Let's hope WSL is not against company policy

If you are looking at this, you know who you are Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-08-19 12:24:17 +03:00
parent 2e6cb0a7f4
commit 8631e15593
26 changed files with 247 additions and 281 deletions
--- a/hosts/elara/README.md
+++ b/hosts/elara/README.md
@@ -4,7 +4,13 @@

 This host uses private SAS repositories. You can find the imports for these in:

- [./default.nix](./default.nix)
- [./users/nikara/default.nix](./users/nikara/default.nix)
+You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system.

-You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
+## Installation Instructions
+
+1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
+2. Copy the generated tarball to the Elara host
+3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
+4. `chown` your home directory to your user
+5. Restart WSL with `wsl --shutdown`
+6. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution
--- a/hosts/elara/build-tarball.nix
+++ b/hosts/elara/build-tarball.nix
@@ -0,0 +1,92 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+# FIXME: https://github.com/nix-community/NixOS-WSL/issues/343
+# FIXME: https://github.com/nix-community/NixOS-WSL/issues/612
+{
+  system.build.tarballBuilder = lib.mkForce (
+    pkgs.writeShellApplication {
+      name = "nixos-wsl-tarball-builder";
+
+      runtimeInputs = [
+        config.nix.package
+        pkgs.coreutils
+        pkgs.e2fsprogs
+        pkgs.gnutar
+        pkgs.nixos-install-tools
+        pkgs.pigz
+      ];
+
+      text = ''
+        if ! [ "$EUID" -eq 0 ]; then
+          echo "This script must be run as root!"
+          exit 1
+        fi
+
+        out="nixos-wsl.tar.gz"
+        extra_files=""
+
+        positional=()
+        while [ $# -gt 0 ]; do
+          case "$1" in
+            --extra-files=*)
+              extra_files="''${1#*=}"
+              ;;
+            --extra-files)
+              shift
+              extra_files="$1"
+              ;;
+            -*)
+              echo "Unknown option: $1"
+              echo "Usage: $0 [--extra-files PATH] [output.tar.gz]"
+              exit 1
+              ;;
+            *)
+              positional+=("$1")
+              ;;
+          esac
+          shift
+        done
+
+        if [ ''${#positional[@]} -gt 0 ]; then
+          out="''${positional[0]}"
+        fi
+
+        root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
+        # FIXME: fails in CI for some reason, but we don't really care because it's CI
+        trap 'chattr -Rf -i "$root" || true && rm -rf "$root" || true' INT TERM EXIT
+
+        if [ -n "$extra_files" ]; then
+          echo "[NixOS-WSL] Copying extra files to $root..."
+          cp --verbose --archive --no-target-directory "$extra_files" "$root"
+        fi
+
+        chmod o+rx "$root"
+
+        echo "[NixOS-WSL] Installing..."
+        nixos-install \
+          --root "$root" \
+          --no-root-passwd \
+          --system ${config.system.build.toplevel} \
+          --substituters ""
+
+        echo "[NixOS-WSL] Adding channel..."
+        nixos-enter --root "$root" --command 'HOME=/root nix-channel --add https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz nixos-wsl'
+
+        echo "[NixOS-WSL] Compressing..."
+        tar -C "$root" \
+          -c \
+          --sort=name \
+          --mtime='@1' \
+          --owner=0 \
+          --group=0 \
+          --numeric-owner \
+          . \
+        | pigz > "$out"
+      '';
+    }
+  );
+}
--- a/hosts/elara/build-tarball.sh
+++ b/hosts/elara/build-tarball.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+temp=$(mktemp -d)
+
+cleanup() {
+  rm -rf "$temp"
+}
+trap cleanup EXIT
+
+install -d -m 755 "$temp/etc/ssh"
+cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
+
+install -d -m 700 "$temp/home/nikara"
+install -d -m 755 "$temp/home/nikara/.config/sops-nix"
+cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
+
+sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- --extra-files "$temp"
--- a/hosts/elara/configs/podman/default.nix
+++ b/hosts/elara/configs/podman/default.nix
@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
+}
--- a/hosts/elara/default.nix
+++ b/hosts/elara/default.nix
@@ -1,4 +1,4 @@
-{ config, inputs, ... }:
+{ inputs, lib, ... }:
 {
  nixpkgs.overlays = [
    inputs.lib.overlays.default
@@ -8,51 +8,35 @@
  ];

