forked from M-Labs/wfvm
Compare commits
58 Commits
Author | SHA1 | Date |
---|---|---|
Astro | 8051ad647a | |
Astro | ec1c08956b | |
Astro | 7e09796a9b | |
Sebastien Bourdeauducq | 4dcd3699fe | |
Sebastien Bourdeauducq | bf681b20aa | |
Sebastien Bourdeauducq | 3cbddd7218 | |
Astro | 3694b0a9f2 | |
Astro | b9e261de6f | |
Astro | 285b33a674 | |
Astro | 9a92143337 | |
Astro | 16e041282f | |
Astro | bc24fd6a2b | |
Astro | af9218e652 | |
Astro | fe347240f5 | |
Astro | d2d9c7acf6 | |
Astro | 267b3eec44 | |
Astro | 1550caf442 | |
Astro | 598b311215 | |
Astro | 79c1685f89 | |
Astro | a3df68b61f | |
Astro | 6542c37863 | |
Astro | abd67ce2e6 | |
Astro | a6b677f564 | |
Astro | d8e9f9878b | |
Astro | 5ba57fb502 | |
Astro | dfdcf0f19a | |
Astro | 9845a99863 | |
Astro | 4f7aef8788 | |
Astro | c124cfc5dc | |
Astro | 3b87f787a8 | |
Astro | b33b71eec7 | |
Astro | c732c671d9 | |
Astro | 9d07da799c | |
Sebastien Bourdeauducq | a4fe5f0475 | |
Sebastien Bourdeauducq | c7d9060eee | |
Astro | 50471a28f8 | |
Astro | db995f7d77 | |
Sebastien Bourdeauducq | 93796f7a71 | |
Sebastien Bourdeauducq | 6d9d9d91f6 | |
Astro | 680d70094f | |
Astro | a84d2d8d90 | |
Astro | 520898c1db | |
Astro | 11a40de18a | |
Astro | 110fe11f00 | |
Astro | 07813c3c4f | |
Astro | 54d9f41a6d | |
Astro | ec54c9bf9b | |
Astro | 4771cee64b | |
Astro | 78c9363b64 | |
Astro | 9f8a1b6e17 | |
Markus Partheymüller | f1b52c0da7 | |
Markus Partheymüller | 0becb115f6 | |
Markus Partheymüller | 84ef1ec7e5 | |
Markus Partheymüller | 1357f493bd | |
Markus Partheymüller | e8232ab89a | |
Markus Partheymüller | 90cc7b14a4 | |
Markus Partheymüller | fbd5b97d79 | |
Astro | c0d09940d7 |
27
README.md
27
README.md
|
@ -52,3 +52,30 @@ Impure/pure mode
|
||||||
Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes.
|
Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes.
|
||||||
|
|
||||||
For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image.
|
For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image.
|
||||||
|
|
||||||
|
|
||||||
|
Usage with Nix Flakes
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Build the demo by running:
|
||||||
|
```shell
|
||||||
|
nix build .#demoImage
|
||||||
|
```
|
||||||
|
|
||||||
|
This project's **flake.nix** exposes its functions under `lib`. To use
|
||||||
|
in your own project, setup your flake like this:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
wfvm.url = "git+https://git.m-labs.hk/m-labs/wfvm";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, wfvm }: {
|
||||||
|
packages."x86_64-linux".flaky-os = wfvm.lib.makeWindowsImage {
|
||||||
|
# configuration parameters go here
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1685004253,
|
||||||
|
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
description = "WFVM: Windows Functional Virtual Machine";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs }:
|
||||||
|
let
|
||||||
|
# only x64 is supported
|
||||||
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
|
||||||
|
in rec {
|
||||||
|
lib = import ./wfvm {
|
||||||
|
inherit pkgs;
|
||||||
|
};
|
||||||
|
|
||||||
|
packages.${system} = rec {
|
||||||
|
demoImage = import ./wfvm/demo-image.nix {
|
||||||
|
inherit self;
|
||||||
|
};
|
||||||
|
|
||||||
|
default = lib.utils.wfvm-run {
|
||||||
|
name = "demo";
|
||||||
|
image = demoImage;
|
||||||
|
script =
|
||||||
|
''
|
||||||
|
echo "Windows booted. Press Enter to terminate VM."
