feat/ci VM builds (#60)

Author: feltnerm

.github/workflows/build-vms-main.yml

@@ -0,0 +1,23 @@
+name: build-vms-main
+
+on:
+  push:
+    branches: [ main ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-vms-fast:
+    name: Build NixOS VMs (fast)
+    strategy:
+      fail-fast: false
+      matrix:
+        host: [ virtmark ]
+    uses: ./.github/workflows/vm-build.yml
+    with:
+      host: ${{ matrix.host }}
+      format: vm
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+

.github/workflows/build-vms-manual.yml

@@ -0,0 +1,69 @@
+name: build-vms-manual
+
+on:
+  workflow_dispatch:
+    inputs:
+      host:
+        description: NixOS host (flake nixosConfigurations)
+        required: true
+        default: virtmark
+        type: choice
+        options:
+          - virtmark
+      format:
+        description: VM format to build
+        required: true
+        default: vm
+        type: choice
+        options:
+          - vm
+          - vmWithBootLoader
+          - vmWithDisko
+          - iso
+          - qcow
+
+jobs:
+  build-vm:
+    name: Build selected VM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Enable binary cache
+        uses: DeterminateSystems/magic-nix-cache-action@v8
+
+      - name: Set up Cachix (feltnerm)
+        uses: cachix/cachix-action@v15
+        with:
+          name: feltnerm
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipPush: true
+
+
+      - name: Show flake
+        run: nix flake show
+
+      - name: Build VM
+        run: |
+          set -euxo pipefail
+          HOST="${{ github.event.inputs.host }}"
+          FORMAT="${{ github.event.inputs.format }}"
+          case "$FORMAT" in
+            vm|vmWithBootLoader|vmWithDisko)
+              nix build .#nixosConfigurations."$HOST".config.system.build."$FORMAT"
+              ;;
+            iso|qcow)
+              nix build .#nixosConfigurations."$HOST".config.formats."$FORMAT"
+              ;;
+            *)
+              echo "Unsupported format: $FORMAT" >&2
+              exit 1
+              ;;
+          esac
+

.github/workflows/build-vms-pr.yml

@@ -0,0 +1,20 @@
+name: build-vms-pr
+
+on:
+  pull_request:
+    branches: [ main ]
+    types: [ opened, synchronize, reopened ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  build-vm-fast:
+    name: Build NixOS VM (fast)
+    uses: ./.github/workflows/vm-build.yml
+    with:
+      host: virtmark
+      format: vm
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+

.github/workflows/vm-build.yml

@@ -0,0 +1,60 @@
+name: vm-build
+
+on:
+  workflow_call:
+    inputs:
+      host:
+        description: NixOS host (flake nixosConfigurations)
+        required: true
+        type: string
+      format:
+        description: VM format to build
+        required: true
+        type: string
+    secrets:
+      CACHIX_AUTH_TOKEN:
+        required: false
+
+jobs:
+  build-vm:
+    name: Build VM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Enable binary cache
+        uses: DeterminateSystems/magic-nix-cache-action@v8
+
+      - name: Set up Cachix (feltnerm)
+        if: secrets.CACHIX_AUTH_TOKEN != ''
+        uses: cachix/cachix-action@v15
+        with:
+          name: feltnerm
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+      - name: Show flake
+        run: nix flake show
+
+      - name: Build VM
+        run: |
+          set -euxo pipefail
+          HOST="${{ inputs.host }}"
+          FORMAT="${{ inputs.format }}"
+          case "$FORMAT" in
+            vm|vmWithBootLoader|vmWithDisko)
+              nix build .#nixosConfigurations."$HOST".config.system.build."$FORMAT"
+              ;;
+            iso|qcow)
+              nix build .#nixosConfigurations."$HOST".config.formats."$FORMAT"
+              ;;
+            *)
+              echo "Unsupported format: $FORMAT" >&2
+              exit 1
+              ;;
+          esac

.gitignore

@@ -1 +1,2 @@
 result
+seed.iso

README.md

@@ -1,5 +1,7 @@
 # feltnerm nix-config
 
+[![Build VMs (main)](https://github.com/feltnerm/nix-config/actions/workflows/build-vms-main.yml/badge.svg)](https://github.com/feltnerm/nix-config/actions/workflows/build-vms-main.yml)
+
 Personal NixOS, nix-darwin, and Home Manager setup using flake-parts and a small `feltnerm` module to define hosts and users.
 
