oceanbox/claude-vm
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: No flakes for us

Browse Source
This commit is contained in:
Moritz Jörg
2026-03-10 17:21:34 +00:00
commit c2d08f250f
7 changed files with 481 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.envrc
+9
View File
@@ -0,0 +1,9 @@
#!/usr/bin/env bash
# the shebang is ignored, but nice for editors
if type -P lorri &>/dev/null; then
eval "$(lorri direnv)"
else
echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]'
use nix
fi
.gitignore
+7
View File
@@ -0,0 +1,7 @@
**/.projectile
**/.direnv
/result
/.direnv/
/.projectile-cache.eld
/.envrc.local
*.qcow2
README.md
+65
View File
@@ -0,0 +1,65 @@
# Claude-Vm
A headless QEMU VM with [claude-code](https://github.com/sadjow/claude-code-nix)
installed. Your current directory is mounted into the VM at `/workspace`.
Uses [npins](https://github.com/andir/npins) for dependency pinning and classic Nix (no flakes).
## Usage
```bash
nix build -f . claude-vm
result/bin/claude-vm
result/bin/claude-vm --dangerously-skip-permissions
result/bin/claude-vm --model sonnet
result/bin/claude-vm -p "fix the tests"
```
All arguments are forwarded to claude-code inside the VM.
## Home Manager (Npins)
To add `claude-vm` as a package in your home-manager configuration using npins:
```bash
# In your home-manager config directory
npins add github jpds claude-vm
```
Then reference it in your `home.nix`:
```nix
let
sources = import ./npins;
claude-vm = (import sources.claude-vm).claude-vm;
in {
home.packages = [ claude-vm ];
}
```
## Development Shell (Direnv)
```bash
# First time setup
direnv allow
```
direnv watches `shell.nix` and rebuilds the environment automatically.
## Updating Dependencies
```bash
npins update # update all pins to latest
npins update nixpkgs # update a single pin
```
## What's Inside
- NixOS VM: 4 gigabytes RAM, 4 cores, serial console
- Packages: `claude-code`, `git`, `curl`, `vim`
- 9p shared directory: host CWD mounted read-write at `/workspace`
- Auto-login as `claude` user, claude-code launches automatically
## Exit
Press `Ctrl-A X` to quit QEMU.
default.nix
+110
View File
@@ -0,0 +1,110 @@
let
sources = import ./npins;
system = builtins.currentSystem;
pkgs = import sources.nixpkgs {
inherit system;
config.allowUnfree = true;
};
claudeCode = pkgs.callPackage "${sources.claude-code-nix}/package.nix" { };
nixosCfg = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
inherit system;
# specialArgs = {
# inherit sources;
# };
modules = [
{ nixpkgs.pkgs = pkgs; }
(
{ modulesPath, ... }:
{
imports = [ "${modulesPath}/virtualisation/qemu-vm.nix" ];
# virtualisation
virtualisation.graphics = false;
virtualisation.memorySize = 4096;
virtualisation.cores = 4;
virtualisation.sharedDirectories = {
workspace = {
source = ''"$WORKSPACE_DIR"'';
target = "/workspace";
securityModel = "none";
};
config = {
source = ''"$CLAUDE_VM_CONFIG_DIR"'';
target = "/mtn/claude-vm-config";
securityModel = "none";
};
};
# boot / console
boot.kernelParams = [ "console=ttyS0" ];
boot.loader.grub.enable = false;
boot.initrd.kernelModules = [
"9p"
"9pnet_virtio"
];
# user
users.users.claude = {
isNormalUser = true;
home = "/home/claude";
extraGroups = [ "wheel" ];
};
services.getty.autologinUser = "claude";
# packages
environment.systemPackages = [
claudeCode
pkgs.git
pkgs.curl
pkgs.vim
];
# login shell launches claude
programs.bash.interactiveShellInit = ''
# Only run for the auto-login claude user
[ "$(whoami)" = "claude" ] || return
args=()
if [ -f /mnt/claude-vm-config/claude-args ]; then
while IFS= read -r line; do
[ -n "$line" ] && args+=("$line")
done < /mnt/claude-vm-config/claude-args
fi
cd /workspace 2>/dev/null || true
exec claude "''${args[@]}"
'';
# misc
networking.hostName = "claude-vm";
system.stateVersion = "25.05";
}
)
];
};
vmBuild = nixosCfg.config.system.build.vm;
in
{
claude-vm = pkgs.writeShellScriptBin "claude-vm" ''
CONFIG_DIR=$(mktemp -d)
trap "rm -rf '$CONFIG_DIR'" EXIT
# Write all CLI args to a file, one per line
if [ $# -gt 0 ]; then
printf '%s\n' "$@" > "$CONFIG_DIR/claude-args"
else
touch "$CONFIG_DIR/claude-args"
fi
export CLAUDE_VM_CONFIG_DIR="$CONFIG_DIR"
export WORKSPACE_DIR="$(pwd)"
${vmBuild}/bin/run-claude-vm-vm
'';
}
npins/default.nix
+249
View File
@@ -0,0 +1,249 @@
/*
This file is provided under the MIT licence:
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
# Generated by npins. Do not modify; will be overwritten regularly
let
# Backwards-compatibly make something that previously didn't take any arguments take some
# The function must return an attrset, and will unfortunately be eagerly evaluated
# Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments
mkFunctor =
fn:
let
e = builtins.tryEval (fn { });
in
(if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; };
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range =
first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
concatStrings = builtins.concatStringsSep "";
# If the environment variable NPINS_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
# (Taken from Niv for compatibility)
mayOverride =
name: path:
let
envVarName = "NPINS_OVERRIDE_${saneName}";
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
ersatz = builtins.getEnv envVarName;
in
if ersatz == "" then
path
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}"
);
mkSource =
name: spec:
{
pkgs ? null,
}:
assert spec ? type;
let
# Unify across builtin and pkgs fetchers.
# `fetchGit` requires a wrapper because of slight API differences.
fetchers =
if pkgs == null then
{
inherit (builtins) fetchTarball fetchurl;
# For some fucking reason, fetchGit has a different signature than the other builtin fetchers …
fetchGit = args: (builtins.fetchGit args).outPath;
}
else
{
fetchTarball =
{
url,
sha256,
}:
pkgs.fetchzip {
inherit url sha256;
extension = "tar";
};
inherit (pkgs) fetchurl;
fetchGit =
{
url,
submodules,
rev,
name,
narHash,
}:
pkgs.fetchgit {
inherit url rev name;
fetchSubmodules = submodules;
hash = narHash;
};
};
# Dispatch to the correct code path based on the type
path =
if spec.type == "Git" then
mkGitSource fetchers spec
else if spec.type == "GitRelease" then
mkGitSource fetchers spec
else if spec.type == "PyPi" then
mkPyPiSource fetchers spec
else if spec.type == "Channel" then
mkChannelSource fetchers spec
else if spec.type == "Tarball" then
mkTarballSource fetchers spec
else if spec.type == "Container" then
mkContainerSource pkgs spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = mayOverride name path; };
mkGitSource =
{
fetchTarball,
fetchGit,
...
}:
{
repository,
revision,
url ? null,
submodules,
hash,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null && !submodules then
fetchTarball {
inherit url;
sha256 = hash;
}
else
let
url =
if repository.type == "Git" then
repository.url
else if repository.type == "GitHub" then
"https://github.com/${repository.owner}/${repository.repo}.git"
else if repository.type == "GitLab" then
"${repository.server}/${repository.repo_path}.git"
else if repository.type == "Forgejo" then
"${repository.server}/${repository.owner}/${repository.repo}.git"
else
throw "Unrecognized repository type ${repository.type}";
urlToName =
url: rev:
let
matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
short = builtins.substring 0 7 rev;
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
in
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName url revision;
in
fetchGit {
rev = revision;
narHash = hash;
inherit name submodules url;
};
mkPyPiSource =
{ fetchurl, ... }:
{
url,
hash,
...
}:
fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ fetchTarball, ... }:
{
url,
hash,
...
}:
fetchTarball {
inherit url;
sha256 = hash;
};
mkTarballSource =
{ fetchTarball, ... }:
{
url,
locked_url ? url,
hash,
...
}:
fetchTarball {
url = locked_url;
sha256 = hash;
};
mkContainerSource =
pkgs:
{
image_name,
image_tag,
image_digest,
...
}:
if pkgs == null then
builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers"
else
pkgs.dockerTools.pullImage {
imageName = image_name;
imageDigest = image_digest;
finalImageTag = image_tag;
};
in
mkFunctor (
{
input ? ./sources.json,
}:
let
data =
if builtins.isPath input then
# while `readFile` will throw an error anyways if the path doesn't exist,
# we still need to check beforehand because *our* error can be caught but not the one from the builtin
# *piegames sighs*
if builtins.pathExists input then
builtins.fromJSON (builtins.readFile input)
else
throw "Input path ${toString input} does not exist"
else if builtins.isAttrs input then
input
else
throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset";
version = data.version;
in
if version == 7 then
builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
)
npins/sources.json
+31
View File
@@ -0,0 +1,31 @@
{
"pins": {
"claude-code-nix": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "sadjow",
"repo": "claude-code-nix"
},
"branch": "main",
"submodules": false,
"revision": "5cbf0a4eba950cdc7d7982774a9bc189ab21cb99",
"url": "https://github.com/sadjow/claude-code-nix/archive/5cbf0a4eba950cdc7d7982774a9bc189ab21cb99.tar.gz",
"hash": "sha256-ob/uMOU6CyRES+/SIxnMDhDAZUQr228JdBPKkGu8m/c="
},
"nixpkgs": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "NixOS",
"repo": "nixpkgs"
},
"branch": "nixos-unstable",
"submodules": false,
"revision": "9dcb002ca1690658be4a04645215baea8b95f31d",
"url": "https://github.com/NixOS/nixpkgs/archive/9dcb002ca1690658be4a04645215baea8b95f31d.tar.gz",
"hash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs="
}
},
"version": 7
}
shell.nix
+10
View File
@@ -0,0 +1,10 @@
let
sources = import ./npins;
system = builtins.currentSystem;
pkgs = import sources.nixpkgs { inherit system; };
in
pkgs.mkShell {
packages = with pkgs; [
npins
];
}