - , description ? "" - , displayName ? "" - , groups ? [] - # , sshKeys ? [] # Handled in scripts - }: '' - <LocalAccount wcm:action="add"> - <Password> - <Value>${password}</Value> - <PlainText>true</PlainText> - </Password> - <Description>${description}</Description> - <DisplayName>${displayName}</DisplayName> - <Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group> - <Name>${name}</Name> - </LocalAccount> - ''; - - # Windows expects a flat list of users while we want to manage them as a set - flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users); - - diskId = - if efi then 2 else 1; - - autounattendXML = pkgs.writeText "autounattend.xml" '' - <?xml version="1.0" encoding="utf-8"?> - <unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DriverPaths> - <PathAndCredentials wcm:action="add" wcm:keyValue="1"> - <Path>D:\</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="2"> - <Path>E:\</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="3"> - <Path>C:\virtio\amd64\w10</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="4"> - <Path>C:\virtio\NetKVM\w10\amd64</Path> - </PathAndCredentials> - <PathAndCredentials wcm:action="add" wcm:keyValue="5"> - <Path>C:\virtio\qxldod\w10\amd64</Path> - </PathAndCredentials> - </DriverPaths> - </component> - <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Order>1</Order> - <Type>${if efi then "EFI" else "Primary"}</Type> - <Size>300</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>${if efi then "MSR" else "Primary"}</Type> - <Size>16</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>3</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Order>1</Order> - <Format>${if efi then "FAT32" else "NTFS"}</Format> - <Label>System</Label> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Order>3</Order> - <Format>NTFS</Format> - <Label>Windows</Label> - <Letter>C</Letter> - <PartitionID>3</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>${toString diskId}</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - - <ImageInstall> - <OSImage> - <InstallTo> - <DiskID>${toString diskId}</DiskID> - <PartitionID>3</PartitionID> - </InstallTo> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME</Key> - <Value>${imageSelection}</Value> - </MetaData> - </InstallFrom> - </OSImage> - </ImageInstall> - - <UserData> - <ProductKey> - ${if productKey != null then "<Key>${productKey}</Key>" else ""} - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>${fullName}</FullName> - <Organization>${organization}</Organization> - </UserData> - - </component> - <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SetupUILanguage> - <UILanguage>${uiLanguage}</UILanguage> - </SetupUILanguage> - <InputLocale>${inputLocale}</InputLocale> - <SystemLocale>${systemLocale}</SystemLocale> - <UILanguage>${uiLanguage}</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>${userLocale}</UserLocale> - </component> - </settings> - - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <InputLocale>${inputLocale}</InputLocale> - <SystemLocale>${systemLocale}</SystemLocale> - <UILanguage>${uiLanguage}</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>${userLocale}</UserLocale> - </component> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <TimeZone>${timeZone}</TimeZone> - - <UserAccounts> - ${if administratorPassword != null then '' - <AdministratorPassword> - <Value>${administratorPassword}</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - '' else ""} - <LocalAccounts> - ${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)} - </LocalAccounts> - </UserAccounts> - - ${if defaultUser == null then "" else '' - <AutoLogon> - <Password> - <Value>${(builtins.getAttr defaultUser users).password}</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>${defaultUser}</Username> - </AutoLogon> - ''} - - </component> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <Reseal> - <ForceShutdownNow>true</ForceShutdownNow> - <Mode>OOBE</Mode> - </Reseal> - </component> - </settings> - - <settings pass="specialize"> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <RunSynchronous> - ${lib.concatStringsSep "\n" (mkCommands commands)} - </RunSynchronous> - </component> - <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <CEIPEnabled>0</CEIPEnabled> - </component> - </settings> - - <!-- Disable Windows UAC --> - <settings pass="offlineServicing"> - <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - - <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> - </unattend> - ''; - - in { - # Lint and format as a sanity check - autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} '' - ${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out - ''; - - # autounattend.xml is _super_ picky about quotes and other things - setupScript = pkgs.writeText "setup.ps1" ( - '' - # Setup SSH and keys - '' + - lib.concatStrings ( - builtins.map (c: '' - # ${c.Description} - ${c.Path} - '') sshSetupCommands - ) - ); - }; - # /autounattend ============ - # bundle bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' mkdir bundle cd bundle - cp ${./bundle/go.mod} go.mod - cp ${./bundle/main.go} main.go + cp ${wfvm/bundle/go.mod} go.mod + cp ${wfvm/bundle/main.go} main.go env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build mv bundle.exe $out ''; # /bundle =========== # makeWindowsImage - makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {} - , impureMode ? false, installCommands ? [] - , users ? {} - # autounattend always installs index 1, so this default is backward-compatible - , imageSelection ? "Windows 10 Pro" - , ... - }@attrs: - let - - libguestfs = pkgs.libguestfs-with-appliance; - - # p7zip on >20.03 has known vulns but we have no better option - p7zip = pkgs.p7zip.overrideAttrs(old: { - meta = old.meta // { - knownVulnerabilities = []; - }; - }); - - runQemuCommand = name: command: ( - pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; } - ( - '' - if ! test -f; then - echo "KVM not available, bailing out" >> /dev/stderr - exit 1 - fi - '' + command - ) - ); - - windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { - name = "Win10_21H2_English_x64.iso"; - sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz"; - message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; - }; - - # stable as of 2021-04-08 - virtioWinIso = pkgs.fetchurl { - url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso"; - sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; - }; - - openSshServerPackage = pkgs.fetchurl { - url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"; - sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; - }; - - autounattend = build-autounattend attrs // { - additionalUsers = users; - }; - - # Packages required to drive installation of other packages - bootstrapPkgs = - runQemuCommand "bootstrap-win-pkgs.img" '' - 7z x -y ${virtioWinIso} -opkgs/virtio - - cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" - - # Install optional windows features - cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip - - # SSH setup script goes here because windows XML parser sucks - cp ${self}/install-ssh.ps1 pkgs/install-ssh.ps1 - cp ${autounattend.setupScript} pkgs/setup.ps1 - - virt-make-fs --partition --type=fat pkgs/ $out - ''; - - installScript = pkgs.writeScript "windows-install-script" ( - let - qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ - # "CD" drive with bootstrap pkgs - "-drive" - "id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on" - "-device" - "usb-storage,drive=virtio-win" - # USB boot - "-drive" - "id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}" - "-device" - "usb-storage,drive=win-install" - # Output image - "-drive" - "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" - # Network - "-netdev user,id=n1,net=192.168.1.0/24,restrict=on" - ]); - in - '' - #!${pkgs.runtimeShell} - set -euxo pipefail - export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs pkgs.wimlib ]}:$PATH - - # Create a bootable "USB" image - # Booting in USB mode circumvents the "press any key to boot from cdrom" prompt - # - # Also embed the autounattend answer file in this image - mkdir -p win - mkdir -p win/nix-win - 7z x -y ${windowsIso} -owin - - # Split image so it fits in FAT32 partition - wimsplit win/sources/install.wim win/sources/install.swm 4090 - rm win/sources/install.wim - - cp ${autounattend.autounattendXML} win/autounattend.xml - - ${if efi then '' - virt-make-fs --partition --type=fat win/ usbimage.img - '' else '' - ${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/ - ''} - rm -rf win - - # Qemu requires files to be rw - qemu-img create -f qcow2 c.img ${diskImageSize} - qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} - '' - ); - - baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} '' - ${installScript} - mv c.img $out - ''; - - finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" { - buildInputs = with utils; [ - qemu win-wait win-exec win-put - ] ++ (v.buildInputs or []); - } (let - script = pkgs.writeScript "${v.name}-script" v.script; - qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ - # Output image - "-drive" - "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" - # Network - enable SSH forwarding - "-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22" - ]); - - in '' - # Create an image referencing the previous image in the chain - qemu-img create -f qcow2 -b ${acc} c.img - - set -m - qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & - - win-wait - - echo "Executing script to build layer..." - ${script} - echo "Layer script done" - - echo "Shutting down..." - win-exec 'shutdown /s' - echo "Waiting for VM to terminate..." - fg - echo "Done" - - mv c.img $out - '')) baseImage ( - [ - { - name = "DisablePasswordExpiry"; - script = '' - win-exec 'wmic UserAccount set PasswordExpires=False' - ''; - } - ] ++ - installCommands - ); - in - if !(impureMode) then finalImage else assert installCommands == []; installScript; - # end of makeWindowsImage + makeWindowsImage = attrs: ( import wfvm/win.nix { inherit pkgs bundleInstaller; } // attrs ); build-demo-image = { impureMode ? false }: makeWindowsImage { # Build install script & skip building iso @@ -892,7 +107,7 @@ demo-ssh = utils.wfvm-run { name = "demo-ssh"; - image = import ./demo-image.nix { inherit pkgs; }; + image = build-demo-image {}; isolateNetwork = false; script = '' ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null diff --git a/wfvm/autounattend.nix b/wfvm/autounattend.nix new file mode 100644 index 0000000..99b0429 --- /dev/null +++ b/wfvm/autounattend.nix @@ -0,0 +1,325 @@ +{ pkgs +, fullName ? "John Doe" +, organization ? "KVM Authority" +, administratorPassword ? "123456" +, uiLanguage ? "en-US" +, inputLocale ? "en-US" +, userLocale ? "en-US" +, systemLocale ? "en-US" +, users ? {} +, productKey ? null +, defaultUser ? "wfvm" +, setupCommands ? [] +, timeZone ? "UTC" +, services ? {} +, impureShellCommands ? [] +, driveLetter ? "D:" +, efi ? true +, imageSelection ? "Windows 10 Pro" +, ... +}: + +let + lib = pkgs.lib; + serviceCommands = lib.mapAttrsToList ( + serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + ( + lib.concatStringsSep " " ( + ( + lib.mapAttrsToList ( + n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}" + ) + ) ( + # Always run without interaction + { Force = true; } // attrs + ) + ) + ) + ) services; + + sshSetupCommands = + # let + # makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users; + # writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let + # commands = [ + # ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' '' + # ]; + # in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users); + # mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs; + # writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys; + # in + # mkDirsDesc ++ writeKeysDesc ++ + [ + { + Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; + Description = "Install OpenSSH service."; + } + ]; + + assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c; + + commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) ( + [ + { + Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted"; + Description = "Allow unsigned powershell scripts."; + } + ] + ++ [ + { + Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe''; + Description = "Install any declared packages."; + } + ] + ++ setupCommands + ++ [ + { + Path = ''powershell.exe ${driveLetter}\setup.ps1''; + Description = "Setup SSH and keys"; + } + ] + ++ serviceCommands + ++ impureShellCommands + ); + + mkCommand = attrs: '' + <RunSynchronousCommand wcm:action="add"> + ${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)} + </RunSynchronousCommand> + ''; + mkCommands = commands: ( + builtins.foldl' ( + acc: v: rec { + i = acc.i + 1; + values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ]; + } + ) { + i = 0; + values = []; + } commands + ).values; + + mkUser = + { name + , password + , description ? "" + , displayName ? "" + , groups ? [] + # , sshKeys ? [] # Handled in scripts + }: '' + <LocalAccount wcm:action="add"> + <Password> + <Value>${password}</Value> + <PlainText>true</PlainText> + </Password> + <Description>${description}</Description> + <DisplayName>${displayName}</DisplayName> + <Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group> + <Name>${name}</Name> + </LocalAccount> + ''; + + # Windows expects a flat list of users while we want to manage them as a set + flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users); + + diskId = + if efi then 2 else 1; + + autounattendXML = pkgs.writeText "autounattend.xml" '' + <?xml version="1.0" encoding="utf-8"?> + <unattend xmlns="urn:schemas-microsoft-com:unattend"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <DriverPaths> + <PathAndCredentials wcm:action="add" wcm:keyValue="1"> + <Path>D:\</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="2"> + <Path>E:\</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="3"> + <Path>C:\virtio\amd64\w10</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="4"> + <Path>C:\virtio\NetKVM\w10\amd64</Path> + </PathAndCredentials> + <PathAndCredentials wcm:action="add" wcm:keyValue="5"> + <Path>C:\virtio\qxldod\w10\amd64</Path> + </PathAndCredentials> + </DriverPaths> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + <DiskConfiguration> + <Disk wcm:action="add"> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>${if efi then "EFI" else "Primary"}</Type> + <Size>300</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>${if efi then "MSR" else "Primary"}</Type> + <Size>16</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <Format>${if efi then "FAT32" else "NTFS"}</Format> + <Label>System</Label> + <PartitionID>1</PartitionID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <PartitionID>3</PartitionID> + </ModifyPartition> + </ModifyPartitions> + <DiskID>${toString diskId}</DiskID> + <WillWipeDisk>true</WillWipeDisk> + </Disk> + </DiskConfiguration> + + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>${toString diskId}</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>${imageSelection}</Value> + </MetaData> + </InstallFrom> + </OSImage> + </ImageInstall> + + <UserData> + <ProductKey> + ${if productKey != null then "<Key>${productKey}</Key>" else ""} + <WillShowUI>OnError</WillShowUI> + </ProductKey> + <AcceptEula>true</AcceptEula> + <FullName>${fullName}</FullName> + <Organization>${organization}</Organization> + </UserData> + + </component> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <SetupUILanguage> + <UILanguage>${uiLanguage}</UILanguage> + </SetupUILanguage> + <InputLocale>${inputLocale}</InputLocale> + <SystemLocale>${systemLocale}</SystemLocale> + <UILanguage>${uiLanguage}</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>${userLocale}</UserLocale> + </component> + </settings> + + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <InputLocale>${inputLocale}</InputLocale> + <SystemLocale>${systemLocale}</SystemLocale> + <UILanguage>${uiLanguage}</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>${userLocale}</UserLocale> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <ProtectYourPC>1</ProtectYourPC> + </OOBE> + <TimeZone>${timeZone}</TimeZone> + + <UserAccounts> + ${if administratorPassword != null then '' + <AdministratorPassword> + <Value>${administratorPassword}</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + '' else ""} + <LocalAccounts> + ${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)} + </LocalAccounts> + </UserAccounts> + + ${if defaultUser == null then "" else '' + <AutoLogon> + <Password> + <Value>${(builtins.getAttr defaultUser users).password}</Value> + <PlainText>true</PlainText> + </Password> + <Enabled>true</Enabled> + <Username>${defaultUser}</Username> + </AutoLogon> + ''} + + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <Reseal> + <ForceShutdownNow>true</ForceShutdownNow> + <Mode>OOBE</Mode> + </Reseal> + </component> + </settings> + + <settings pass="specialize"> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <RunSynchronous> + ${lib.concatStringsSep "\n" (mkCommands commands)} + </RunSynchronous> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <CEIPEnabled>0</CEIPEnabled> + </component> + </settings> + + <!