|
||||||
|
read
|
||||||
|
'';
|
||||||
|
display = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,7 +13,10 @@
|
||||||
, timeZone ? "UTC"
|
, timeZone ? "UTC"
|
||||||
, services ? {}
|
, services ? {}
|
||||||
, impureShellCommands ? []
|
, impureShellCommands ? []
|
||||||
, driveLetter ? "E:"
|
, driveLetter ? "D:"
|
||||||
|
, efi ? true
|
||||||
|
, imageSelection ? "Windows 11 Pro N"
|
||||||
|
, enableTpm
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -48,34 +51,28 @@ let
|
||||||
# mkDirsDesc ++ writeKeysDesc ++
|
# mkDirsDesc ++ writeKeysDesc ++
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
|
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
|
||||||
Description = "Add OpenSSH service.";
|
Description = "Install OpenSSH service.";
|
||||||
}
|
|
||||||
{
|
|
||||||
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
|
|
||||||
Description = "Enable SSH by default.";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
||||||
|
|
||||||
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
||||||
[
|
[ {
|
||||||
{
|
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
||||||
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
Description = "Allow unsigned powershell scripts.";
|
||||||
Description = "Allow unsigned powershell scripts.";
|
} {
|
||||||
}
|
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
||||||
]
|
Description = "Install any declared packages.";
|
||||||
++ [
|
} {
|
||||||
{
|
Path = "net accounts /maxpwage:unlimited";
|
||||||
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
Description = "Disable forced password expiry.";
|
||||||
Description = "Install any declared packages.";
|
} ]
|
||||||
}
|
|
||||||
]
|
|
||||||
++ setupCommands
|
++ setupCommands
|
||||||
++ [
|
++ [
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
|
Path = ''powershell.exe ${driveLetter}\setup.ps1'';
|
||||||
Description = "Setup SSH and keys";
|
Description = "Setup SSH and keys";
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -123,6 +120,9 @@ let
|
||||||
# Windows expects a flat list of users while we want to manage them as a set
|
# Windows expects a flat list of users while we want to manage them as a set
|
||||||
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
||||||
|
|
||||||
|
diskId =
|
||||||
|
if efi then 2 else 1;
|
||||||
|
|
||||||
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<unattend xmlns="urn:schemas-microsoft-com:unattend">
|
<unattend xmlns="urn:schemas-microsoft-com:unattend">
|
||||||
|
@ -135,21 +135,38 @@ let
|
||||||
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
|
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
|
||||||
<Path>E:\</Path>
|
<Path>E:\</Path>
|
||||||
</PathAndCredentials>
|
</PathAndCredentials>
|
||||||
|
<PathAndCredentials wcm:action="add" wcm:keyValue="3">
|
||||||
|
<Path>C:\virtio\amd64\w10</Path>
|
||||||
|
</PathAndCredentials>
|
||||||
|
<PathAndCredentials wcm:action="add" wcm:keyValue="4">
|
||||||
|
<Path>C:\virtio\NetKVM\w10\amd64</Path>
|
||||||
|
</PathAndCredentials>
|
||||||
|
<PathAndCredentials wcm:action="add" wcm:keyValue="5">
|
||||||
|
<Path>C:\virtio\qxldod\w10\amd64</Path>
|
||||||
|
</PathAndCredentials>
|
||||||
</DriverPaths>
|
</DriverPaths>
|
||||||
</component>
|
</component>
|
||||||
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
${lib.optionalString (!enableTpm) ''
|
||||||
|
<RunSynchronous>
|
||||||
|
<RunSynchronousCommand wcm:action="add">
|
||||||
|
<Order>1</Order>
|
||||||
|
<Path>reg add HKLM\System\Setup\LabConfig /v BypassTPMCheck /t reg_dword /d 0x00000001 /f</Path>
|
||||||
|
</RunSynchronousCommand>
|
||||||
|
</RunSynchronous>
|
||||||
|
''}
|
||||||
|
|
||||||
<DiskConfiguration>
|
<DiskConfiguration>
|
||||||
<Disk wcm:action="add">
|
<Disk wcm:action="add">
|
||||||
<CreatePartitions>
|
<CreatePartitions>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
<Order>1</Order>
|
<Order>1</Order>
|
||||||
<Type>EFI</Type>
|
<Type>${if efi then "EFI" else "Primary"}</Type>
|
||||||
<Size>100</Size>
|
<Size>300</Size>
|
||||||
</CreatePartition>
|
