Browse Source

Added nixos for WSL and updated firewall script

master
Josh Wolfe 1 year ago
parent
commit
5f5ba36e08
5 changed files with 145 additions and 1 deletions
  1. 42
    0
      nixos/configuration.nix
  2. 49
    0
      nixos/wsl/default.nix
  3. 19
    0
      nixos/wsl/syschdemd.nix
  4. 34
    0
      nixos/wsl/syschdemd.sh
  5. 1
    1
      windows/wsl-firewall.ps1

+ 42
- 0
nixos/configuration.nix View File

@@ -0,0 +1,42 @@
{ lib, pkgs, config, ... }:

let
unstableTarball = fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
in {

imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix>
./wsl
];

environment.noXlibs = false;

nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
unstable = import unstableTarball {
config = config.nixpkgs.config;
};
};
};

environment.systemPackages = with pkgs; [
man-db
manpages
gnumake
cmake
gcc

zsh
git
vim
stow
unstable.emacs
];

fonts.fonts = with pkgs; [
corefonts
google-fonts
fira-mono
];
}

+ 49
- 0
nixos/wsl/default.nix View File

@@ -0,0 +1,49 @@
{ lib, pkgs, config, ... }:

let
defaultUser = "root";

syschdemd = import ./syschdemd.nix {
inherit lib pkgs config defaultUser;
};
in {
# WSL is closer to a container than anything else
boot.isContainer = true;

environment.etc.hosts.enable = false;
environment.etc."resolv.conf".enable = false;

networking.dhcpcd.enable = false;

users.users.root = {
shell = "${syschdemd}/bin/syschdemd";
# Otherwise WSL fails to login as root with "initgroups failed 5"
extraGroups = [ "root" ];
};

users.users.wolfe = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" ];
};

# Described as "it should not be overwritten" in NixOS documentation,
# but it's on /run per default and WSL mounts /run as a tmpfs, hence
# hiding the wrappers.
security.wrapperDir = "/wrappers";

security.sudo.wheelNeedsPassword = false;

# Disable systemd units that don't make sense on WSL
systemd.services."serial-getty@ttyS0".enable = false;
systemd.services."serial-getty@hvc0".enable = false;
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@".enable = false;

systemd.services.firewall.enable = false;
systemd.services.systemd-resolved.enable = false;
systemd.services.systemd-udevd.enable = false;

# Don't allow emergency mode, because we don't have a console.
systemd.enableEmergencyMode = false;
}

+ 19
- 0
nixos/wsl/syschdemd.nix View File

@@ -0,0 +1,19 @@
{ lib, pkgs, config, defaultUser, ... }:

let
nixpkgs = import <nixpkgs> {};
inherit (nixpkgs) daemonize;
in
pkgs.substituteAll {
name = "syschdemd";
src = ./syschdemd.sh;
dir = "bin";
isExecutable = true;

buildInputs = [ daemonize ];

inherit daemonize;
inherit defaultUser;
inherit (config.security) wrapperDir;
fsPackagesPath = lib.makeBinPath config.system.fsPackages;
}

+ 34
- 0
nixos/wsl/syschdemd.sh View File

@@ -0,0 +1,34 @@
#! @shell@

set -e

sw="/nix/var/nix/profiles/system/sw/bin"
systemPath=`${sw}/readlink -f /nix/var/nix/profiles/system`

# Needs root to work
if [[ $EUID -ne 0 ]]; then
echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root"
exit 1
fi

if [ ! -e "/run/current-system" ]; then
${sw}/ln -sfn "$(${sw}/readlink -f "$systemPath")" /run/current-system
fi

if [ ! -e "/run/systemd.pid" ]; then
PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \
LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \
@daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc systemd
/run/current-system/sw/bin/pgrep -xf systemd > /run/systemd.pid
fi

usedShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7)

# While bootstraping the image, we need to execute command inside without having a default user.
if [[ "@defaultUser@" == "root" ]]; then
usedShell="/bin/sh"
fi

# Entering the namespace where systemd is PID1
exec $sw/nsenter -t $(< /run/systemd.pid) -p -m --wd="$PWD" -- \
@wrapperDir@/su -s $usedShell @defaultUser@ "$@"

+ 1
- 1
windows/wsl-firewall.ps1 View File

@@ -1,7 +1,7 @@
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
$remoteip = wsl.exe /bin/bash -c "ip addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'"
$remoteip = wsl.exe bash -c "ip addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'"
$found = $remoteip -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';
if( !$found ){

Loading…
Cancel
Save