-- Disable Windows UAC --> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + + <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> + </unattend> + ''; + +in { + # Lint and format as a sanity check + autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} '' + ${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out + ''; + + # autounattend.xml is _super_ picky about quotes and other things + setupScript = pkgs.writeText "setup.ps1" ( + '' + # Setup SSH and keys + '' + + lib.concatStrings ( + builtins.map (c: '' + # ${c.Description} + ${c.Path} + '') sshSetupCommands + ) + ); + +} diff --git a/bundle/go.mod b/wfvm/bundle/go.mod similarity index 100% rename from bundle/go.mod rename to wfvm/bundle/go.mod diff --git a/bundle/main.go b/wfvm/bundle/main.go similarity index 100% rename from bundle/main.go rename to wfvm/bundle/main.go diff --git a/wfvm/default.nix b/wfvm/default.nix new file mode 100644 index 0000000..7846583 --- /dev/null +++ b/wfvm/default.nix @@ -0,0 +1,7 @@ +{ pkgs }: + +{ + makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs); + layers = (import ./layers { inherit pkgs; }); + utils = (import ./utils.nix { inherit pkgs; }); +} diff --git a/wfvm/demo-image.nix b/wfvm/demo-image.nix new file mode 100644 index 0000000..a928de1 --- /dev/null +++ b/wfvm/demo-image.nix @@ -0,0 +1,72 @@ +{ pkgs ? import <nixpkgs> {}, impureMode ? false }: + +let + wfvm = (import ./default.nix { inherit pkgs; }); +in +wfvm.makeWindowsImage { + # Build install script & skip building iso + inherit impureMode; + + # Custom base iso + # windowsImage = pkgs.requireFile rec { + # name = "Win10_21H1_English_x64.iso"; + # sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; + # message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; + # }; + + # impureShellCommands = [ + # "powershell.exe echo Hello" + # ]; + + # User accounts + # users = { + # artiq = { + # password = "1234"; + # # description = "Default user"; + # # displayName = "Display name"; + # groups = [ + # "Administrators" + # ]; + # }; + # }; + + # Auto login + # defaultUser = "artiq"; + + # fullName = "M-Labs"; + # organization = "m-labs"; + # administratorPassword = "12345"; + + # Imperative installation commands, to be installed incrementally + installCommands = + if impureMode + then [] + else with wfvm.layers; [ + (collapseLayers [ + disable-autosleep + disable-autolock + disable-firewall + ]) + anaconda3 msys2 msvc msvc-ide-unbreak + ]; + + # services = { + # # Enable remote management + # WinRm = { + # Status = "Running"; + # PassThru = true; + # }; + # }; + + # License key (required) + # productKey = throw "Search the f* web" + imageSelection = "Windows 10 Pro"; + + + # Locales + # uiLanguage = "en-US"; + # inputLocale = "en-US"; + # userLocale = "en-US"; + # systemLocale = "en-US"; + +} diff --git a/wfvm/demo-ssh.nix b/wfvm/demo-ssh.nix new file mode 100644 index 0000000..47c60e4 --- /dev/null +++ b/wfvm/demo-ssh.nix @@ -0,0 +1,13 @@ +{ pkgs ? import <nixpkgs> {} }: + +let + wfvm = (import ./default.nix { inherit pkgs; }); +in + wfvm.utils.wfvm-run { + name = "demo-ssh"; + image = import ./demo-image.nix { inherit pkgs; }; + isolateNetwork = false; + script = '' + ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + ''; + } diff --git a/install-ssh.ps1 b/wfvm/install-ssh.ps1 similarity index 100% rename from install-ssh.ps1 rename to wfvm/install-ssh.ps1 diff --git a/wfvm/layers/default.nix b/wfvm/layers/default.nix new file mode 100644 index 0000000..a9068a6 --- /dev/null +++ b/wfvm/layers/default.nix @@ -0,0 +1,178 @@ +{ pkgs }: +let + wfvm = import ../. { inherit pkgs; }; +in +{ + anaconda3 = { + name = "Anaconda3"; + script = let + Anaconda3 = pkgs.fetchurl { + name = "Anaconda3.exe"; + url = "https://repo.anaconda.com/archive/Anaconda3-2021.05-Windows-x86_64.exe"; + sha256 = "1lpk7k4gydyk524z1nk4rrninrwi20g2ias2njc9w0a40hwl5nwk"; + }; + in + '' + ln -s ${Anaconda3} ./Anaconda3.exe + win-put Anaconda3.exe . + echo Running Anaconda installer... + win-exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3' + echo Anaconda installer finished + ''; + }; + msys2 = { + name = "MSYS2"; + buildInputs = [ pkgs.expect ]; + script = let + msys2 = pkgs.fetchurl { + name = "msys2.exe"; + url = "https://github.com/msys2/msys2-installer/releases/download/2020-06-02/msys2-x86_64-20200602.exe"; + sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4"; + }; + msys2-auto-install = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/msys2/msys2-installer/7b4b35f65904d03399d5dfb8fc4e5729b0b4d81f/auto-install.js"; + sha256 = "17fq1xprbs00j8wb4m0w1x4dvb48qb5hwa3zx77snlhw8226d81y"; + }; + in '' + ln -s ${msys2} ./msys2.exe + ln -s ${msys2-auto-install} ./auto-install.js + win-put msys2.exe . + win-put auto-install.js . + echo Running MSYS2 installer... + # work around MSYS2 installer bug that prevents it from closing at the end of unattended install + expect -c 'set timeout 600; spawn win-exec ".