[wip] nix_flakes support #14
@ -297,6 +297,333 @@
# ============
# ============
# autounattend
build-autounattend = { fullName ? "John Doe"
, organization ? "KVM Authority"
, administratorPassword ? "123456"
, uiLanguage ? "en-US"
, inputLocale ? "en-US"
, userLocale ? "en-US"
, systemLocale ? "en-US"
, users ? { wfvm = { password = "1234";
description = "WFVM Administrator";
groups = [ "Administrators" ]; }; }
, productKey ? null
, defaultUser ? "wfvm"
, setupCommands ? []
, timeZone ? "UTC"
, services ? {}
, impureShellCommands ? []
, driveLetter ? "D:"
, imageSelection ? "Windows 10 Pro"
, ...
lib = pkgs.lib;
serviceCommands = lib.mapAttrsToList (
serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + (
lib.concatStringsSep " " (
lib.mapAttrsToList (
n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}"
) (
# Always run without interaction
{ Force = true; } // attrs
) services;
sshSetupCommands =
# let
# makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users;
# writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let
# commands = [
# ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' ''
# ];
# in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users);
# mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs;
# writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys;
# in
# mkDirsDesc ++ writeKeysDesc ++
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
Description = "Install OpenSSH service.";
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
Description = "Allow unsigned powershell scripts.";
++ [
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
Description = "Install any declared packages.";
++ setupCommands
++ [
Path = ''powershell.exe ${driveLetter}\setup.ps1'';
Description = "Setup SSH and keys";
++ serviceCommands
++ impureShellCommands
mkCommand = attrs: ''
<RunSynchronousCommand wcm:action="add">
${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)}
mkCommands = commands: (
builtins.foldl' (
acc: v: rec {
i = acc.i + 1;
values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ];
) {
i = 0;
values = [];
} commands
mkUser =
{ name
, password
, description ? ""
, displayName ? ""
, groups ? []
# , sshKeys ? [] # Handled in scripts
}: ''
<LocalAccount wcm:action="add">
<Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group>
# Windows expects a flat list of users while we want to manage them as a set
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
diskId =
if efi then 2 else 1;
autounattendXML = pkgs.writeText "autounattend.xml" ''
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
<PathAndCredentials wcm:action="add" wcm:keyValue="3">
<PathAndCredentials wcm:action="add" wcm:keyValue="4">
<PathAndCredentials wcm:action="add" wcm:keyValue="5">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Disk wcm:action="add">
<CreatePartition wcm:action="add">
<Type>${if efi then "EFI" else "Primary"}</Type>
<CreatePartition wcm:action="add">
<Type>${if efi then "MSR" else "Primary"}</Type>
<CreatePartition wcm:action="add">
<ModifyPartition wcm:action="add">
<Format>${if efi then "FAT32" else "NTFS"}</Format>
<ModifyPartition wcm:action="add">
<ModifyPartition wcm:action="add">
<DiskID>${toString diskId}</DiskID>
<DiskID>${toString diskId}</DiskID>
<MetaData wcm:action="add">
${if productKey != null then "<Key>${productKey}</Key>" else ""}
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
${if administratorPassword != null then ''
'' else ""}
${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)}
${if defaultUser == null then "" else ''
<Value>${(builtins.getAttr defaultUser users).password}</Value>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
${lib.concatStringsSep "\n" (mkCommands commands)}
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Disable Windows UAC -->
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
in {
# Lint and format as a sanity check
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
# autounattend.xml is _super_ picky about quotes and other things
setupScript = pkgs.writeText "setup.ps1" (
# Setup SSH and keys
'' +
lib.concatStrings (
builtins.map (c: ''
# ${c.Description}
'') sshSetupCommands
# ============
# makeWindowsImage
# makeWindowsImage
makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {}
makeWindowsImage = { diskImageSize ? "70G", windowsImage ? null, autoUnattendParams ? {}
, impureMode ? false, installCommands ? []
, impureMode ? false, installCommands ? []
@ -345,20 +672,16 @@
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
autounattend = import ./autounattend.nix (
autounattend = build-autounattend attrs // {
attrs // {
users = users // { wfvm = {
inherit pkgs;
password = "1234";
users = users // {
description = "WFVM Administrator";
wfvm = {
groups = [
password = "1234";
description = "WFVM Administrator";
groups = [
# bundle
# bundle
bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
bundleInstaller = pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
@ -493,23 +816,8 @@
if !(impureMode) then finalImage else assert installCommands == []; installScript;
if !(impureMode) then finalImage else assert installCommands == []; installScript;
# end of makeWindowsImage
# end of makeWindowsImage
in {
build-demo-image = { impureMode ? false }: makeWindowsImage {
inherit utils;
inherit makeWindowsImage;
demo-ssh = utils.wfvm-run {
name = "demo-ssh";
image = import ./demo-image.nix { inherit pkgs; };
isolateNetwork = false;
script = ''
