forked from M-Labs/wfvm
Compare commits
12 Commits
a3df68b61f
...
b9e261de6f
Author | SHA1 | Date |
---|---|---|
Astro | b9e261de6f | |
Astro | 285b33a674 | |
Astro | 9a92143337 | |
Astro | 16e041282f | |
Astro | bc24fd6a2b | |
Astro | af9218e652 | |
Astro | fe347240f5 | |
Astro | d2d9c7acf6 | |
Astro | 267b3eec44 | |
Astro | 1550caf442 | |
Astro | 598b311215 | |
Astro | 79c1685f89 |
|
@ -14,8 +14,8 @@
|
||||||
, services ? {}
|
, services ? {}
|
||||||
, impureShellCommands ? []
|
, impureShellCommands ? []
|
||||||
, driveLetter ? "D:"
|
, driveLetter ? "D:"
|
||||||
, efi ? true
|
, imageSelection ? "Windows 11 Pro N"
|
||||||
, imageSelection ? "Windows 10 Pro"
|
, enableTpm
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -58,18 +58,16 @@ let
|
||||||
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
||||||
|
|
||||||
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
||||||
[
|
[ {
|
||||||
{
|
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
||||||
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
Description = "Allow unsigned powershell scripts.";
|
||||||
Description = "Allow unsigned powershell scripts.";
|
} {
|
||||||
}
|
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
||||||
]
|
Description = "Install any declared packages.";
|
||||||
++ [
|
} {
|
||||||
{
|
Path = "net accounts /maxpwage:unlimited";
|
||||||
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
Description = "Disable forced password expiry.";
|
||||||
Description = "Install any declared packages.";
|
} ]
|
||||||
}
|
|
||||||
]
|
|
||||||
++ setupCommands
|
++ setupCommands
|
||||||
++ [
|
++ [
|
||||||
{
|
{
|
||||||
|
@ -121,8 +119,7 @@ let
|
||||||
# Windows expects a flat list of users while we want to manage them as a set
|
# Windows expects a flat list of users while we want to manage them as a set
|
||||||
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
||||||
|
|
||||||
diskId =
|
diskId = 2;
|
||||||
if efi then 2 else 1;
|
|
||||||
|
|
||||||
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
@ -148,18 +145,26 @@ let
|
||||||
</DriverPaths>
|
</DriverPaths>
|
||||||
</component>
|
</component>
|
||||||
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
${lib.optionalString (!enableTpm) ''
|
||||||
|
<RunSynchronous>
|
||||||
|
<RunSynchronousCommand wcm:action="add">
|
||||||
|
<Order>1</Order>
|
||||||
|
<Path>reg add HKLM\System\Setup\LabConfig /v BypassTPMCheck /t reg_dword /d 0x00000001 /f</Path>
|
||||||
|
</RunSynchronousCommand>
|
||||||
|
</RunSynchronous>
|
||||||
|
''}
|
||||||
|
|
||||||
<DiskConfiguration>
|
<DiskConfiguration>
|
||||||
<Disk wcm:action="add">
|
<Disk wcm:action="add">
|
||||||
<CreatePartitions>
|
<CreatePartitions>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
<Order>1</Order>
|
<Order>1</Order>
|
||||||
<Type>${if efi then "EFI" else "Primary"}</Type>
|
<Type>EFI</Type>
|
||||||
<Size>300</Size>
|
<Size>300</Size>
|
||||||
</CreatePartition>
|
</CreatePartition>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
<Order>2</Order>
|
<Order>2</Order>
|
||||||
<Type>${if efi then "MSR" else "Primary"}</Type>
|
<Type>MSR</Type>
|
||||||
<Size>16</Size>
|
<Size>16</Size>
|
||||||
</CreatePartition>
|
</CreatePartition>
|
||||||
<CreatePartition wcm:action="add">
|
<CreatePartition wcm:action="add">
|
||||||
|
@ -171,7 +176,7 @@ let
|
||||||
<ModifyPartitions>