\\msys2.exe --script auto-install.js -v InstallPrefix=C:\\msys64"; expect FinishedPageCallback { close }' + echo MSYS2 installer finished + ''; + }; + msys2-packages = msys-packages: { + name = "MSYS2-packages"; + script = let + msys-packages-put = pkgs.lib.strings.concatStringsSep "\n" + (map (package: ''win-put ${package} 'msyspackages' '') msys-packages); + in + # Windows command line is so shitty it can't even do glob expansion. Why do people use Windows? + '' + win-exec 'mkdir msyspackages' + ${msys-packages-put} + cat > installmsyspackages.bat << EOF + set MSYS=c:\msys64 + set ARCH=64 + set PATH=%MSYS%\usr\bin;%MSYS%\mingw%ARCH%\bin;%PATH% + bash -c "pacman -U --noconfirm C:/Users/wfvm/msyspackages/*" + EOF + win-put installmsyspackages.bat . + win-exec installmsyspackages + ''; + }; + msvc = { + # Those instructions are vaguely correct: + # https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2019 + name = "MSVC"; + script = let + bootstrapper = pkgs.fetchurl { + name = "RESTRICTDIST-vs_Community.exe"; + url = "https://aka.ms/vs/16/release/vs_community.exe"; + sha256 = "0b3csxz0qsafnvc0d74ywfpralwz8chv4zf9k07akpm8lp8ycgq0"; + }; + # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. + download-vs = wfvm.utils.wfvm-run { + name = "download-vs"; + image = wfvm.makeWindowsImage { }; + isolateNetwork = false; + script = + '' + ln -s ${bootstrapper} vs_Community.exe + ${wfvm.utils.win-put}/bin/win-put vs_Community.exe + rm vs_Community.exe + ${wfvm.utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" + ${wfvm.utils.win-get}/bin/win-get /c:/vslayout + ''; + }; + cache = pkgs.stdenv.mkDerivation { + name = "RESTRICTDIST-vs"; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag"; + + phases = [ "buildPhase" ]; + buildInputs = [ download-vs ]; + buildPhase = + '' + mkdir $out + cd $out + wfvm-run-download-vs + ''; + }; + in + '' + ln -s ${cache}/vslayout vslayout + win-put vslayout /c:/ + echo "Running Visual Studio installer" + win-exec "cd \vslayout && start /wait vs_Community.exe --passive --wait && echo %errorlevel%" + ''; + }; + # You need to run the IDE at least once or else most of the Visual Studio trashware won't actually work. + # With the /ResetSettings flag, it will actually start without pestering you about opening a Microsoft account. + msvc-ide-unbreak = { + name = "MSVC-ide-unbreak"; + script = + '' + win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE" && devenv /ResetSettings' + sleep 40 + ''; + }; + # Disable the Windows firewall + disable-firewall = { + name = "disable-firewall"; + script = '' + echo Disabling firewall + win-exec "netsh advfirewall set allprofiles state off" + ''; + }; + # Disable automatic power management which causes the machine to go + # into standby after periods without mouse wiggling. + disable-autosleep = { + name = "disable-autosleep"; + script = '' + echo Disabling autosleep + win-exec "powercfg /x -hibernate-timeout-ac 0" + win-exec "powercfg /x -hibernate-timeout-dc 0" + win-exec "powercfg /x -disk-timeout-ac 0" + win-exec "powercfg /x -disk-timeout-dc 0" + win-exec "powercfg /x -monitor-timeout-ac 0" + win-exec "powercfg /x -monitor-timeout-dc 0" + win-exec "powercfg /x -standby-timeout-ac 0" + win-exec "powercfg /x -standby-timeout-dc 0" + ''; + }; + # Turn off automatic locking of idle user sessions + disable-autolock = { + name = "disable-autolock"; + script = '' + echo Disabling autolock + win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" + ''; + }; + # Don't let Windows start completely rewriting gigabytes of disk + # space. Defragmentation increases the size of our qcow layers + # needlessly. + disable-scheduled-defrag = { + name = "disable-scheduled-defrag"; + script = '' + echo Disabling scheduled defragmentation service + win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"' + ''; + }; + + # Chain together layers that are quick to run so that the VM does + # not have to be started/shutdown for each. + collapseLayers = scripts: { + name = pkgs.lib.concatMapStringsSep "-" ({ name, ... }: name) scripts; + script = builtins.concatStringsSep "\n" ( + map ({ script, ... }: script) scripts + ); + buildInputs = + builtins.concatMap ({ buildInputs ? [], ... }: buildInputs) scripts; + }; +} diff --git a/layers/make_msys_packages.sh b/wfvm/layers/make_msys_packages.sh similarity index 100% rename from layers/make_msys_packages.sh rename to wfvm/layers/make_msys_packages.sh diff --git a/wfvm/utils.nix b/wfvm/utils.nix new file mode 100644 index 0000000..9039682 --- /dev/null +++ b/wfvm/utils.nix @@ -0,0 +1,108 @@ +{ pkgs, baseRtc ? "2020-04-20T14:21:42", cores ? "4", qemuMem ? "4G", efi ? true }: + +rec { + # qemu_test is a smaller closure only building for a single system arch + qemu = pkgs.qemu; + + mkQemuFlags = extraFlags: [ + "-enable-kvm" + "-cpu host" + "-smp ${cores}" + "-m ${qemuMem}" + "-M q35" + "-vga qxl" + "-rtc base=${baseRtc}" + "-device qemu-xhci" + "-device virtio-net-pci,netdev=n1" + ] ++ pkgs.lib.optionals efi [ + "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" + ] ++ extraFlags; + + # Pass empty config file to prevent ssh from failing to create ~/.ssh + sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1"; + win-exec = pkgs.writeShellScriptBin "win-exec" '' + set -e + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/ssh -np 2022 ${sshOpts} \ + wfvm@localhost \ + $1 + ''; + win-wait = pkgs.writeShellScriptBin "win-wait" '' + set -e + + # If the machine is not up within 10 minutes it's likely never coming up + timeout=600 + + # Wait for VM to be accessible + sleep 20 + echo "Waiting for SSH..." + while true; do + if test "$timeout" -eq 0; then + echo "SSH connection timed out" + exit 1 + fi + + output=$(${win-exec}/bin/win-exec 'echo|set /p="Ran command"' || echo "") + if test "$output" = "Ran command"; then + break + fi + + echo "Retrying in 1 second, timing out in $timeout seconds" + + ((timeout=$timeout-1)) + + sleep 1 + done + echo "SSH OK" + ''; + win-put = pkgs.writeShellScriptBin "win-put" '' + set -e + echo win-put $1 -\> $2 + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ + wfvm@localhost -b- << EOF + cd $2 + put $1 + EOF + ''; + win-get = pkgs.writeShellScriptBin "win-get" '' + set -e + echo win-get $1 + ${pkgs.sshpass}/bin/sshpass -p1234 -- \ + ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ + wfvm@localhost:$1 . + ''; + + wfvm-run = { name, image, script, display ? false, isolateNetwork ? true, forwardedPorts ? [], fakeRtc ? true }: + let + restrict = + if isolateNetwork + then "on" + else "off"; + # use socat instead of `tcp:...