nixos-config/configurations/host/materusPC/containers/arch.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
  extraMirrors = [ ];
  getty = [
    6
    7
  ];
  ttys = [
    6
    7
    8
  ] ++ getty;

  startPkgs = lib.strings.concatStringsSep " " [
    "base"
    "base-devel"
    "dbus"
    "less"
    "nano"
    "bash-completion"
  ];
  scripts = {
    preStart = pkgs.writeShellScript "arch-pre-start" ''
            if [ ! -d "/var/lib/machines/archlinux" ]; then
              export PATH=''${PATH:+''${PATH}:}${
                lib.strings.makeBinPath (
                  with pkgs;
                  [
                    wget
                    coreutils-full
                    gnutar
                    zstd
                  ]
                )
              }

              ARCH_IMAGE=$(mktemp)
              trap 'rm $ARCH_IMAGE' EXIT

              wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
              mkdir -p /var/lib/machines/archlinux
              trap 'rm -rf /var/lib/machines/archlinux' ERR

              tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
              printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
              rm "/var/lib/machines/archlinux/etc/resolv.conf"
        
              [ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
      	          printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"

              systemd-machine-id-setup --root="/var/lib/machines/archlinux"
              systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
                export PATH=/bin
                touch /etc/systemd/do-not-udevadm-trigger-on-update
                pacman-key --init && pacman-key --populate
                pacman -Rs --noconfirm arch-install-scripts
                pacman -Sy --noconfirm --needed ${startPkgs}
                pacman -Syu --noconfirm

                systemctl disable getty@tty1.service
                ${
                  lib.strings.concatStringsSep "\n" (
                    lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")
                  )
                }

          
              "
            fi
    '';
  };
in
{
  systemd.nspawn."archlinux" = {
    enable = true;
    execConfig = {
      Boot = true;
      SystemCallFilter = [ "@known" ];
      Timezone = "bind";
      Capability = "all";
      PrivateUsers = "no";
      ResolvConf = "copy-host";
    };

    filesConfig = {
      BindReadOnly = [
        "/nix"

        "/run/current-system"
        "/run/booted-system"
        "/run/opengl-driver"
        "/run/opengl-driver-32"

      ];
      Bind = [
        "/:/run/host-root"

        "/run/udev"

        "/dev/input"
        "/dev/shm"
        "/dev/kfd"
        "/dev/dri"
        "/dev/tty"
        "/dev/tty0"

        "/tmp/.X11-unix"

        /materus

      ] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
    };
    networkConfig = {
      Private = false;
    };
  };
  systemd.services."systemd-nspawn@archlinux" = {
    enable = true;
    preStart = "${scripts.preStart}";
    overrideStrategy = "asDropin";
    serviceConfig = {
      DeviceAllow = [
        "char-tty rwm"
        "char-input rwm"
        "char-drm rwm"
      ];
    };
  };
}
update 2024-11-27 13:46:39 +01:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00			`let`
			`mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";`
			`extraMirrors = [ ];`
update 2024-11-27 13:46:39 +01:00			`getty = [`
			`6`
			`7`
			`];`
			`ttys = [`
			`6`
			`7`
			`8`
			`] ++ getty;`

			`startPkgs = lib.strings.concatStringsSep " " [`
			`"base"`
			`"base-devel"`
			`"dbus"`
			`"less"`
			`"nano"`
			`"bash-completion"`
			`];`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00			`scripts = {`
			`preStart = pkgs.writeShellScript "arch-pre-start" ''`
			`if [ ! -d "/var/lib/machines/archlinux" ]; then`
update 2024-11-27 13:46:39 +01:00			`export PATH=''${PATH:+''${PATH}:}${`
			`lib.strings.makeBinPath (`
			`with pkgs;`
			`[`
			`wget`
			`coreutils-full`
			`gnutar`
			`zstd`
			`]`
			`)`
			`}`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00
			`ARCH_IMAGE=$(mktemp)`
			`trap 'rm $ARCH_IMAGE' EXIT`

			`wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE`
			`mkdir -p /var/lib/machines/archlinux`
			`trap 'rm -rf /var/lib/machines/archlinux' ERR`

			`tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner`
			`printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist`
			`rm "/var/lib/machines/archlinux/etc/resolv.conf"`

			`[ -f "/var/lib/machines/archlinux/etc/securetty" ] && \`
			`printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"`

			`systemd-machine-id-setup --root="/var/lib/machines/archlinux"`
			`systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "`
			`export PATH=/bin`
Lot of changes, ignoring previous commits format 2024-11-15 18:01:13 +01:00			`touch /etc/systemd/do-not-udevadm-trigger-on-update`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00			`pacman-key --init && pacman-key --populate`
			`pacman -Rs --noconfirm arch-install-scripts`
			`pacman -Sy --noconfirm --needed ${startPkgs}`
			`pacman -Syu --noconfirm`

			`systemctl disable getty@tty1.service`
update 2024-11-27 13:46:39 +01:00			`${`
			`lib.strings.concatStringsSep "\n" (`
			`lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")`
			`)`
			`}`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00

			`"`
			`fi`
			`'';`
			`};`
			`in`
			`{`
			`systemd.nspawn."archlinux" = {`
			`enable = true;`
			`execConfig = {`
			`Boot = true;`
			`SystemCallFilter = [ "@known" ];`
			`Timezone = "bind";`
			`Capability = "all";`
update 2024-11-27 13:46:39 +01:00			`PrivateUsers = "no";`
			`ResolvConf = "copy-host";`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00			`};`

			`filesConfig = {`
			`BindReadOnly = [`
			`"/nix"`

			`"/run/current-system"`
			`"/run/booted-system"`
			`"/run/opengl-driver"`
			`"/run/opengl-driver-32"`

			`];`
			`Bind = [`
			`"/:/run/host-root"`

			`"/run/udev"`

			`"/dev/input"`
			`"/dev/shm"`
			`"/dev/kfd"`
			`"/dev/dri"`
			`"/dev/tty"`
			`"/dev/tty0"`

			`"/tmp/.X11-unix"`

			`/materus`

			`] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");`
			`};`
			`networkConfig = {`
			`Private = false;`
			`};`
			`};`
			`systemd.services."systemd-nspawn@archlinux" = {`
			`enable = true;`
			`preStart = "${scripts.preStart}";`
			`overrideStrategy = "asDropin";`
			`serviceConfig = {`
update 2024-11-27 13:46:39 +01:00			`DeviceAllow = [`
			`"char-tty rwm"`
			`"char-input rwm"`
			`"char-drm rwm"`
			`];`
materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00			`};`
			`};`
			`}`