feat: rewrite tarball generation to use proper nixos-install + nixos-enter

Supersedes #243.

2 files changed, 80 insertions, 102 deletions

diff --git a/modules/build-tarball.nix b/modules/build-tarball.nix
index d2e5231..f48c9ce 100644
--- a/modules/build-tarball.nix
+++ b/modules/build-tarball.nix
@@ -1,112 +1,95 @@
 { config, pkgs, lib, ... }:
 with builtins; with lib;
 let
-  cfg = config.wsl.tarball;
-
-  pkgs2storeContents = l: map (x: { object = x; symlink = "none"; }) l;
-
-  nixpkgs = lib.cleanSource pkgs.path;
-
-  channelSources = pkgs.runCommand "nixos-${config.system.nixos.version}"
-    { preferLocalBuild = true; }
-    ''
-      mkdir -p $out
-      cp -prd ${nixpkgs.outPath} $out/nixos
-      chmod -R u+w $out/nixos
-      if [ ! -e $out/nixos/nixpkgs ]; then
-        ln -s . $out/nixos/nixpkgs
-      fi
-      echo -n ${toString config.system.nixos.revision} > $out/nixos/.git-revision
-      echo -n ${toString config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
-      echo ${toString config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
-    '';
-
-  preparer = pkgs.writeShellScriptBin "wsl-prepare" (''
-    set -e
-
-    mkdir -m 0755 ./bin ./etc
-    mkdir -m 1777 ./tmp
-
-    # WSL requires a /bin/sh - only temporary, NixOS's activate will overwrite
-    ln -s ${config.users.users.root.shell} ./bin/sh
-
-    # WSL also requires a /bin/mount, otherwise the host fs isn't accessible
-    ln -s /nix/var/nix/profiles/system/sw/bin/mount ./bin/mount
-
-    # Set system profile
-    system=${config.system.build.toplevel}
-    ./$system/sw/bin/nix-store --store `pwd` --load-db < ./nix-path-registration
-    rm ./nix-path-registration
-    ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/system --set $system
-
-    # Set channel
-    mkdir -p ./nix/var/nix/profiles/per-user/root
-    ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/per-user/root/channels --set ${channelSources}
-    mkdir -m 0700 -p ./root/.nix-defexpr
-    ln -s /nix/var/nix/profiles/per-user/root/channels ./root/.nix-defexpr/channels
-
-    # It's now a NixOS!
-    touch ./etc/NIXOS
-
-    # Write wsl.conf so that it is present when NixOS is started for the first time
-    cp ${config.environment.etc."wsl.conf".source} ./etc/wsl.conf
-
-  '' + lib.optionalString cfg.includeConfig ''
-    ${if cfg.configPath == null then ''
-      # Copy the system configuration
-      mkdir -p ./etc/nixos/nixos-wsl
-      cp -R ${lib.cleanSource ../.}/. ./etc/nixos/nixos-wsl
-      mv ./etc/nixos/nixos-wsl/configuration.nix ./etc/nixos/configuration.nix
-      # Patch the import path to avoid having a flake.nix in /etc/nixos
-      sed -i 's|import \./default\.nix|import \./nixos-wsl|' ./etc/nixos/configuration.nix
-    '' else ''
-      mkdir -p ./etc/nixos
-      cp -R ${lib.cleanSource cfg.configPath}/. ./etc/nixos
-    ''}
-    chmod -R u+w etc/nixos
-  '');
+  cfg = config.wsl;
 
-in
-{
-
-  options.wsl.tarball = {
-    includeConfig = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Whether or not to copy the system configuration into the tarball";
-    };
-
-    configPath = mkOption {
-      type = types.nullOr types.path;
-      default = null;
-      description = "Path to system configuration which is copied into the tarball";
-    };
-  };
+  defaultConfig = pkgs.writeText "default-configuration.nix" ''
+    # Edit this configuration file to define what should be installed on
+    # your system. Help is available in the configuration.nix(5) man page, on
+    # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
+    # NixOS-WSL specific options are documented on the NixOS-WSL repository:
+    # https://github.com/nix-community/NixOS-WSL
 