|
<ModifyPartitions>
|
||||||
<ModifyPartition wcm:action="add">
|
<ModifyPartition wcm:action="add">
|
||||||
<Order>1</Order>
|
<Order>1</Order>
|
||||||
<Format>${if efi then "FAT32" else "NTFS"}</Format>
|
<Format>FAT32</Format>
|
||||||
<Label>System</Label>
|
<Label>System</Label>
|
||||||
<PartitionID>1</PartitionID>
|
<PartitionID>1</PartitionID>
|
||||||
</ModifyPartition>
|
</ModifyPartition>
|
||||||
|
@ -199,6 +204,7 @@ let
|
||||||
<PartitionID>3</PartitionID>
|
<PartitionID>3</PartitionID>
|
||||||
</InstallTo>
|
</InstallTo>
|
||||||
<InstallFrom>
|
<InstallFrom>
|
||||||
|
<Path>\install.swm</Path>
|
||||||
<MetaData wcm:action="add">
|
<MetaData wcm:action="add">
|
||||||
<Key>/IMAGE/NAME</Key>
|
<Key>/IMAGE/NAME</Key>
|
||||||
<Value>${imageSelection}</Value>
|
<Value>${imageSelection}</Value>
|
||||||
|
@ -209,7 +215,7 @@ let
|
||||||
|
|
||||||
<UserData>
|
<UserData>
|
||||||
<ProductKey>
|
<ProductKey>
|
||||||
${if productKey != null then "<Key>${productKey}</Key>" else ""}
|
${if productKey != null then "<Key>${productKey}</Key>" else "<Key/>"}
|
||||||
<WillShowUI>OnError</WillShowUI>
|
<WillShowUI>OnError</WillShowUI>
|
||||||
</ProductKey>
|
</ProductKey>
|
||||||
<AcceptEula>true</AcceptEula>
|
<AcceptEula>true</AcceptEula>
|
||||||
|
@ -299,7 +305,7 @@ let
|
||||||
</component>
|
</component>
|
||||||
</settings>
|
</settings>
|
||||||
|
|
||||||
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
<cpi:offlineImage cpi:source="wim:c:/wim/windows-11/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
||||||
</unattend>
|
</unattend>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -19,9 +19,9 @@ wfvm.makeWindowsImage {
|
||||||
|
|
||||||
# Custom base iso
|
# Custom base iso
|
||||||
# windowsImage = pkgs.requireFile rec {
|
# windowsImage = pkgs.requireFile rec {
|
||||||
# name = "Win10_21H1_English_x64.iso";
|
# name = "Win11_22H2_English_x64v1.iso";
|
||||||
# sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
|
# sha256 = "08mbppsm1naf73z8fjyqkf975nbls7xj9n4fq0yp802dv1rz3whd";
|
||||||
# message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
|
# message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# impureShellCommands = [
|
# impureShellCommands = [
|
||||||
|
@ -70,7 +70,7 @@ wfvm.makeWindowsImage {
|
||||||
|
|
||||||
# License key (required)
|
# License key (required)
|
||||||
# productKey = throw "Search the f* web"
|
# productKey = throw "Search the f* web"
|
||||||
imageSelection = "Windows 10 Pro";
|
imageSelection = "Windows 11 Pro N";
|
||||||
|
|
||||||
|
|
||||||
# Locales
|
# Locales
|
||||||
|
|
|
@ -72,7 +72,7 @@ in
|
||||||
bootstrapper = pkgs.fetchurl {
|
bootstrapper = pkgs.fetchurl {
|
||||||
name = "RESTRICTDIST-vs_Community.exe";
|
name = "RESTRICTDIST-vs_Community.exe";
|
||||||
url = "https://aka.ms/vs/16/release/vs_community.exe";
|
url = "https://aka.ms/vs/16/release/vs_community.exe";
|
||||||
sha256 = "sha256-4X8NhdcNyfHkN6eKkNz8Unvv49wRZE4CQ1vf6P1R2ic=";
|
sha256 = "sha256-l4ZKFZTgHf3BmD0eFWyGwsvb4lqB/LiQYizAABOs3gg=";
|
||||||
};
|
};
|
||||||
# This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
|
# This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
|
||||||
download-vs = wfvm.utils.wfvm-run {
|
download-vs = wfvm.utils.wfvm-run {
|
||||||
|
@ -93,7 +93,7 @@ in
|
||||||
|
|
||||||
outputHashAlgo = "sha256";
|