  imports = [
-    ./options.nix
-
-    inputs.disko.nixosModules.disko
-    ./format.nix
-    ./hardware
-
+    inputs.nixos-wsl.nixosModules.default
    inputs.sas.nixosModules.default

+    ./hardware
+    ./build-tarball.nix
+    ./options.nix
+
    ../common/configs/system

-    ../common/configs/system/boot
-    ../common/configs/system/btrbk
-    ../common/configs/system/btrfs
-    ../common/configs/system/dnsmasq
    ../common/configs/system/documentation
-    ../common/configs/system/getty
    ../common/configs/system/git
-    ../common/configs/system/gpg-agent
    ../common/configs/system/impermanence
-    ../common/configs/system/libvirt
    ../common/configs/system/neovim
-    ../common/configs/system/networkmanager
    ../common/configs/system/nix
-    ../common/configs/system/nix-cleanup
-    ../common/configs/system/nix-install
    ../common/configs/system/nix-ld
    ../common/configs/system/nix-update
    ../common/configs/system/nixpkgs
-    ../common/configs/system/ntp
-    ../common/configs/system/pipewire
    ../common/configs/system/podman
-    ../common/configs/system/power
-    ../common/configs/system/printing
    ../common/configs/system/sops
    ../common/configs/system/ssh
    ../common/configs/system/sudo
    ../common/configs/system/system
-    ../common/configs/system/timezone
    ../common/configs/system/tmux
-    ../common/configs/system/upower
    ../common/configs/system/users
    ../common/configs/system/zsh

    ./configs/nix
    ./configs/pki
+    ./configs/podman
    ./configs/ssh

    ./users/nikara
@@ -62,6 +46,5 @@

  sas.build.private = true;