</CreatePartition>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
<Order>2</Order>
|
<Order>2</Order>
|
||||||
<Type>MSR</Type>
|
<Type>${if efi then "MSR" else "Primary"}</Type>
|
||||||
<Size>16</Size>
|
<Size>16</Size>
|
||||||
</CreatePartition>
|
</CreatePartition>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
|
@ -161,7 +178,7 @@ let
|
||||||
<ModifyPartitions>
|
<ModifyPartitions>
|
||||||
<ModifyPartition wcm:action="add">
|
<ModifyPartition wcm:action="add">
|
||||||
<Order>1</Order>
|
<Order>1</Order>
|
||||||
<Format>FAT32</Format>
|
<Format>${if efi then "FAT32" else "NTFS"}</Format>
|
||||||
<Label>System</Label>
|
<Label>System</Label>
|
||||||
<PartitionID>1</PartitionID>
|
<PartitionID>1</PartitionID>
|
||||||
</ModifyPartition>
|
</ModifyPartition>
|
||||||
|
@ -177,7 +194,7 @@ let
|
||||||
<PartitionID>3</PartitionID>
|
<PartitionID>3</PartitionID>
|
||||||
</ModifyPartition>
|
</ModifyPartition>
|
||||||
</ModifyPartitions>
|
</ModifyPartitions>
|
||||||
<DiskID>0</DiskID>
|
<DiskID>${toString diskId}</DiskID>
|
||||||
<WillWipeDisk>true</WillWipeDisk>
|
<WillWipeDisk>true</WillWipeDisk>
|
||||||
</Disk>
|
</Disk>
|
||||||
</DiskConfiguration>
|
</DiskConfiguration>
|
||||||
|
@ -185,13 +202,14 @@ let
|
||||||
<ImageInstall>
|
<ImageInstall>
|
||||||
<OSImage>
|
<OSImage>
|
||||||
<InstallTo>
|
<InstallTo>
|
||||||
<DiskID>0</DiskID>
|
<DiskID>${toString diskId}</DiskID>
|
||||||
<PartitionID>3</PartitionID>
|
<PartitionID>3</PartitionID>
|
||||||
</InstallTo>
|
</InstallTo>
|
||||||
<InstallFrom>
|
<InstallFrom>
|
||||||
|
<Path>\install.swm</Path>
|
||||||
<MetaData wcm:action="add">
|
<MetaData wcm:action="add">
|
||||||
<Key>/IMAGE/INDEX</Key>
|
<Key>/IMAGE/NAME</Key>
|
||||||
<Value>1</Value>
|
<Value>${imageSelection}</Value>
|
||||||
</MetaData>
|
</MetaData>
|
||||||
</InstallFrom>
|
</InstallFrom>
|
||||||
</OSImage>
|
</OSImage>
|
||||||
|
@ -199,7 +217,7 @@ let
|
||||||
|
|
||||||
<UserData>
|
<UserData>
|
||||||
<ProductKey>
|
<ProductKey>
|
||||||
${if productKey != null then "<Key>${productKey}</Key>" else ""}
|
${if productKey != null then "<Key>${productKey}</Key>" else "<Key/>"}
|
||||||
<WillShowUI>OnError</WillShowUI>
|
<WillShowUI>OnError</WillShowUI>
|
||||||
</ProductKey>
|
</ProductKey>
|
||||||
<AcceptEula>true</AcceptEula>
|
<AcceptEula>true</AcceptEula>
|
||||||
|
@ -262,14 +280,12 @@ let
|
||||||
</AutoLogon>
|
</AutoLogon>
|
||||||
''}
|
''}
|
||||||
|
|
||||||
<FirstLogonCommands>
|
</component>
|
||||||
<SynchronousCommand wcm:action="add">
|
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
<Order>1</Order>
|
<Reseal>
|
||||||
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
|
<ForceShutdownNow>true</ForceShutdownNow>
|
||||||
<Description>ChangeHideFiles</Description>
|
<Mode>OOBE</Mode>
|
||||||
</SynchronousCommand>
|
</Reseal>
|
||||||
</FirstLogonCommands>
|
|
||||||
|
|
||||||
</component>
|
</component>
|
||||||
</settings>
|
</settings>
|
||||||
|
|
||||||
|
@ -291,18 +307,18 @@ let
|
||||||
</component>
|
</component>
|
||||||
</settings>
|
</settings>
|
||||||
|
|
||||||
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
<cpi:offlineImage cpi:source="wim:c:/wim/windows-11/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
||||||
</unattend>
|
</unattend>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# Lint and format as a sanity check
|
# Lint and format as a sanity check
|
||||||
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
|
autounattendXML = pkgs.runCommand "autounattend.xml" {} ''
|
||||||
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
|
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# autounattend.xml is _super_ picky about quotes and other things
|
# autounattend.xml is _super_ picky about quotes and other things
|
||||||
setupScript = pkgs.writeText "ssh-setup.ps1" (
|
setupScript = pkgs.writeText "setup.ps1" (
|
||||||
''
|
''
|
||||||
# Setup SSH and keys
|
# Setup SSH and keys
|
||||||
'' +
|
'' +
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
|
|
||||||
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
|
pkgs.runCommand "win-bundle-installer.exe" {} ''