outputHashAlgo = "sha256";
|
||||||
outputHashMode = "recursive";
|
outputHashMode = "recursive";
|
||||||
outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag";
|
outputHash = "sha256-GoOKzln8DXVMx52jWGEjwkOFkpSW+wEffAVmBVugIyk=";
|
||||||
|
|
||||||
phases = [ "buildPhase" ];
|
phases = [ "buildPhase" ];
|
||||||
buildInputs = [ download-vs ];
|
buildInputs = [ download-vs ];
|
||||||
|
|
|
@ -1,23 +1,42 @@
|
||||||
{ pkgs, baseRtc ? "2022-10-10T10:10:10", cores ? "4", qemuMem ? "4G", efi ? true }:
|
{ pkgs
|
||||||
|
, baseRtc ? "2022-10-10T10:10:10"
|
||||||
|
, cores ? "4"
|
||||||
|
, qemuMem ? "4G"
|
||||||
|
, enableTpm ? false
|
||||||
|
}:
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
# qemu_test is a smaller closure only building for a single system arch
|
# qemu_test is a smaller closure only building for a single system arch
|
||||||
qemu = pkgs.qemu;
|
qemu = pkgs.qemu;
|
||||||
|
|
||||||
|
OVMF = pkgs.OVMF.override {
|
||||||
|
secureBoot = true;
|
||||||
|
};
|
||||||
|
|
||||||
mkQemuFlags = extraFlags: [
|
mkQemuFlags = extraFlags: [
|
||||||
"-enable-kvm"
|
"-enable-kvm"
|
||||||
"-cpu host"
|
"-cpu host"
|
||||||
"-smp ${cores}"
|
"-smp ${cores}"
|
||||||
"-m ${qemuMem}"
|
"-m ${qemuMem}"
|
||||||
"-M q35"
|
"-M q35,smm=on"
|
||||||
"-vga qxl"
|
"-vga qxl"
|
||||||
"-rtc base=${baseRtc}"
|
"-rtc base=${baseRtc}"
|
||||||
"-device qemu-xhci"
|
"-device qemu-xhci"
|
||||||
"-device virtio-net-pci,netdev=n1"
|
"-device virtio-net-pci,netdev=n1"
|
||||||
] ++ pkgs.lib.optionals efi [
|
"-bios ${OVMF.fd}/FV/OVMF.fd"
|
||||||
"-bios ${pkgs.OVMF.fd}/FV/OVMF.fd"
|
] ++ pkgs.lib.optionals enableTpm [
|
||||||
|
"-chardev" "socket,id=chrtpm,path=tpm.sock"
|
||||||
|
"-tpmdev" "emulator,id=tpm0,chardev=chrtpm"
|
||||||
|
"-device" "tpm-tis,tpmdev=tpm0"
|
||||||
] ++ extraFlags;
|
] ++ extraFlags;
|
||||||
|
|
||||||
|
tpmStartCommands = pkgs.lib.optionalString enableTpm ''
|
||||||
|
mkdir -p tpmstate
|
||||||
|
${pkgs.swtpm}/bin/swtpm socket \
|
||||||
|
--tpmstate dir=tpmstate \
|
||||||
|
--ctrl type=unixio,path=tpm.sock &
|
||||||
|
'';
|
||||||
|
|
||||||
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
||||||
sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
|
sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
|
||||||
win-exec = pkgs.writeShellScriptBin "win-exec" ''
|
win-exec = pkgs.writeShellScriptBin "win-exec" ''
|
||||||
|
@ -93,6 +112,7 @@ rec {
|
||||||
]);
|
]);
|
||||||
in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
|
in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
|
||||||
set -e -m
|
set -e -m
|
||||||
|
${tpmStartCommands}
|
||||||
${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &
|
${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &
|
||||||
|
|
||||||
${win-wait}/bin/win-wait
|
${win-wait}/bin/win-wait
|
||||||
|
|
29
wfvm/win.nix
29
wfvm/win.nix
|
@ -5,15 +5,15 @@
|
||||||
, impureMode ? false
|
, impureMode ? false
|
||||||
, installCommands ? []
|
, installCommands ? []
|
||||||
, users ? {}
|
, users ? {}
|
||||||
|
, enableTpm ? true
|
||||||
# autounattend always installs index 1, so this default is backward-compatible
|
# autounattend always installs index 1, so this default is backward-compatible
|
||||||
, imageSelection ? "Windows 10 Pro"
|
, imageSelection ? "Windows 11 Pro N"
|
||||||
, efi ? true
|
|
||||||
, ...
|
, ...