-  environment.impermanence.device =
-    config.disko.devices.disk.main.content.partitions.root.content.device;
+  environment.impermanence.enable = lib.mkForce false;
 }
--- a/hosts/elara/format.nix
+++ b/hosts/elara/format.nix
@@ -1,79 +0,0 @@
-{
-  disko.devices = {
-    disk.main = {
-      device = "/dev/disk/by-id/scsi-3600224809f331210b85f07f3c5e9dacd";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "esp";
-            size = "512M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-              mountOptions = [ "umask=0077" ];
-            };
-          };
-          swap = {
-            name = "swap";
-            size = "32G";
-            content = {
-              type = "swap";
-              resumeDevice = true;
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "btrfs";
-              extraArgs = [ "-f" ];
-              subvolumes =
-                let
-                  mountOptions = [
-                    "compress=zstd:5"
-                    "noatime"
-                    "user_subvol_rm_allowed"
-                  ];
-                in
-                {
-                  "@" = {
-                    mountpoint = "/";
-                    inherit mountOptions;
-                  };
-                  "@persist" = {
-                    mountpoint = "/persist";
-                    inherit mountOptions;
-                  };
-                  "@persist/user" = {
-                    mountpoint = "/persist/user";
-                    inherit mountOptions;
-                  };
-                  "@persist/state" = {
-                    mountpoint = "/persist/state";
-                    inherit mountOptions;
-                  };
-                  "@persist/cache" = {
-                    mountpoint = "/persist/cache";
-                    inherit mountOptions;
-                  };
-                  "@nix" = {
-                    mountpoint = "/nix";
-                    inherit mountOptions;
-                  };
-                };
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/hosts/elara/hardware/default.nix
+++ b/hosts/elara/hardware/default.nix
@@ -1,15 +1,8 @@
 { ... }:
 {
-  imports = [ ./display.nix ];
-
-  hardware = {
-    enableAllFirmware = true;
-
-    cpu = {
-      cores = 14;
-      threads = 14;
-    };
+  wsl = {
+    enable = true;
+    defaultUser = "nikara";
+    startMenuLaunchers = true;
  };
-
-  virtualisation.hypervGuest.enable = true;
 }
--- a/hosts/elara/hardware/display.nix
+++ b/hosts/elara/hardware/display.nix
@@ -1,29 +0,0 @@
-{ ... }:
-{
-  boot.kernelParams = [ "video=hyperv_fb:1920x1200@60" ];
-
-  home-manager.sharedModules = [
-    {
-      wayland.windowManager.hyprland.settings = {
-        animation = "global, 0";
-
-        monitor = [ "Virtual-1, preferred, 0x0, 1" ];
-
-        workspace = [
-          "1, monitor:Virtual-1, layoutopt:orientation:left"
-          "2, monitor:Virtual-1, layoutopt:orientation:left"
-          "3, monitor:Virtual-1, layoutopt:orientation:left"
-          "4, monitor:Virtual-1, layoutopt:orientation:left"
-          "5, monitor:Virtual-1, layoutopt:orientation:left"
-          "6, monitor:Virtual-1, layoutopt:orientation:left"
-          "7, monitor:Virtual-1, layoutopt:orientation:left"
-          "8, monitor:Virtual-1, layoutopt:orientation:left"
-          "9, monitor:Virtual-1, layoutopt:orientation:left"
-          "10, monitor:Virtual-1, layoutopt:orientation:left"
-        ];
-      };
-
-      programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
-    }
-  ];
-}
--- a/hosts/elara/users/nikara/configs/console/wsl/default.nix
+++ b/hosts/elara/users/nikara/configs/console/wsl/default.nix
@@ -0,0 +1,5 @@
+{ user, home }:
+{ pkgs, ... }:
+{
+  home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
+}
--- a/hosts/elara/users/nikara/configs/gui/obsidian/default.nix
+++ b/hosts/elara/users/nikara/configs/gui/obsidian/default.nix
@@ -1,5 +0,0 @@
-{ user, home }:
-{ ... }:
-{
-  home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/sas/master".enable = true;
-}
--- a/hosts/elara/users/nikara/configs/gui/vscode/default.nix
+++ b/hosts/elara/users/nikara/configs/gui/vscode/default.nix
@@ -1,26 +0,0 @@
-{ user, home }:
-{ ... }:
-{
-  home-manager.users.${user}.programs.vscode = {
-    languages = {
-      c.enable = true;
-      go.enable = true;
-      hugo.enable = true;
-      java.enable = true;
-      jinja.enable = true;
-      lua.enable = true;
-      markdown.enable = true;
-      nix.enable = true;
-      podman.enable = true;
-      python.enable = true;
-      rest.enable = true;
-      rust.enable = true;
-      sas.enable = true;
-      sops.enable = true;
-      typescript.enable = true;
-      yaml.enable = true;
-    };
-
-    copilot.enable = true;
-  };
-}
--- a/hosts/elara/users/nikara/default.nix
+++ b/hosts/elara/users/nikara/default.nix
@@ -14,7 +14,6 @@ in
  imports = [
    (import ../../../common/configs/user { inherit user home; })