 ## Quick Start
@@ -45,9 +47,33 @@ nix build .#<pkg> && ./result/bin/<pkg>
 
 ## Extras
 
-- VM images: `nixosConfigurations.<host>.config.formats.<format>`
-- Topology diagrams: build outputs under `flake.topology`
-- TODO Secrets: use ragenix/agenix (`age.secrets.*`, store files outside git)
+### VM Development
+- Devshell: `nix develop .#vm`
+- Build: `build-vm <host> <output>`
+  - Examples: `build-vm virtmark vmWithBootLoader`, `build-vm virtmark-gui qcow`, `build-vm codemonkey iso`
+- Run: `run-vm ./result --memory 4096 --cpus 2`
+- Seed SSH keys: `seed-cloud-init mark ~/.ssh/id_ed25519.pub seed.iso`
+
+Notes
+- Artifacts appear at `./result` (symlink)
+- SSH forwarding: `ssh -p 2222 mark@localhost`
+- Acceleration: macOS (HVF) and Linux (KVM) auto-enabled when available
+- Default user: `mark` (see `configs/nixos/*/user/mark.nix`)
+
+Direct Nix builds (reference)
+- `nix build .#nixosConfigurations.<host>.config.system.build.vmWithBootLoader`
+- `nix build .#nixosConfigurations.<host>.config.system.build.vm`
+- `nix build .#nixosConfigurations.<host>.config.formats.{iso,qcow}`
+
+Cloud-init (optional)
+- Quick helper: `scripts/cloud-init-seed.sh mark ~/.ssh/id_ed25519.pub seed.iso`
+- Manual:
+  - Create `user-data` and `meta-data`, then `cloud-localds seed.iso user-data meta-data`
+  - Boot with VM image + `seed.iso`, then `ssh -p 2222 mark@localhost`
+
+Other
+- Topology: `flake.topology` outputs
+- Secrets: ragenix/agenix (`age.secrets.*`, store files outside git)
 
 ## Inspiration
 

configs/home/mark/default.nix

@@ -1,7 +1,6 @@
 {
   inputs,
   lib,
-  config,
   ...
 }:
 {
@@ -13,7 +12,9 @@
   config = {
     feltnerm = {
       enable = true;
-      theme = lib.mkDefault config.feltnerm.theme;
+      # theme default now comes from flake-level feltnerm.theme via extraSpecialArgs
+      # remove or override here only if you need per-home differences
+      # theme = lib.mkDefault "catppuccin-mocha";
       developer = {
         enable = true;
         ai.enable = true;

configs/nixos/virtmark-gui/default.nix

@@ -0,0 +1,43 @@
+{
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./hardware.nix
+    ../../../modules/nixos/vm-base.nix
+  ];
+
+  config = {
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    system.stateVersion = "25.05";
+    nixpkgs.hostPlatform = "x86_64-linux";
+
+    nix.settings.trusted-users = [ "mark" ];
+
+    networking.networkmanager.enable = true;
+    networking.firewall.enable = false;
+
+    users.users.mark.shell = pkgs.zsh;
+
+    services.openssh.enable = true;
+
+    # Allow cloud-init to inject SSH keys/users on first boot
+    services.cloud-init.enable = true;
+
+    # GUI setup: greetd + Hyprland
+    services.greetd.enable = true;
+    programs.hyprland.enable = true;
+    programs.hyprlock.enable = true;
+    security.pam.services.hyprlock = { };
+
+    environment.systemPackages = with pkgs; [
+      kitty
+      firefox
+    ];
+
+    services.qemuGuest.enable = true;
+  };
+}

configs/nixos/virtmark-gui/hardware.nix

@@ -0,0 +1,42 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  config = {
+    networking.hostId = "12345679";
+
+    boot.initrd.availableKernelModules = [
+      "ata_piix"
+      "uhci_hcd"
+      "virtio_pci"
+      "virtio_scsi"
+      "sd_mod"
+      "sr_mod"
+    ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ ];
+    boot.extraModulePackages = [ ];
+
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
+
+    swapDevices = [
+      {
+        device = "/dev/disk/by-label/swap";
+      }
+    ];
+
+    boot.kernel.sysctl = {
+      "vm.swappiness" = lib.mkDefault 10;
+    };
+  };
+}

configs/nixos/virtmark-gui/home/mark.nix

@@ -0,0 +1,9 @@
+/**
+  * home-manager GUI config for virtmark-gui
+*/
+_: {
+  wayland.windowManager.hyprland.enable = true;
+  programs.firefox.enable = true;
+  stylix.targets.firefox.profileNames = [ "mark" ];
+  programs.ghostty.enable = true;
+}