|
||||||
|
mkdir bundle
|
||||||
|
cd bundle
|
||||||
|
cp ${./go.mod} go.mod
|
||||||
cp ${./main.go} main.go
|
cp ${./main.go} main.go
|
||||||
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
||||||
mv build.exe $out
|
mv bundle.exe $out
|
||||||
''
|
''
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
module bundle
|
||||||
|
|
||||||
|
go 1.11
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
|
makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
|
||||||
layers = (import ./layers { inherit pkgs; });
|
layers = import ./layers { inherit pkgs; };
|
||||||
utils = (import ./utils.nix { inherit pkgs; });
|
utils = import ./utils.nix { inherit pkgs; };
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +1,27 @@
|
||||||
{ pkgs ? import <nixpkgs> {}, impureMode ? false }:
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
# Whether to generate just a script to start and debug the windows installation
|
||||||
|
, impureMode ? false
|
||||||
|
# Flake input `self`
|
||||||
|
, self ? null
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
wfvm = (import ./default.nix { inherit pkgs; });
|
wfvm =
|
||||||
|
if self == null
|
||||||
|
# nix-build
|
||||||
|
then (import ./default.nix { inherit pkgs; })
|
||||||
|
# built from flake.nix
|
||||||
|
else self.lib;
|
||||||
in
|
in
|
||||||
wfvm.makeWindowsImage {
|
wfvm.makeWindowsImage {
|
||||||
# Build install script & skip building iso
|
# Build install script & skip building iso
|
||||||
inherit impureMode;
|
inherit impureMode;
|
||||||
|
|
||||||
# Custom base iso
|
# Custom base iso
|
||||||
# windowsImage = pkgs.fetchurl {
|
# windowsImage = pkgs.requireFile rec {
|
||||||
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
# name = "Win11_22H2_English_x64v1.iso";
|
||||||
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
# sha256 = "08mbppsm1naf73z8fjyqkf975nbls7xj9n4fq0yp802dv1rz3whd";
|
||||||
|
# message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# impureShellCommands = [
|
# impureShellCommands = [
|
||||||
|
@ -37,7 +48,17 @@ wfvm.makeWindowsImage {
|
||||||
# administratorPassword = "12345";
|
# administratorPassword = "12345";
|
||||||
|
|
||||||
# Imperative installation commands, to be installed incrementally
|
# Imperative installation commands, to be installed incrementally
|
||||||
installCommands = with wfvm.layers; [ anaconda3 msys2 msvc msvc-ide-unbreak ];
|
installCommands =
|
||||||
|
if impureMode
|
||||||
|
then []
|
||||||
|
else with wfvm.layers; [
|
||||||
|
(collapseLayers [
|
||||||
|
disable-autosleep
|
||||||
|
disable-autolock
|
||||||
|
disable-firewall
|
||||||
|
])
|
||||||
|
anaconda3 msys2
|
||||||
|
];
|
||||||
|
|
||||||
# services = {
|
# services = {
|
||||||
# # Enable remote management
|
# # Enable remote management
|
||||||
|
@ -47,8 +68,10 @@ wfvm.makeWindowsImage {
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# License key
|
# License key (required)
|
||||||
# productKey = "iboughtthisone";
|
# productKey = throw "Search the f* web"
|
||||||
|
imageSelection = "Windows 11 Pro N";
|
||||||
|
|
||||||
|
|
||||||
# Locales
|
# Locales
|
||||||
# uiLanguage = "en-US";
|
# uiLanguage = "en-US";
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
Write-Host "Expanding OpenSSH"
|
||||||
|
Expand-Archive D:\OpenSSH-Win64.zip C:\
|
||||||
|
|
||||||
|
Push-Location C:\OpenSSH-Win64
|
||||||
|
|
||||||
|
Write-Host "Installing OpenSSH"
|
||||||
|
& .\install-sshd.ps1
|
||||||
|
|
||||||
|
Write-Host "Generating host keys"
|
||||||
|
.\ssh-keygen.exe -A
|
||||||
|
|
||||||
|
Write-Host "Fixing host file permissions"
|
||||||
|
& .\FixHostFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Write-Host "Fixing user file permissions"
|
||||||
|
& .\FixUserFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Pop-Location
|
||||||
|
|
||||||
|
$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
|
||||||
|
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
|
||||||
|
|
||||||
|
#Write-Host "Adding public key to authorized_keys"
|
||||||
|
#$keyPath = "~\.ssh\authorized_keys"
|
||||||
|