-    (import ../../../common/configs/user/console/android { inherit user home; })
    (import ../../../common/configs/user/console/btop { inherit user home; })
    (import ../../../common/configs/user/console/dive { inherit user home; })
    (import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -26,18 +25,14 @@ in
    (import ../../../common/configs/user/console/ip { inherit user home; })
    (import ../../../common/configs/user/console/jq { inherit user home; })
    (import ../../../common/configs/user/console/kubernetes { inherit user home; })
-    (import ../../../common/configs/user/console/libvirt { inherit user home; })
    (import ../../../common/configs/user/console/lsof { inherit user home; })
    (import ../../../common/configs/user/console/mprocs { inherit user home; })
    (import ../../../common/configs/user/console/ncdu { inherit user home; })
-    (import ../../../common/configs/user/console/ncspot { inherit user home; })
    (import ../../../common/configs/user/console/neovim { inherit user home; })
    (import ../../../common/configs/user/console/nix { inherit user home; })
-    (import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
    (import ../../../common/configs/user/console/nix-develop { inherit user home; })
    (import ../../../common/configs/user/console/nix-direnv { inherit user home; })
    (import ../../../common/configs/user/console/ouch { inherit user home; })
-    (import ../../../common/configs/user/console/pipewire { inherit user home; })
    (import ../../../common/configs/user/console/podman { inherit user home; })
    (import ../../../common/configs/user/console/sops { inherit user home; })
    (import ../../../common/configs/user/console/ssh { inherit user home; })
@@ -47,48 +42,14 @@ in
    (import ../../../common/configs/user/console/wget { inherit user home; })
    (import ../../../common/configs/user/console/xdg { inherit user home; })
    (import ../../../common/configs/user/console/yazi { inherit user home; })
-    (import ../../../common/configs/user/console/yt-dlp { inherit user home; })
    (import ../../../common/configs/user/console/zoxide { inherit user home; })
    (import ../../../common/configs/user/console/zsh { inherit user home; })

-    (import ../../../common/configs/user/gui/astal { inherit user home; })
-    (import ../../../common/configs/user/gui/bluetooth { inherit user home; })
-    (import ../../../common/configs/user/gui/btop { inherit user home; })
-    (import ../../../common/configs/user/gui/clipbook { inherit user home; })
-    (import ../../../common/configs/user/gui/cliphist { inherit user home; })
-    (import ../../../common/configs/user/gui/emoji { inherit user home; })
-    (import ../../../common/configs/user/gui/feh { inherit user home; })
-    (import ../../../common/configs/user/gui/firefox { inherit user home; })
-    (import ../../../common/configs/user/gui/gtk { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprland { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
-    (import ../../../common/configs/user/gui/hyprshot { inherit user home; })
-    (import ../../../common/configs/user/gui/kitty { inherit user home; })
-    (import ../../../common/configs/user/gui/libreoffice { inherit user home; })
-    (import ../../../common/configs/user/gui/mpv { inherit user home; })
-    (import ../../../common/configs/user/gui/networkmanager { inherit user home; })
-    (import ../../../common/configs/user/gui/obs { inherit user home; })
-    (import ../../../common/configs/user/gui/obsidian { inherit user home; })
-    (import ../../../common/configs/user/gui/pipewire { inherit user home; })
-    (import ../../../common/configs/user/gui/qalculate { inherit user home; })
-    (import ../../../common/configs/user/gui/qt { inherit user home; })
-    (import ../../../common/configs/user/gui/rofi { inherit user home; })
-    (import ../../../common/configs/user/gui/rquickshare { inherit user home; })
-    (import ../../../common/configs/user/gui/swww { inherit user home; })
-    (import ../../../common/configs/user/gui/theme { inherit user home; })
-    (import ../../../common/configs/user/gui/vscode { inherit user home; })
-    (import ../../../common/configs/user/gui/wev { inherit user home; })
-    (import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
-    (import ../../../common/configs/user/gui/x11 { inherit user home; })
-    (import ../../../common/configs/user/gui/xdg { inherit user home; })
-
    (import ./configs/console/gpg { inherit user home; })
    (import ./configs/console/podman { inherit user home; })
    (import ./configs/console/sas { inherit user home; })
    (import ./configs/console/ssh { inherit user home; })
-
-    (import ./configs/gui/obsidian { inherit user home; })
-    (import ./configs/gui/vscode { inherit user home; })
+    (import ./configs/console/wsl { inherit user home; })
  ];

  # mkpasswd -s