1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Tested with Vagrant 2.3.7+git20230731.5fc64cde+dfsg-4pin0 on Debian
# (also patched to support VirtualBox 7.1 and 7.2)
ENV["VAGRANT_EXPERIMENTAL"] = 'disks,typed_triggers'
require 'fileutils'
Vagrant.configure("2") do |config|
config.vm.provider "virtualbox" do |vb|
vb.cpus = 2
vb.gui = false
vb.memory = 4096
end
config.vm.box = "nixos-25.11"
config.vm.box_url = "https://files.pashev.ru/vagrant/nixos/25.11/nixos-25.11-20260522.box"
config.vm.box_download_checksum = "805ca9beb4e4d12684393c215d26bb60071d7678bf55ff502953a11ef553897c"
config.vm.box_download_checksum_type = "sha256"
config.ssh.username = "root"
# FIXME we don't want it as we configure and build stuff *outside* the VM
config.vm.synced_folder '.', '/vagrant', disabled: true
config.trigger.after [ :machine_action_up, :machine_action_reload ], type: :hook do |after_up|
after_up.name = "Extract machine info for use by Nix"
after_up.ruby do |env, machine|
infra_dir = "machines/#{machine.name}/infra"
ssh = machine.ssh_info
FileUtils.mkdir_p infra_dir
machine.communicate.execute('nixos-generate-config --show-hardware-config') do |type, result|
File.write "#{infra_dir}/hardware-configuration.nix", result
end
public_keys = ssh[:private_key_path].map { |p| `ssh-keygen -y -f '#{p}'`.chomp }
File.write "#{infra_dir}/default.nix", <<~DEFAULT_NIX
# This file is generated by Vagrant. Do not edit.
{...}:
{
imports = [ ./hardware-configuration.nix ];
networking.hostName = "#{machine.name}";
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "prohibit-password";
users.users.#{ssh[:username]}.openssh.authorizedKeys.keys = #{public_keys};
}
DEFAULT_NIX
# XXX from plugins/commands/ssh_config/command.rb
variables = {
host_key: machine.name,
ssh_host: ssh[:host],
ssh_port: ssh[:port],
ssh_user: ssh[:username],
keys_only: ssh[:keys_only],
verify_host_key: ssh[:verify_host_key],
private_key_path: ssh[:private_key_path],
log_level: ssh[:log_level],
forward_agent: ssh[:forward_agent],
forward_x11: ssh[:forward_x11],
proxy_command: ssh[:proxy_command],
ssh_command: ssh[:ssh_command],
forward_env: ssh[:forward_env],
config: ssh[:config],
disable_deprecated_algorithms: ssh[:disable_deprecated_algorithms]
}
template = "commands/ssh_config/config"
ssh_config = Vagrant::Util::TemplateRenderer.render(template, variables)
File.write "#{infra_dir}/ssh_config", ssh_config
end
end
config.trigger.before :provisioner_run, type: :hook do |provision|
provision.ruby do |env, machine|
system('nixsap', '-I', '.', '-F', "machines/#{machine.name}/infra/ssh_config", 'deploy', "machines/#{machine.name}")
end
end
config.vm.provision "shell", inline: ""
config.vm.define "nixos", autostart: false do |nixos|
nixos.vm.disk :disk, size: "50GB", primary: true
end
end
|