#New-Item -Type Directory ~\.ssh > $null
|
||||||
|
#$sshKey | Out-File $keyPath -Encoding Ascii
|
||||||
|
|
||||||
|
Write-Host "Opening firewall port 22"
|
||||||
|
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
|
||||||
|
|
||||||
|
Write-Host "Setting sshd service startup type to 'Automatic'"
|
||||||
|
Set-Service sshd -StartupType Automatic
|
||||||
|
Set-Service ssh-agent -StartupType Automatic
|
||||||
|
Write-Host "Setting sshd service restart behavior"
|
||||||
|
sc.exe failure sshd reset= 86400 actions= restart/500
|
||||||
|
|
||||||
|
#Write-Host "Configuring sshd"
|
||||||
|
#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
|
||||||
|
|
||||||
|
Write-Host "Starting sshd service"
|
||||||
|
Start-Service sshd
|
||||||
|
Start-Service ssh-agent
|
|
@ -8,8 +8,8 @@ in
|
||||||
script = let
|
script = let
|
||||||
Anaconda3 = pkgs.fetchurl {
|
Anaconda3 = pkgs.fetchurl {
|
||||||
name = "Anaconda3.exe";
|
name = "Anaconda3.exe";
|
||||||
url = "https://repo.anaconda.com/archive/Anaconda3-2020.02-Windows-x86_64.exe";
|
url = "https://repo.anaconda.com/archive/Anaconda3-2021.05-Windows-x86_64.exe";
|
||||||
sha256 = "0n31l8l89jrjrbzbifxbjnr3g320ly9i4zfyqbf3l9blf4ygbhl3";
|
sha256 = "1lpk7k4gydyk524z1nk4rrninrwi20g2ias2njc9w0a40hwl5nwk";
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
|
@ -30,8 +30,8 @@ in
|
||||||
sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4";
|
sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4";
|
||||||
};
|
};
|
||||||
msys2-auto-install = pkgs.fetchurl {
|
msys2-auto-install = pkgs.fetchurl {
|
||||||
url = "https://raw.githubusercontent.com/msys2/msys2-installer/master/auto-install.js";
|
url = "https://raw.githubusercontent.com/msys2/msys2-installer/7b4b35f65904d03399d5dfb8fc4e5729b0b4d81f/auto-install.js";
|
||||||
sha256 = "0ww48xch2q427c58arg5llakfkfzh3kb32kahwplp0s7jc8224g7";
|
sha256 = "17fq1xprbs00j8wb4m0w1x4dvb48qb5hwa3zx77snlhw8226d81y";
|
||||||
};
|
};
|
||||||
in ''
|
in ''
|
||||||
ln -s ${msys2} ./msys2.exe
|
ln -s ${msys2} ./msys2.exe
|
||||||
|
@ -71,8 +71,8 @@ in
|
||||||
script = let
|
script = let
|
||||||
bootstrapper = pkgs.fetchurl {
|
bootstrapper = pkgs.fetchurl {
|
||||||
name = "RESTRICTDIST-vs_Community.exe";
|
name = "RESTRICTDIST-vs_Community.exe";
|
||||||
url = "https://download.visualstudio.microsoft.com/download/pr/ac05c4f5-0da1-429f-8701-ce509ac69926/cc9556137c66a373670376d6db2fc5c5c937b2b0bf7b3d3cac11c69e33615511/vs_Community.exe";
|
url = "https://aka.ms/vs/16/release/vs_community.exe";
|
||||||
sha256 = "04amc4rrxihimhy3syxzn2r3gjf5qlpxpmkn0dkp78v6gh9md5fc";
|
sha256 = "sha256-l4ZKFZTgHf3BmD0eFWyGwsvb4lqB/LiQYizAABOs3gg=";
|
||||||
};
|
};
|
||||||
# This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
|
# This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
|
||||||
download-vs = wfvm.utils.wfvm-run {
|
download-vs = wfvm.utils.wfvm-run {
|
||||||
|
@ -93,7 +93,7 @@ in
|
||||||
|
|
||||||
outputHashAlgo = "sha256";
|
outputHashAlgo = "sha256";
|
||||||
outputHashMode = "recursive";
|
outputHashMode = "recursive";
|
||||||
outputHash = "0fp7a6prjp8n8sirwday13wis3xyzhmrwi377y3x89nxzysp0mnv";
|
outputHash = "sha256-GoOKzln8DXVMx52jWGEjwkOFkpSW+wEffAVmBVugIyk=";
|
||||||
|
|
||||||
phases = [ "buildPhase" ];
|
phases = [ "buildPhase" ];
|
||||||
buildInputs = [ download-vs ];
|
buildInputs = [ download-vs ];
|
||||||
|
@ -118,8 +118,61 @@ in
|
||||||
name = "MSVC-ide-unbreak";
|
name = "MSVC-ide-unbreak";
|
||||||
script =
|
script =
|
||||||
''
|
''
|
||||||
win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE" && devenv /ResetSettings'
|
win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE" && devenv /ResetSettings'
|
||||||
sleep 40
|
sleep 40
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# Disable the Windows firewall
|
||||||
|
disable-firewall = {
|
||||||
|
name = "disable-firewall";
|
||||||
|
script = ''
|
||||||
|
echo Disabling firewall
|
||||||
|
win-exec "netsh advfirewall set allprofiles state off"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# Disable automatic power management which causes the machine to go