|
||||||
}@attrs:
|
}@attrs:
|
||||||
|
|
||||||
let
|
let
|
||||||
lib = pkgs.lib;
|
lib = pkgs.lib;
|
||||||
utils = import ./utils.nix { inherit pkgs efi; };
|
utils = import ./utils.nix { inherit pkgs enableTpm; };
|
||||||
inherit (pkgs) guestfs-tools;
|
inherit (pkgs) guestfs-tools;
|
||||||
|
|
||||||
# p7zip on >20.03 has known vulns but we have no better option
|
# p7zip on >20.03 has known vulns but we have no better option
|
||||||
|
@ -36,15 +36,14 @@ let
|
||||||
);
|
);
|
||||||
|
|
||||||
windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
|
windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
|
||||||
name = "Win10_21H2_English_x64.iso";
|
name = "Win11_22H2_English_x64v1.iso";
|
||||||
sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz";
|
sha256 = "08mbppsm1naf73z8fjyqkf975nbls7xj9n4fq0yp802dv1rz3whd";
|
||||||
message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
|
message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
|
||||||
};
|
};
|
||||||
|
|
||||||
# stable as of 2021-04-08
|
|
||||||
virtioWinIso = pkgs.fetchurl {
|
virtioWinIso = pkgs.fetchurl {
|
||||||
url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso";
|
url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.229-1/virtio-win.iso";
|
||||||
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
|
sha256 = "1q5vrcd70kya4nhlbpxmj7mwmwra1hm3x7w8rzkawpk06kg0v2n8";
|
||||||
};
|
};
|
||||||
|
|
||||||
openSshServerPackage = pkgs.fetchurl {
|
openSshServerPackage = pkgs.fetchurl {
|
||||||
|
@ -54,7 +53,7 @@ let
|
||||||
|
|
||||||
autounattend = import ./autounattend.nix (
|
autounattend = import ./autounattend.nix (
|
||||||
attrs // {
|
attrs // {
|
||||||
inherit pkgs;
|
inherit pkgs enableTpm;
|
||||||
users = users // {
|
users = users // {
|
||||||
wfvm = {
|
wfvm = {
|
||||||
password = "1234";
|
password = "1234";
|
||||||
|
@ -96,7 +95,7 @@ let
|
||||||
"usb-storage,drive=virtio-win"
|
"usb-storage,drive=virtio-win"
|
||||||
# USB boot
|
# USB boot
|
||||||
"-drive"
|
"-drive"
|
||||||
"id=win-install,file=${if efi then "usb" else "cd"}image.img,if=none,format=raw,readonly=on,media=${if efi then "disk" else "cdrom"}"
|
"id=win-install,file=usbimage.img,if=none,format=raw,readonly=on,media=disk"
|
||||||
"-device"
|
"-device"
|
||||||
"usb-storage,drive=win-install"
|
"usb-storage,drive=win-install"
|
||||||
# Output image
|
# Output image
|
||||||
|
@ -125,13 +124,11 @@ let
|
||||||
|
|
||||||
cp ${autounattend.autounattendXML} win/autounattend.xml
|
cp ${autounattend.autounattendXML} win/autounattend.xml
|
||||||
|
|
||||||
${if efi then ''
|
|
||||||
virt-make-fs --partition --type=fat win/ usbimage.img
|
virt-make-fs --partition --type=fat win/ usbimage.img
|
||||||
'' else ''
|
|
||||||
${pkgs.cdrkit}/bin/mkisofs -iso-level 4 -l -R -udf -D -b boot/etfsboot.com -no-emul-boot -boot-load-size 8 -hide boot.catalog -eltorito-alt-boot -o cdimage.img win/
|
|
||||||
''}
|
|
||||||
rm -rf win
|
rm -rf win
|
||||||
|
|
||||||
|
${utils.tpmStartCommands}
|
||||||
|
|
||||||
# Qemu requires files to be rw
|
# Qemu requires files to be rw
|
||||||
qemu-img create -f qcow2 c.img ${diskImageSize}
|
qemu-img create -f qcow2 c.img ${diskImageSize}
|
||||||
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
||||||
|
@ -159,6 +156,8 @@ let
|
||||||
|
|
||||||
in ''
|
in ''
|
||||||
set -x
|
set -x
|
||||||
|
${utils.tpmStartCommands}
|
||||||
|
|
||||||
# Create an image referencing the previous image in the chain
|
# Create an image referencing the previous image in the chain
|
||||||
qemu-img create -F qcow2 -f qcow2 -b ${acc} c.img
|
qemu-img create -F qcow2 -f qcow2 -b ${acc} c.img
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue