Zuckerberg
87db330e5b
Provides isolated development environments using either VMs (microvm.nix)
or containers (systemd-nspawn) with a unified configuration interface.
Features:
- Unified options with required type field ("vm" or "container")
- Shared base configuration for networking, SSH, users, packages
- Automatic SSH host key generation and persistence
- Shell aliases for workspace management (start/stop/status/ssh)
- Automatic /etc/hosts entries for workspace hostnames
- restartIfChanged support for both VMs and containers
- Passwordless doas in workspaces
Container backend:
- Uses hostBridge for proper bridge networking with /24 subnet
- systemd-networkd for IP configuration
- systemd-resolved for DNS
VM backend:
- TAP interface with deterministic MAC addresses
- virtiofs shares for workspace directories
- vsock CID generation
24 lines
629 B
Nix
24 lines
629 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
# Example VM workspace configuration
|
|
#
|
|
# Add to sandboxed-workspace.workspaces in machines/fry/default.nix:
|
|
# sandboxed-workspace.workspaces.example = {
|
|
# type = "vm";
|
|
# config = ./workspaces/example.nix;
|
|
# ip = "192.168.83.10";
|
|
# };
|
|
#
|
|
# The workspace name ("example") becomes the hostname automatically.
|
|
# The IP is configured in default.nix, not here.
|
|
|
|
{
|
|
# Install packages as needed
|
|
environment.systemPackages = with pkgs; [
|
|
# Add packages here
|
|
];
|
|
|
|
# Additional shares beyond the standard ones (workspace, ssh-host-keys, claude-config):
|
|
# microvm.shares = [ ... ];
|
|
}
|