|
||||||
|
# into standby after periods without mouse wiggling.
|
||||||
|
disable-autosleep = {
|
||||||
|
name = "disable-autosleep";
|
||||||
|
script = ''
|
||||||
|
echo Disabling autosleep
|
||||||
|
win-exec "powercfg /x -hibernate-timeout-ac 0"
|
||||||
|
win-exec "powercfg /x -hibernate-timeout-dc 0"
|
||||||
|
win-exec "powercfg /x -disk-timeout-ac 0"
|
||||||
|
win-exec "powercfg /x -disk-timeout-dc 0"
|
||||||
|
win-exec "powercfg /x -monitor-timeout-ac 0"
|
||||||
|
win-exec "powercfg /x -monitor-timeout-dc 0"
|
||||||
|
win-exec "powercfg /x -standby-timeout-ac 0"
|
||||||
|
win-exec "powercfg /x -standby-timeout-dc 0"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# Turn off automatic locking of idle user sessions
|
||||||
|
disable-autolock = {
|
||||||
|
name = "disable-autolock";
|
||||||
|
script = ''
|
||||||
|
echo Disabling autolock
|
||||||
|
win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# Don't let Windows start completely rewriting gigabytes of disk
|
||||||
|
# space. Defragmentation increases the size of our qcow layers
|
||||||
|
# needlessly.
|
||||||
|
disable-scheduled-defrag = {
|
||||||
|
name = "disable-scheduled-defrag";
|
||||||
|
script = ''
|
||||||
|
echo Disabling scheduled defragmentation service
|
||||||
|
win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Chain together layers that are quick to run so that the VM does
|
||||||
|
# not have to be started/shutdown for each.
|
||||||
|
collapseLayers = scripts: {
|
||||||
|
name = pkgs.lib.concatMapStringsSep "-" ({ name, ... }: name) scripts;
|
||||||
|
script = builtins.concatStringsSep "\n" (
|
||||||
|
map ({ script, ... }: script) scripts
|
||||||
|
);
|
||||||
|
buildInputs =
|
||||||
|
builtins.concatMap ({ buildInputs ? [], ... }: buildInputs) scripts;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
This file is not publicaly acessible anywhere so had to be extracted from a connected instance
|
|
Binary file not shown.
|
@ -1,20 +1,45 @@
|
||||||
{ pkgs, baseRtc ? "2020-04-20T14:21:42", cores ? "4", qemuMem ? "4G" }:
|
{ pkgs
|
||||||
|
, baseRtc ? "2022-10-10T10:10:10"
|
||||||
|
, cores ? "4"
|
||||||
|
, qemuMem ? "4G"
|
||||||
|
, efi ? true
|
||||||
|
, enableTpm ? false
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
# qemu_test is a smaller closure only building for a single system arch
|
# qemu_test is a smaller closure only building for a single system arch
|
||||||
qemu = pkgs.qemu_test;
|
qemu = pkgs.qemu;
|
||||||
|
|
||||||
|
OVMF = pkgs.OVMF.override {
|
||||||
|
secureBoot = true;
|
||||||
|
};
|
||||||
|
|
||||||
mkQemuFlags = extraFlags: [
|
mkQemuFlags = extraFlags: [
|
||||||
"-enable-kvm"
|
"-enable-kvm"
|
||||||
"-cpu host"
|
"-cpu host"
|
||||||
"-smp ${cores}"
|
"-smp ${cores}"
|
||||||
"-m ${qemuMem}"
|
"-m ${qemuMem}"
|
||||||
"-bios ${pkgs.OVMF.fd}/FV/OVMF.fd"
|
"-M q35,smm=on"
|
||||||
|
"-vga qxl"
|
||||||
"-rtc base=${baseRtc}"
|
"-rtc base=${baseRtc}"
|
||||||
"-device piix3-usb-uhci"
|
"-device qemu-xhci"
|
||||||
"-device e1000,netdev=n1"
|
"-device virtio-net-pci,netdev=n1"
|
||||||
|
] ++ pkgs.lib.optionals efi [
|
||||||
|
"-bios ${OVMF.fd}/FV/OVMF.fd"
|
||||||
|
] ++ pkgs.lib.optionals enableTpm [
|
||||||
|
"-chardev" "socket,id=chrtpm,path=tpm.sock"
|
||||||
|
"-tpmdev" "emulator,id=tpm0,chardev=chrtpm"
|
||||||
|
"-device" "tpm-tis,tpmdev=tpm0"
|
||||||
] ++ extraFlags;
|
] ++ extraFlags;
|
||||||
|
|
||||||
|
tpmStartCommands = pkgs.lib.optionalString enableTpm ''
|
||||||
|
mkdir -p tpmstate
|
||||||
|
${pkgs.swtpm}/bin/swtpm socket \
|
||||||
|
--tpmstate dir=tpmstate \
|
||||||
|
--ctrl type=unixio,path=tpm.sock &
|
||||||
|
'';
|
||||||
|
|
||||||
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
||||||
sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
|
sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
|
||||||
win-exec = pkgs.writeShellScriptBin "win-exec" ''
|
win-exec = pkgs.writeShellScriptBin "win-exec" ''
|
||||||
|
@ -57,8 +82,10 @@ rec {
|
||||||
echo win-put $1 -\> $2
|
echo win-put $1 -\> $2
|
||||||
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
||||||
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
||||||
wfvm@localhost <<< "cd $2
|
wfvm@localhost -b- << EOF
|
||||||
put $1"
|
cd $2
|
||||||
|
put $1
|
||||||
|
EOF
|
||||||
'';
|
'';
|
||||||
win-get = pkgs.writeShellScriptBin "win-get" ''
|
win-get = pkgs.writeShellScriptBin "win-get" ''
|
||||||
set -e
|
set -e
|
||||||
|
@ -88,6 +115,7 @@ rec {
|
||||||
]);
|
]);
|
||||||
in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
|
in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
|
||||||
set -e -m
|
set -e -m
|
||||||
|
${tpmStartCommands}
|
||||||
${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &
|
${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &
|
||||||
|
|
||||||
${win-wait}/bin/win-wait
|
${win-wait}/bin/win-wait
|
||||||
|
|
64
wfvm/win.nix
64
wfvm/win.nix
|
@ -5,13 +5,17 @@
|
||||||
, impureMode ? false
|
, impureMode ? false
|
||||||
, installCommands ? []
|
, installCommands ? []
|
||||||
, users ? {}
|
, users ? {}
|
||||||
|
, enableTpm ? true
|
||||||
|
# autounattend always installs index 1, so this default is backward-compatible
|
||||||
|
, imageSelection ? "Windows 11 Pro N"
|
||||||
|
, efi ? true
|
||||||
, ...