` to allow multiple connections + guestfwds = + builtins.concatStringsSep "" + (map ({ listenAddr, targetAddr, port }: + ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}" + ) forwardedPorts); + qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [ + "-drive" + "file=${image},index=0,media=disk,cache=unsafe" + "-snapshot" + "-netdev user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}" + ]); + in pkgs.writeShellScriptBin "wfvm-run-${name}" '' + set -e -m + ${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} & + + ${win-wait}/bin/win-wait + + ${script} + + echo "Shutting down..." + ${win-exec}/bin/win-exec 'shutdown /s' + echo "Waiting for VM to terminate..." + fg + echo "Done" + ''; +} diff --git a/wfvm/win.nix b/wfvm/win.nix new file mode 100644 index 0000000..c85f07b --- /dev/null +++ b/wfvm/win.nix @@ -0,0 +1,194 @@ +{ pkgs +, diskImageSize ? "70G" +, windowsImage ? null +, autoUnattendParams ? {} +, impureMode ? false +, installCommands ? [] +, users ? {} +# autounattend always installs index 1, so this default is backward-compatible +, imageSelection ? "Windows 10 Pro" +, efi ? true +, bundleInstaller ? {} +, ... +}@attrs: + +let + lib = pkgs.lib; + utils = import ./utils.nix { inherit pkgs efi; }; + libguestfs = pkgs.libguestfs-with-appliance; + + # p7zip on >20.03 has known vulns but we have no better option + p7zip = pkgs.p7zip.overrideAttrs(old: { + meta = old.meta // { + knownVulnerabilities = []; + }; + }); + + runQemuCommand = name: command: ( + pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; } + ( + '' + if ! test -f; then + echo "KVM not available, bailing out" >> /dev/stderr + exit 1 + fi + '' + command + ) + ); + + windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { + name = "Win10_21H2_English_x64.iso"; + sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz"; + message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; + }; + + # stable as of 2021-04-08 + virtioWinIso = pkgs.fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso"; + sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; + }; + + openSshServerPackage = pkgs.fetchurl { + url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip"; + sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz"; + }; + + autounattend = import ./autounattend.nix ( + attrs // { + inherit pkgs; + users = users // { + wfvm = { + password = "1234"; + description = "WFVM Administrator"; + groups = [ + "Administrators" + ]; + }; + }; + } + ); + + # Packages required to drive installation of other packages + bootstrapPkgs = + runQemuCommand "bootstrap-win-pkgs.img" '' + 7z x -y ${virtioWinIso} -opkgs/virtio + + cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" + + # Install optional windows features + cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip + + # SSH setup script goes here because windows XML parser sucks + cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 + cp ${autounattend.setupScript} pkgs/setup.ps1 + + virt-make-fs --partition --type=fat pkgs/ $out + ''; + + installScript = pkgs.writeScript "windows-install-script" ( + let + qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ + # "CD" drive with bootstrap pkgs + "-drive" + "id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on" + "-device" + "usb-storage,drive=virtio-win" + # USB boot + "-drive" + "id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}" + "-device" + "usb-storage,drive=win-install" + # Output image + "-drive" + "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" + # Network + "-netdev user,id=n1,net=192.168.1.0/24,restrict=on" + ]); + in + '' + #!${pkgs.runtimeShell} + set -euxo pipefail + export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs pkgs.wimlib ]}:$PATH + + # Create a bootable "USB" image + # Booting in USB mode circumvents the "press any key to boot from cdrom" prompt + # + # Also embed the autounattend answer file in this image + mkdir -p win + mkdir -p win/nix-win + 7z x -y ${windowsIso} -owin + + # Split image so it fits in FAT32 partition + wimsplit win/sources/install.wim win/sources/install.swm 4090 + rm win/sources/install.wim + + cp ${autounattend.autounattendXML} win/autounattend.xml + + ${if efi then '' + virt-make-fs --partition --type=fat win/ usbimage.img + '' else '' + ${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/ + ''} + rm -rf win + + # Qemu requires files to be rw + qemu-img create -f qcow2 c.img ${diskImageSize} + qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} + '' + ); + + baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} '' + ${installScript} + mv c.img $out + ''; + + finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" { + buildInputs = with utils; [ + qemu win-wait win-exec win-put + ] ++ (v.buildInputs or []); + } (let + script = pkgs.writeScript "${v.name}-script" v.script; + qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [ + # Output image + "-drive" + "file=c.img,index=0,media=disk,if=virtio,cache=unsafe" + # Network - enable SSH forwarding + "-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22" + ]); + + in '' + # Create an image referencing the previous image in the chain + qemu-img create -f qcow2 -b ${acc} c.img + + set -m + qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} & + + win-wait + + echo "Executing script to build layer..." + ${script} + echo "Layer script done" + + echo "Shutting down..." + win-exec 'shutdown /s' + echo "Waiting for VM to terminate..." + fg + echo "Done" + + mv c.img $out + '')) baseImage ( + [ + { + name = "DisablePasswordExpiry"; + script = '' + win-exec 'wmic UserAccount set PasswordExpires=False' + ''; + } + ] ++ + installCommands + ); + +in + +# impureMode is meant for debugging the base image, not the full incremental build process +if !