${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
packages.x86_64-linux = {
demo-image = makeWindowsImage {
# Build install script & skip building iso
# Build install script & skip building iso
impureMode = false;
# Custom base iso
# Custom base iso
# windowsImage = pkgs.requireFile rec {
# windowsImage = pkgs.requireFile rec {
@ -563,7 +871,6 @@
# productKey = throw "Search the f* web"
# productKey = throw "Search the f* web"
imageSelection = "Windows 10 Pro";
imageSelection = "Windows 10 Pro";
# Locales
# Locales
# uiLanguage = "en-US";
# uiLanguage = "en-US";
# inputLocale = "en-US";
# inputLocale = "en-US";
@ -571,6 +878,35 @@
# systemLocale = "en-US";
# systemLocale = "en-US";
in {
# bundle dev env
devShell.x86_64-linux = pkgs.mkShell {
name = "wfvm-dev-shell";
buildInputs = with pkgs; [
shellHook = ''
unset GOPATH
inherit utils;
inherit makeWindowsImage;
demo-ssh = utils.wfvm-run {
name = "demo-ssh";
image = import ./demo-image.nix { inherit pkgs; };
isolateNetwork = false;
script = ''
${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
packages.x86_64-linux = {
demo-image = build-demo-image {};
demo-image-impure = build-demo-image { impureMode = true; };
make-msys-packages = utils.wfvm-run {
make-msys-packages = utils.wfvm-run {
name = "get-msys-packages";
name = "get-msys-packages";
image = makeWindowsImage { installCommands = [ layers.msys2 ]; };
image = makeWindowsImage { installCommands = [ layers.msys2 ]; };
@ -1,325 +0,0 @@
{ pkgs
, fullName ? "John Doe"
, organization ? "KVM Authority"
, administratorPassword ? "123456"
, uiLanguage ? "en-US"
, inputLocale ? "en-US"
, userLocale ? "en-US"
, systemLocale ? "en-US"
, users ? {}
, productKey ? null
, defaultUser ? "wfvm"
, setupCommands ? []
, timeZone ? "UTC"
, services ? {}
, impureShellCommands ? []
, driveLetter ? "D:"
, efi ? true
, imageSelection ? "Windows 10 Pro"
, ...
lib = pkgs.lib;
serviceCommands = lib.mapAttrsToList (
serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + (
lib.concatStringsSep " " (
lib.mapAttrsToList (
n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}"
) (
# Always run without interaction
{ Force = true; } // attrs
) services;
sshSetupCommands =
# let
# makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users;
# writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let
# commands = [
# ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' ''
# ];
# in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users);
# mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs;
# writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys;
# in
# mkDirsDesc ++ writeKeysDesc ++
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
Description = "Install OpenSSH service.";
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
Description = "Allow unsigned powershell scripts.";
++ [
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
Description = "Install any declared packages.";
++ setupCommands
++ [
Path = ''powershell.exe ${driveLetter}\setup.ps1'';
Description = "Setup SSH and keys";
++ serviceCommands
++ impureShellCommands
mkCommand = attrs: ''
<RunSynchronousCommand wcm:action="add">
${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)}
mkCommands = commands: (
builtins.foldl' (
acc: v: rec {
i = acc.i + 1;
values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ];
) {
i = 0;
values = [];
} commands
mkUser =
{ name
, password
, description ? ""
, displayName ? ""
, groups ? []
# , sshKeys ? [] # Handled in scripts
}: ''
<LocalAccount wcm:action="add">
<Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group>
# Windows expects a flat list of users while we want to manage them as a set
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
diskId =
if efi then 2 else 1;
autounattendXML = pkgs.writeText "autounattend.xml" ''
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
<PathAndCredentials wcm:action="add" wcm:keyValue="3">
<PathAndCredentials wcm:action="add" wcm:keyValue="4">
<PathAndCredentials wcm:action="add" wcm:keyValue="5">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Disk wcm:action="add">
<CreatePartition wcm:action="add">
<Type>${if efi then "EFI" else "Primary"}</Type>
<CreatePartition wcm:action="add">
<Type>${if efi then "MSR" else "Primary"}</Type>
<CreatePartition wcm:action="add">
<ModifyPartition wcm:action="add">
<Format>${if efi then "FAT32" else "NTFS"}</Format>
<ModifyPartition wcm:action="add">
<ModifyPartition wcm:action="add">
<DiskID>${toString diskId}</DiskID>
<DiskID>${toString diskId}</DiskID>
<MetaData wcm:action="add">
${if productKey != null then "<Key>${productKey}</Key>" else ""}
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
${if administratorPassword != null then ''
'' else ""}
${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)}
${if defaultUser == null then "" else ''
<Value>${(builtins.getAttr defaultUser users).password}</Value>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
${lib.concatStringsSep "\n" (mkCommands commands)}
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Disable Windows UAC -->
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
in {
# Lint and format as a sanity check
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
# autounattend.xml is _super_ picky about quotes and other things
setupScript = pkgs.writeText "setup.ps1" (
# Setup SSH and keys
'' +
lib.concatStrings (
builtins.map (c: ''
# ${c.Description}
'') sshSetupCommands
Reference in New Issue
Block a user