materusPC: Init new config

nix-config/host/materusPC/virtualization/nspawn/arch.nix

@@ -0,0 +1,146 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
+  extraMirrors = [ ];
+  getty = [
+    8
+    9
+  ];
+  ttys = [
+    8
+    9
+  ] ++ getty;
+
+  startPkgs = lib.strings.concatStringsSep " " [
+    "base"
+    "base-devel"
+    "dbus"
+    "less"
+    "nano"
+    "bash-completion"
+  ];
+  scripts = {
+    preStart = pkgs.writeShellScript "arch-pre-start" ''
+            if [ ! -d "/var/lib/machines/archlinux" ]; then
+              export PATH=''${PATH:+''${PATH}:}${
+                lib.strings.makeBinPath (
+                  with pkgs;
+                  [
+                    wget
+                    coreutils-full
+                    gnutar
+                    zstd
+                  ]
+                )
+              }
+
+              ARCH_IMAGE=$(mktemp)
+              trap 'rm $ARCH_IMAGE' EXIT
+
+              wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
+              mkdir -p /var/lib/machines/archlinux
+              trap 'rm -rf /var/lib/machines/archlinux' ERR
+
+              tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
+              printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
+              rm "/var/lib/machines/archlinux/etc/resolv.conf"
+        
+              [ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
+      	          printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"
+
+              systemd-machine-id-setup --root="/var/lib/machines/archlinux"
+              systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
+                export PATH=/bin
+                touch /etc/systemd/do-not-udevadm-trigger-on-update
+                pacman-key --init && pacman-key --populate
+                pacman -Rs --noconfirm arch-install-scripts
+                pacman -Sy --noconfirm --needed ${startPkgs}
+                pacman -Syu --noconfirm
+
+                systemctl disable getty@tty1.service
+                ${
+                  lib.strings.concatStringsSep "\n" (
+                    lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")
+                  )
+                }
+
+          
+              "
+            fi
+    '';
+  };
+in
+{
+  systemd.nspawn."archlinux" = {
+    enable = true;
+    execConfig = {
+      Boot = true;
+      SystemCallFilter = [ "@known" ];
+      Timezone = "symlink";
+      Capability = "all";
+      PrivateUsers = "no";
+      ResolvConf = "copy-host";
+    };
+
+    filesConfig = {
+      BindReadOnly = [
+        "/nix"
+
+        "/run/current-system"
+        "/run/booted-system"
+        "/run/opengl-driver"
+        "/run/opengl-driver-32"
+
+      ];
+      Bind = [
+        "/:/run/host-root"
+
+        "/run/udev"
+        "/run/pipewire"
+        "/run/pulse"
+        
+        "/sys/class"
+        "/sys/devices"
+
+        "/dev/fuse"
+        "/dev/snd"
+        "/dev/input"
+        "/dev/uinput"
+        "/dev/shm"
+        "/dev/kfd"
+        "/dev/dri"
+        "/dev/tty"
+        "/dev/tty0"
+
+        "/var/lib/flatpak"
+        "/var/lib/containers"
+
+        "/tmp/.X11-unix"
+
+        /mkk
+
+      ] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
+    };
+    networkConfig = {
+      Bridge = "br0";
+    };
+  };
+  systemd.services."systemd-nspawn@archlinux" = {
+    enable = true;
+    preStart = "${scripts.preStart}";
+    overrideStrategy = "asDropin";
+    serviceConfig = {
+      DeviceAllow = [
+        "char-* rwm"
+        "block-* rwm"
+        "/dev/shm rwm"
+
+      ];
+    };
+  };
+}