Provides isolated development environments using either VMs (microvm.nix)
or containers (systemd-nspawn) with a unified configuration interface.
Features:
- Unified options with required type field ("vm" or "container")
- Shared base configuration for networking, SSH, users, packages
- Automatic SSH host key generation and persistence
- Shell aliases for workspace management (start/stop/status/ssh)
- Automatic /etc/hosts entries for workspace hostnames
- restartIfChanged support for both VMs and containers
- Passwordless doas in workspaces
Container backend:
- Uses hostBridge for proper bridge networking with /24 subnet
- systemd-networkd for IP configuration
- systemd-resolved for DNS
VM backend:
- TAP interface with deterministic MAC addresses
- virtiofs shares for workspace directories
- vsock CID generation
Music assistant has custom modifications they made to librespot that they haven't bothered to even try to upstream.
Thus, they require a custom librespot. I tried and tried and tried and tried to just override the one already in nixpkgs
but I had trouble doing so despite copying the pattern already shown in nixpkgs for overriding the src of a cargo pkg
(See mopidy) but it just didn't work... Oh well. So I just patch nixpkgs instead with the new source. It works I guess.
This is about where I gave up...
```nix
nixpkgs.overlays = [
(final: prev: {
# Cannot use librespot upstream because music-assistant requires custom changes
# that they never bothered to even try to uptream
librespot = prev.librespot.overrideAttrs (oldAttrs: rec {
src = prev.fetchFromGitHub {
owner = "music-assistant";
repo = "librespot";
rev = "786cc46199e583f304a84c786acb0a9b37bc3fbd";
sha256 = "sha256-xaOrqC8yCjF23Tz31RD3CzqZ3xxrDM6ncW1yoovEaGQ=";
};
cargoDeps = oldAttrs.cargoDeps.overrideAttrs (oldAttrs': {
vendorStaging = oldAttrs'.vendorStaging.overrideAttrs {
outputHash = "sha256-SqvJSHkyd1IicT6c4pE96dBJNNodULhpyG14HRGVWCk=";
};
});
});
})
];
```
It is very elegant, easy to debug/understand, and I definitely want to use it but The most significant
problem is it doesn't work with NixOS containers private networking. So I'll need to figure that out
or maybe it will be fixed upstream soon.