(impureMode) then finalImage else assert installCommands == []; installScript -- 2.42.0 From dc36fd61d25fe338c2e12c0ccfc13916c911b4d4 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Mon, 21 Feb 2022 16:53:52 +0800 Subject: [PATCH 08/12] downgrade nixpkgs, cleanup --- flake.lock | 8 ++++---- flake.nix | 5 +---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 381544a..4f34ad6 100644 --- a/flake.lock +++ b/flake.lock @@ -2,17 +2,17 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1645010845, - "narHash": "sha256-hO9X4PvxkSLMQnGGB7tOrKPwufhLMiNQMNXNwzLqneo=", + "lastModified": 1593034146, + "narHash": "sha256-EypP7RyPq5Yv05VgsQoIkdn26KJUIgQCItHgVY1MMQE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2128d0aa28edef51fd8fef38b132ffc0155595df", + "rev": "f8248ab6d9e69ea9c07950d73d48807ec595e923", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.11", "repo": "nixpkgs", + "rev": "f8248ab6d9e69ea9c07950d73d48807ec595e923", "type": "github" } }, diff --git a/flake.nix b/flake.nix index ba7faef..48e6363 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { description = "A Nix library to create and manage virtual machines running Windows."; - inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-21.11; + inputs.nixpkgs.url = github:NixOS/nixpkgs/f8248ab6d9e69ea9c07950d73d48807ec595e923; outputs = { self, nixpkgs }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; @@ -9,8 +9,6 @@ utils = (import wfvm/utils.nix { inherit pkgs; }); # layers layers = (import wfvm/layers { inherit pkgs; }); # end of layers - - # ============ # bundle bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' @@ -21,7 +19,6 @@ env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build mv bundle.exe $out ''; - # /bundle =========== # makeWindowsImage makeWindowsImage = attrs: ( import wfvm/win.nix { inherit pkgs bundleInstaller; } // attrs ); -- 2.42.0 From 94ca43da4bc621a95401a57db4b3aaf2abd0f176 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Tue, 22 Feb 2022 11:27:28 +0800 Subject: [PATCH 09/12] flake: fix passing additional args to makeWindowsImage --- flake.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 48e6363..4b833e3 100644 --- a/flake.nix +++ b/flake.nix @@ -21,11 +21,13 @@ ''; # makeWindowsImage - makeWindowsImage = attrs: ( import wfvm/win.nix { inherit pkgs bundleInstaller; } // attrs ); + makeWindowsImage = attrs: import wfvm/win.nix ({ inherit pkgs bundleInstaller; } // attrs ); build-demo-image = { impureMode ? false }: makeWindowsImage { # Build install script & skip building iso + inherit impureMode; + # Custom base iso # windowsImage = pkgs.requireFile rec { # name = "Win10_21H1_English_x64.iso"; @@ -57,14 +59,14 @@ # administratorPassword = "12345"; # Imperative installation commands, to be installed incrementally - installCommands = with layers; [ + installCommands = pkgs.lib.optional (!impureMode) (with layers; [ (collapseLayers [ disable-autosleep disable-autolock disable-firewall ]) anaconda3 msys2 msvc msvc-ide-unbreak - ]; + ]); # services = { # # Enable remote management @@ -113,7 +115,7 @@ packages.x86_64-linux = { demo-image = build-demo-image {}; - demo-image-impure = build-demo-image { impureMode = true; }; + demo-image-impure = makeWindowsImage { impureMode = true; }; make-msys-packages = utils.wfvm-run { name = "get-msys-packages"; -- 2.42.0 From ebbcf84c4b694b80d6114d05bb93d37e76dddfe7 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Mon, 14 Mar 2022 15:22:59 +0800 Subject: [PATCH 10/12] * install first image instead by name * update vs_community sha256 * move bundle from flake to win --- flake.nix | 18 +++++------------- wfvm/autounattend.nix | 4 ++-- wfvm/layers/default.nix | 2 +- wfvm/win.nix | 14 ++++++++++++-- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/flake.nix b/flake.nix index 4b833e3..c52e4c1 100644 --- a/flake.nix +++ b/flake.nix @@ -10,18 +10,10 @@ # layers layers = (import wfvm/layers { inherit pkgs; }); # end of layers - # bundle - bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' - mkdir bundle - cd bundle - cp ${wfvm/bundle/go.mod} go.mod - cp ${wfvm/bundle/main.go} main.go - env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build - mv bundle.exe $out - ''; + # makeWindowsImage - makeWindowsImage = attrs: import wfvm/win.nix ({ inherit pkgs bundleInstaller; } // attrs ); + makeWindowsImage = attrs: import wfvm/win.nix ({ inherit pkgs; } // attrs ); build-demo-image = { impureMode ? false }: makeWindowsImage { # Build install script & skip building iso @@ -59,7 +51,7 @@ # administratorPassword = "12345"; # Imperative installation commands, to be installed incrementally - installCommands = pkgs.lib.optional (!impureMode) (with layers; [ + installCommands = if impureMode then [] else (with layers; [ (collapseLayers [ disable-autosleep disable-autolock @@ -78,7 +70,7 @@ # License key (required) # productKey = throw "Search the f* web" - imageSelection = "Windows 10 Pro"; + # imageSelection = "1"; # Locales # uiLanguage = "en-US"; @@ -115,7 +107,7 @@ packages.x86_64-linux = { demo-image = build-demo-image {}; - demo-image-impure = makeWindowsImage { impureMode = true; }; + demo-image-impure = build-demo-image { impureMode = true; }; make-msys-packages = utils.wfvm-run { name = "get-msys-packages"; diff --git a/wfvm/autounattend.nix b/wfvm/autounattend.nix index 99b0429..abd1c16 100644 --- a/wfvm/autounattend.nix +++ b/wfvm/autounattend.nix @@ -15,7 +15,7 @@ , impureShellCommands ? [] , driveLetter ? "D:" , efi ? true -, imageSelection ? "Windows 10 Pro" +, imageSelection ? "1" , ... }: @@ -200,7 +200,7 @@ let </InstallTo> <InstallFrom> <MetaData wcm:action="add"> - <Key>/IMAGE/NAME</Key> + <Key>/IMAGE/INDEX</Key> <Value>${imageSelection}</Value> </MetaData> </InstallFrom> diff --git a/wfvm/layers/default.nix b/wfvm/layers/default.nix index a9068a6..d1d6f0a 100644 --- a/wfvm/layers/default.nix +++ b/wfvm/layers/default.nix @@ -72,7 +72,7 @@ in bootstrapper = pkgs.fetchurl { name = "RESTRICTDIST-vs_Community.exe"; url = "https://aka.ms/vs/16/release/vs_community.exe"; - sha256 = "0b3csxz0qsafnvc0d74ywfpralwz8chv4zf9k07akpm8lp8ycgq0"; + sha256 = "sha256-bxi8LsvNxSZshkTbhK/FEmMx84NKYB7TUNOm9sAKXS8="; }; # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. download-vs = wfvm.utils.wfvm-run { diff --git a/wfvm/win.nix b/wfvm/win.nix index c85f07b..cd265f4 100644 --- a/wfvm/win.nix +++ b/wfvm/win.nix @@ -24,6 +24,16 @@ let }; }); + # bundle + bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' + mkdir bundle + cd bundle + cp ${bundle/go.mod} go.mod + cp ${bundle/main.go} main.go + env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build + mv bundle.exe $out + ''; + runQemuCommand = name: command: ( pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; } ( @@ -37,8 +47,8 @@ let ); windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { - name = "Win10_21H2_English_x64.iso"; - sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz"; + name = "xks67i4frg8k7rmlv5298aac0s4n5nih-RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso"; + sha256 = "0fmw30g7959bh47z8xi5pmmxq4kb0sxs1qxf51il3xy2f2py33v6"; message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; }; -- 2.42.0 From 53de3429e335ea4253d04e53b39d3a36de2b7759 Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Mon, 14 Mar 2022 15:23:28 +0800 Subject: [PATCH 11/12] remove unnecessary nix files --- wfvm/default.nix | 7 ----- wfvm/demo-image.nix | 72 --------------------------------------------- wfvm/demo-ssh.nix | 13 -------- 3 files changed, 92 deletions(-) delete mode 100644 wfvm/default.nix delete mode 100644 wfvm/demo-image.nix delete mode 100644 wfvm/demo-ssh.nix diff --git a/wfvm/default.nix b/wfvm/default.nix deleted file mode 100644 index 7846583..0000000 --- a/wfvm/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs }: - -{ - makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs); - layers = (import ./layers { inherit pkgs; }); - utils = (import ./utils.nix { inherit pkgs; }); -} diff --git a/wfvm/demo-image.nix b/wfvm/demo-image.nix deleted file mode 100644 index a928de1..0000000 --- a/wfvm/demo-image.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ pkgs ? import <nixpkgs> {}, impureMode ? false }: - -let - wfvm = (import ./default.nix { inherit pkgs; }); -in -wfvm.makeWindowsImage { - # Build install script & skip building iso - inherit impureMode; - - # Custom base iso - # windowsImage = pkgs.requireFile rec { - # name = "Win10_21H1_English_x64.iso"; - # sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; - # message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; - # }; - - # impureShellCommands = [ - # "powershell.exe echo Hello" - # ]; - - # User accounts - # users = { - # artiq = { - # password = "1234"; - # # description = "Default user"; - # # displayName = "Display name"; - # groups = [ - # "Administrators" - # ]; - # }; - # }; - - # Auto login - # defaultUser = "artiq"; - - # fullName = "M-Labs"; - # organization = "m-labs"; - # administratorPassword = "12345"; - - # Imperative installation commands, to be installed incrementally - installCommands = - if impureMode - then [] - else with wfvm.layers; [ - (collapseLayers [ - disable-autosleep - disable-autolock - disable-firewall - ]) - anaconda3 msys2 msvc msvc-ide-unbreak - ]; - - # services = { - # # Enable remote management - # WinRm = { - # Status = "Running"; - # PassThru = true; - # }; - # }; - - # License key (required) - # productKey = throw "Search the f* web" - imageSelection = "Windows 10 Pro"; - - - # Locales - # uiLanguage = "en-US"; - # inputLocale = "en-US"; - # userLocale = "en-US"; - # systemLocale = "en-US"; - -} diff --git a/wfvm/demo-ssh.nix b/wfvm/demo-ssh.nix deleted file mode 100644 index 47c60e4..0000000 --- a/wfvm/demo-ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs ? import <nixpkgs> {} }: - -let - wfvm = (import ./default.nix { inherit pkgs; }); -in - wfvm.utils.wfvm-run { - name = "demo-ssh"; - image = import ./demo-image.nix { inherit pkgs; }; - isolateNetwork = false; - script = '' - ${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null - ''; - } -- 2.42.0 From db479038463961ec341b2c3c6c5b787c0cad3a9a Mon Sep 17 00:00:00 2001 From: mwojcik <mw@m-labs.hk> Date: Mon, 14 Mar 2022 15:50:13 +0800 Subject: [PATCH 12/12] fix after deleting default.nix from wfvm --- wfvm/layers/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/wfvm/layers/default.nix b/wfvm/layers/default.nix index d1d6f0a..ec20fd3 100644 --- a/wfvm/layers/default.nix +++ b/wfvm/layers/default.nix @@ -1,6 +1,7 @@ { pkgs }: let - wfvm = import ../. { inherit pkgs; }; + makeWindowsImage = attrs: import ../win.nix ({ inherit pkgs; } // attrs ); + utils = import ../utils.nix { inherit pkgs; }; in { anaconda3 = { @@ -75,17 +76,17 @@ in sha256 = "sha256-bxi8LsvNxSZshkTbhK/FEmMx84NKYB7TUNOm9sAKXS8="; }; # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it. - download-vs = wfvm.utils.wfvm-run { + download-vs = utils.wfvm-run { name = "download-vs"; - image = wfvm.makeWindowsImage { }; + image = makeWindowsImage { }; isolateNetwork = false; script = '' ln -s ${bootstrapper} vs_Community.exe - ${wfvm.utils.win-put}/bin/win-put vs_Community.exe + ${utils.win-put}/bin/win-put vs_Community.exe rm vs_Community.exe - ${wfvm.utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" - ${wfvm.utils.win-get}/bin/win-get /c:/vslayout + ${utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US" + ${utils.win-get}/bin/win-get /c:/vslayout ''; }; cache = pkgs.stdenv.mkDerivation { -- 2.42.0