- Rename `disks` to `additionalDisks` with structured format
(path, readOnly, enableDiscard, blockSize, devIdentifier, useDirect)
- Add custom boot options: rootDisk, kernel, initramfs, rootDiskReadonly
- Add kernelParams for extra kernel command line options
- Add gpu option (default: "context-types=cross-domain:virgl2")
- Add sharedDirectories for crosvm --shared-dir
- Add global crosvmLogLevel option (default: "info")
- Add --name argument to crosvm set to VM name
- Migrate deprecated --disk/--rwdisk to --block format
- Switch flake to nixos-unstable channel
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add treefmt-nix with nixfmt for code formatting (nix fmt)
- Extract cidrToNetworkBase and mkVmCase helper functions
- Use lib.nameValuePair for cleaner listToAttrs patterns
- Consolidate assertions with single let block
- Remove duplicate util-linux package
- Document formatting requirement in CLAUDE.md
- Apply nixfmt to all Nix files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use my wayland-proxy-virtwl fork. Unconditionally requests server-side
decorations even if the client doesn't want them.
Tested with firefox, works there.
Remove the old s6/execline-based rootfs in favor of the NixOS module approach:
- Delete rootfs/ directory (s6-based rootfs builder)
- Delete mktuntap/ directory (TAP utility, now using --tap-name)
- Delete default.nix (legacy package with vs*/tt*/ff* scripts)
- Update flake.nix to point packages.default to rootfs-nixos
- Update documentation to reflect NixOS-only architecture
The NixOS module (modules/) with socket-activated VMs is now the only
supported approach. VMs are configured declaratively via
programs.qubes-lite.nixosVms.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace the simple guestPrograms-only module with a full declarative
module that allows configuring VMs from configuration.nix:
- programs.qubes-lite.enable, user, vmNetwork, natEnable, natInterface
- programs.qubes-lite.nixosVms list with per-VM config (id, name,
memory, cpus, network, disks, guestPrograms, guestConfig)
- Automatic TAP interface creation via networking.interfaces
- NAT configuration for VM internet access
- Per-VM NixOS rootfs builds with combined packages
- Generated launcher scripts (qubes-lite-start-<name>)
- run-in-vm helper for executing commands via vsock
- Systemd user services for each VM
- Validation: odd IDs 3-255, unique IDs/names
Changes needed:
- Some minor renaming for nixpkgs changes.
- Kernel modules now come from a separate output.
- dash over vsock seems to be broken; switched to bash.
(it seems to be trying to use the console instead of the vsock)
Had to enable dbus as xfce4-terminal no longer works without a dbus
configuration service (it defaults to an unusable font and you can't
change it).
`chmod a+rw /dev/vsock` avoids a warning from socat, although it seems
to work OK without it.
`/run/current-system/sw/bin` is used by dbus-launch.
