Add sandboxed-workspace module for isolated dev environments

Provides isolated development environments using either VMs (microvm.nix) or containers (systemd-nspawn) with a unified configuration interface. Features: - Unified options with required type field ("vm" or "container") - Shared base configuration for networking, SSH, users, packages - Automatic SSH host key generation and persistence - Shell aliases for workspace management (start/stop/status/ssh) - Automatic /etc/hosts entries for workspace hostnames - restartIfChanged support for both VMs and containers - Passwordless doas in workspaces Container backend: - Uses hostBridge for proper bridge networking with /24 subnet - systemd-networkd for IP configuration - systemd-resolved for DNS VM backend: - TAP interface with deterministic MAC addresses - virtiofs shares for workspace directories - vsock CID generation
2026-02-07 22:41:34 -08:00
parent 70f0064d7b
commit 87db330e5b
14 changed files with 978 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -43,7 +43,7 @@
        "type": "gitlab"
      }
    },
-    "dailybuild_modules": {
+    "dailybot": {
      "inputs": {
        "flake-utils": [
          "flake-utils"
@@ -219,6 +219,27 @@
        "type": "github"
      }
    },
+    "microvm": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1770310890,
+        "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
    "nix-index-database": {
      "inputs": {
        "nixpkgs": [
@@ -310,11 +331,12 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "dailybuild_modules": "dailybuild_modules",
+        "dailybot": "dailybot",
        "deploy-rs": "deploy-rs",
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
+        "microvm": "microvm",
        "nix-index-database": "nix-index-database",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
@@ -349,6 +371,22 @@
        "type": "gitlab"
      }
    },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1759482047,
+        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
+        "ref": "refs/heads/main",
+        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+        "revCount": 996,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,