|
, ...
|
||||||
}@attrs:
|
}@attrs:
|
||||||
|
|
||||||
let
|
let
|
||||||
lib = pkgs.lib;
|
lib = pkgs.lib;
|
||||||
utils = import ./utils.nix { inherit pkgs; };
|
utils = import ./utils.nix ({ inherit pkgs efi enableTpm; } // attrs);
|
||||||
libguestfs = pkgs.libguestfs-with-appliance;
|
inherit (pkgs) guestfs-tools;
|
||||||
|
|
||||||
# p7zip on >20.03 has known vulns but we have no better option
|
# p7zip on >20.03 has known vulns but we have no better option
|
||||||
p7zip = pkgs.p7zip.overrideAttrs(old: {
|
p7zip = pkgs.p7zip.overrideAttrs(old: {
|
||||||
|
@ -21,7 +25,7 @@ let
|
||||||
});
|
});
|
||||||
|
|
||||||
runQemuCommand = name: command: (
|
runQemuCommand = name: command: (
|
||||||
pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; }
|
pkgs.runCommand name { buildInputs = [ p7zip utils.qemu guestfs-tools ]; }
|
||||||
(
|
(
|
||||||
''
|
''
|
||||||
if ! test -f; then
|
if ! test -f; then
|
||||||
|
@ -32,17 +36,25 @@ let
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
|
windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
|
||||||
name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
name = "Win11_22H2_English_x64v2.iso";
|
||||||
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
sha256 = "0xhhxy47yaf1jsfmskym5f65hljw8q0aqs70my86m402i6dsjnc0";
|
||||||
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
|
||||||
};
|
};
|
||||||
|
|
||||||
openSshServerPackage = ./openssh/server-package.cab;
|
virtioWinIso = pkgs.fetchurl {
|
||||||
|
url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.229-1/virtio-win.iso";
|
||||||
|
sha256 = "1q5vrcd70kya4nhlbpxmj7mwmwra1hm3x7w8rzkawpk06kg0v2n8";
|
||||||
|
};
|
||||||
|
|
||||||
|
openSshServerPackage = pkgs.fetchurl {
|
||||||
|
url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
|
||||||
|
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
|
||||||
|
};
|
||||||
|
|
||||||
autounattend = import ./autounattend.nix (
|
autounattend = import ./autounattend.nix (
|
||||||
attrs // {
|
attrs // {
|
||||||
inherit pkgs;
|
inherit pkgs enableTpm;
|
||||||
users = users // {
|
users = users // {
|
||||||
wfvm = {
|
wfvm = {
|
||||||
password = "1234";
|
password = "1234";
|
||||||
|
@ -60,15 +72,16 @@ let
|
||||||
# Packages required to drive installation of other packages
|
# Packages required to drive installation of other packages
|
||||||
bootstrapPkgs =
|
bootstrapPkgs =
|
||||||
runQemuCommand "bootstrap-win-pkgs.img" ''
|
runQemuCommand "bootstrap-win-pkgs.img" ''
|
||||||
mkdir -p pkgs/fod
|
7z x -y ${virtioWinIso} -opkgs/virtio
|
||||||
|
|
||||||
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
||||||
|
|
||||||
# Install optional windows features
|
# Install optional windows features
|
||||||
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
|
cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip
|
||||||
|
|
||||||
# SSH setup script goes here because windows XML parser sucks
|
# SSH setup script goes here because windows XML parser sucks
|
||||||
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
|
cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
|
||||||
|
cp ${autounattend.setupScript} pkgs/setup.ps1
|
||||||
|
|
||||||
virt-make-fs --partition --type=fat pkgs/ $out
|
virt-make-fs --partition --type=fat pkgs/ $out
|
||||||
'';
|
'';
|
||||||
|
@ -83,12 +96,12 @@ let
|
||||||
"usb-storage,drive=virtio-win"
|
"usb-storage,drive=virtio-win"
|
||||||
# USB boot
|
# USB boot
|
||||||
"-drive"
|
"-drive"
|
||||||
"id=win-install,file=usbimage.img,if=none,format=raw,readonly=on"
|
"id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}"
|
||||||
