-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
30 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,39 +1,32 @@ | ||
| name: ISO build | ||
| name: "Build ISO" | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-iso | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| build-iso: | ||
| ISO: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: "write" | ||
| contents: "read" | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: DeterminateSystems/nix-installer-action@v14 | ||
| - uses: DeterminateSystems/magic-nix-cache-action@v8 | ||
| - name: Build Custom ISO | ||
| run: | | ||
| nix build .#iso --accept-flake-config | ||
| mkdir iso || true | ||
| ISO=$(head -n1 result/nix-support/hydra-build-products | cut -d'/' -f6) | ||
| sha256sum "/result/iso/${ISO}" > "/result/iso/${ISO}.sha256" | ||
| sed -i -r "s/ .*\/(.+)/ \1/g" "/result/iso/${ISO}.sha256" | ||
| ls -la | ||
| - name: Upload | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| for artefact in /result/"iso/*"; do | ||
| gh release upload "${{ github.ref }}" "${artefact}" --clobber | ||
| done | ||
| - name: Publish | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| if [ "$(gh release view "${{ github.ref }}" --json assets --template '{{len .assets}}')" -lt 0 ]; then | ||
| exit 1 | ||
| fi | ||
| gh release edit "${{ github.ref }}" --draft=false | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v4 | ||
| - name: install nix | ||
| uses: DeterminateSystems/nix-installer-action@main | ||
| #with: | ||
| #github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
| - run: nix build .#iso | ||
| - name: Upload ISO as artifact | ||
| id: upload | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ISO | ||
| path: | | ||
| ./result/iso/*.iso | ||
| if-no-files-found: error | ||
| retention-days: 0 | ||
| compression-level: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,80 +1,10 @@ | ||
| { pkgs, config, userSettings, ... }: | ||
| let | ||
| # Change this to match your system's CPU. | ||
| platform = "intel"; | ||
| # Change this to specify the IOMMU ids you wrote down earlier. | ||
| vfioIds = [ "10de:2507" "10de:228e" ]; | ||
| in { | ||
|
|
||
| programs.dconf.enable = true; | ||
|
|
||
| # Configure kernel options to make sure IOMMU & KVM support is on. | ||
| boot = { | ||
| kernelModules = [ "kvm-${platform}" "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ]; | ||
| kernelParams = [ "${platform}_iommu=on" "${platform}_iommu=pt" "kvm.ignore_msrs=1" ]; | ||
| extraModprobeConfig = "options vfio-pci ids=${builtins.concatStringsSep "," vfioIds}"; | ||
| }; | ||
|
|
||
| # Add a file for looking-glass to use later. This will allow for viewing the guest VM's screen in a | ||
| # performant way. | ||
| systemd.tmpfiles.rules = [ | ||
| "f /dev/shm/looking-glass 0660 ${userSettings.username} qemu-libvirtd -" | ||
| ]; | ||
|
|
||
| # Add virt-manager and looking-glass to use later. | ||
| environment.systemPackages = with pkgs; [ | ||
| virt-manager | ||
| virtiofsd | ||
| spice spice-gtk | ||
| spice-protocol | ||
| win-virtio | ||
| win-spice | ||
| looking-glass-client | ||
| ]; | ||
|
|
||
| # Enable virtualisation programs. These will be used by virt-manager to run your VM. | ||
| virtualisation = { | ||
| libvirtd = { | ||
| enable = true; | ||
| extraConfig = '' | ||
| user="${userSettings.username}" | ||
| ''; | ||
|
|
||
| # Don't start any VMs automatically on boot. | ||
| onBoot = "ignore"; | ||
| # Stop all running VMs on shutdown. | ||
| onShutdown = "shutdown"; | ||
|
|
||
| qemu = { | ||
| package = pkgs.qemu_kvm; | ||
| swtpm.enable = true; | ||
| runAsRoot = true; | ||
| ovmf = { | ||
| enable = true; | ||
| packages = [(pkgs.OVMF.override { | ||
| secureBoot = true; | ||
| tpmSupport = true; | ||
| }).fd]; | ||
| }; | ||
| spiceUSBRedirection.enable = true; | ||
| verbatimConfig = '' | ||
| namespaces = [] | ||
| user = "+${builtins.toString config.users.users.${userSettings.username}.uid}" | ||
| ''; | ||
| }; | ||
| }; | ||
| }; | ||
|
|
||
| users.users.${userSettings.username}.extraGroups = [ "qemu-libvirtd" "libvirtd" "disk" ]; | ||
|
|
||
| programs.virt-manager.enable = true; | ||
| services.spice-vdagentd.enable = true; | ||
| home-manager.users.${userSettings.username} = { | ||
| dconf.settings = { | ||
| "org/virt-manager/virt-manager/connections" = { | ||
| autoconnect = [ "qemu:///system" ]; | ||
| uris = [ "qemu:///system" ]; | ||
| }; | ||
| }; | ||
| }; | ||
| { | ||
|
|
||
| virtualisation.virtualbox.host.enable = true; | ||
| users.extraGroups.vboxusers.members = [ userSettings.username ]; | ||
| virtualisation.virtualbox.guest.enable = true; | ||
| virtualisation.virtualbox.guest.dragAndDrop = true; | ||
| nixpkgs.config.allowUnfree = true; | ||
| virtualisation.virtualbox.host.enableExtensionPack = true; | ||
| } |