-  config = mkIf config.wsl.enable {
-    # These options make no sense without the wsl-distro module anyway
+    { config, lib, pkgs, ... }:
 
-    system.build.tarball = pkgs.callPackage "${nixpkgs}/nixos/lib/make-system-tarball.nix" {
-
-      contents = [
-        { source = config.users.users.root.shell; target = "/nix/nixos-wsl/entrypoint"; }
+    {
+      imports = [
+        # include NixOS-WSL modules
+        <nixos-wsl/modules>
       ];
 
-      fileName = "nixos-wsl-${pkgs.hostPlatform.system}";
+      wsl.enable = true;
+      wsl.defaultUser = "nixos";
+      ${cfg.extraTarballConfig}
+
+      # This value determines the NixOS release from which the default
+      # settings for stateful data, like file locations and database versions
+      # on your system were taken. It's perfectly fine and recommended to leave
+      # this value at the release version of the first install of this system.
+      # Before changing this value read the documentation for this option
+      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+      system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment?
+    }
+  '';
+in
+{
+  options.wsl.extraTarballConfig = mkOption {
+    type = types.str;
+    internal = true;
+    default = "";
+  };
 
-      storeContents = pkgs2storeContents [
-        config.system.build.toplevel
-        channelSources
-        preparer
-      ];
+  # These options make no sense without the wsl-distro module anyway
+  config = mkIf cfg.enable {
+    system.build.tarballBuilder = pkgs.writeShellApplication {
+      name = "nixos-wsl-tarball-builder";
 
-      extraCommands = "${preparer}/bin/wsl-prepare";
+      runtimeInputs = [
+        pkgs.coreutils
+        pkgs.gnutar
+        pkgs.nixos-install-tools
+        config.nix.package
+      ];
 
-      # Use gzip
-      compressCommand = "gzip";
-      compressionExtension = ".gz";
+      text = ''
+        if ! [ $EUID -eq 0 ]; then
+          echo "This script must be run as root!"
+          exit 1
+        fi
+
+        out=''${1:-nixos-wsl.tar.gz}
+
+        root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
+        # FIXME: fails in CI for some reason, but we don't really care because it's CI
+        trap 'rm -rf "$root" || true' INT TERM EXIT
+
+        chmod o+rx "$root"
+
+        echo "[NixOS-WSL] Installing..."
+        nixos-install \
+          --root "$root" \
+          --no-root-passwd \
+          --system ${config.system.build.toplevel} \
+          --substituters ""
+
+        echo "[NixOS-WSL] Adding channel..."
+        nixos-enter --root "$root" --command 'nix-channel --add https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz nixos-wsl'
+
+        echo "[NixOS-WSL] Adding default config..."
+        install -Dm644 ${defaultConfig} "$root/etc/nixos/configuration.nix"
+
+        echo "[NixOS-WSL] Compressing..."
+        tar -C "$root" \
+          -cz \
+          --sort=name \
+          --mtime='@1' \
+          --owner=0 \
+          --group=0 \
+          --numeric-owner \
+          . \
+          > "$out"
+      '';
     };
-
   };
 }
diff --git a/modules/wsl-distro.nix b/modules/wsl-distro.nix
index 0a2b88b..f2279e3 100644
--- a/modules/wsl-distro.nix
+++ b/modules/wsl-distro.nix
@@ -132,11 +132,6 @@ in
             config.wsl.extraBin
           )}
         '');
-        # TODO: This is only needed for the docker tests, it can be removed when they are moved to something else
-        update-entrypoint.text = ''
-          mkdir -p /nix/nixos-wsl
-          ln -sfn ${config.users.users.root.shell} /nix/nixos-wsl/entrypoint
-        '';
       };
 
       # require people to use lib.mkForce to make it harder to brick their installation