"-device"
|
"-device"
|
||||||
"usb-storage,drive=win-install"
|
"usb-storage,drive=win-install"
|
||||||
# Output image
|
# Output image
|
||||||
"-drive"
|
"-drive"
|
||||||
"file=c.img,index=0,media=disk,cache=unsafe"
|
"file=c.img,index=0,media=disk,if=virtio,cache=unsafe"
|
||||||
# Network
|
# Network
|
||||||
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on"
|
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on"
|
||||||
]);
|
]);
|
||||||
|
@ -96,7 +109,7 @@ let
|
||||||
''
|
''
|
||||||
#!${pkgs.runtimeShell}
|
#!${pkgs.runtimeShell}
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs ]}:$PATH
|
export PATH=${lib.makeBinPath [ p7zip utils.qemu guestfs-tools pkgs.wimlib ]}:$PATH
|
||||||
|
|
||||||
# Create a bootable "USB" image
|
# Create a bootable "USB" image
|
||||||
# Booting in USB mode circumvents the "press any key to boot from cdrom" prompt
|
# Booting in USB mode circumvents the "press any key to boot from cdrom" prompt
|
||||||
|
@ -106,23 +119,33 @@ let
|
||||||
mkdir -p win/nix-win
|
mkdir -p win/nix-win
|
||||||
7z x -y ${windowsIso} -owin
|
7z x -y ${windowsIso} -owin
|
||||||
|
|
||||||
|
# Split image so it fits in FAT32 partition
|
||||||
|
wimsplit win/sources/install.wim win/sources/install.swm 4070
|
||||||
|
rm win/sources/install.wim
|
||||||
|
|
||||||
cp ${autounattend.autounattendXML} win/autounattend.xml
|
cp ${autounattend.autounattendXML} win/autounattend.xml
|
||||||
|
|
||||||
|
${if efi then ''
|
||||||
virt-make-fs --partition --type=fat win/ usbimage.img
|
virt-make-fs --partition --type=fat win/ usbimage.img
|
||||||
|
'' else ''
|
||||||
|
${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/
|
||||||
|
''}
|
||||||
rm -rf win
|
rm -rf win
|
||||||
|
|
||||||
|
${utils.tpmStartCommands}
|
||||||
|
|
||||||
# Qemu requires files to be rw
|
# Qemu requires files to be rw
|
||||||
qemu-img create -f qcow2 c.img ${diskImageSize}
|
qemu-img create -f qcow2 c.img ${diskImageSize}
|
||||||
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} ''
|
baseImage = pkgs.runCommand "RESTRICTDIST-windows.img" {} ''
|
||||||
${installScript}
|
${installScript}
|
||||||
mv c.img $out
|
mv c.img $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" {
|
finalImage = builtins.foldl' (acc: v: pkgs.runCommand "RESTRICTDIST-${v.name}.img" {
|
||||||
buildInputs = with utils; [
|
buildInputs = with utils; [
|
||||||
qemu win-wait win-exec win-put
|
qemu win-wait win-exec win-put
|
||||||
] ++ (v.buildInputs or []);
|
] ++ (v.buildInputs or []);
|
||||||
|
@ -131,14 +154,17 @@ let
|
||||||
qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [
|
qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [
|
||||||
# Output image
|
# Output image
|
||||||
"-drive"
|
"-drive"
|
||||||
"file=c.img,index=0,media=disk,cache=unsafe"
|
"file=c.img,index=0,media=disk,if=virtio,cache=unsafe"
|
||||||
# Network - enable SSH forwarding
|
# Network - enable SSH forwarding
|
||||||
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22"
|
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22"
|
||||||
]);
|
]);
|
||||||
|
|
||||||
in ''
|
in ''
|
||||||
|
set -x
|
||||||
|
${utils.tpmStartCommands}
|
||||||
|
|
||||||
# Create an image referencing the previous image in the chain
|
# Create an image referencing the previous image in the chain
|
||||||
qemu-img create -f qcow2 -b ${acc} c.img
|
qemu-img create -F qcow2 -f qcow2 -b ${acc} c.img
|
||||||
|
|
||||||
set -m
|
set -m
|
||||||
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
|
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
|
||||||
|
|
Loading…
Reference in New Issue