Fix dev VM networking

home-manager/modules/common.nix

@@ -46,6 +46,16 @@ in
             "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+kCHXqtznkT9IBN5WxZHmXI97k3BumT+N4lyHWMo0pykpACCOcGw52EXxQveNqgcwcRUgamL9A2JTE//WRf3O4nBofeTRNKcRxTjRoUVIt/F0xbf09yWBqJOXZ8rqLkXhRvSpr1TCUZtYVp5iLtpERp622OMIqHSwa6HlxBqsCFkBeq1bRyNtYK/IaQAuBPW9MNeFriGqA0Vq078ccXp+JINxJbr+ZJybVg6PVqnMD+PgGMZQLkoWjwjH3vcJZZt584UPtrXKpNZuKy6dcMCb2U+O9NOaO66168sBVuK0kZHh51nJ7ZH38VLGiBipRgIQ1fzic3Ncn6GC9ko3/OwT jackos1998@gmail.com"
           ];
           matchBlocks = {
+            nix-dev-vm = {
+              user = "dev";
+              hostname = "localhost";
+              port = 2222;
+              extraOptions = {
+                StrictHostKeyChecking = "no";
+                UserKnownHostsFile = "/dev/null";
+              };
+            };
+
             "rsync.net" = {
               host = "rsyncnet";
               user = "16413";

nixos/installer.nix

@@ -1,4 +1,4 @@
-{ lib, modulesPath, config, ... }:
+{ lib, pkgs, modulesPath, config, ... }:
 let
   inherit (lib) mkDefault mkForce;
 in
@@ -39,5 +39,10 @@ in
     # download-using-manifests.pl from forking even if there is
     # plenty of free memory.
     boot.kernel.sysctl."vm.overcommit_memory" = "1";
+
+    environment.systemPackages = with pkgs; [
+      # We disable networking.useDHCP, so bring this in for the user
+      dhcpcd
+    ];
   };
 }

nixos/modules/build.nix

@@ -61,6 +61,7 @@ in
     # Forward declare options that won't exist until the VM module is actually imported
     virtualisation = {
       diskImage = dummyOption;
+      forwardPorts = dummyOption;
     };
   };
 

nixos/modules/common.nix

@@ -1,8 +1,8 @@
 { lib, pkgs, pkgs', inputs, options, config, ... }:
 let
   inherit (builtins) attrValues;
-  inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions;
+  inherit (lib) flatten optional mkIf mkDefault mkMerge mkAliasDefinitions;
-  inherit (lib.my) mkOpt' dummyOption;
+  inherit (lib.my) mkOpt' mkBoolOpt' dummyOption;
 
   defaultUsername = "dev";
   uname = config.my.user.name;
@@ -13,6 +13,14 @@ in
       # Pretty hacky but too lazy to figure out if there's a better way to alias the options
       user = mkOpt' (attrsOf anything) { } "User definition (as `users.users.*`).";
       homeConfig = mkOpt' anything { } "Home configuration (as `home-manager.users.*`)";
+
+      ssh = {
+        # If enabled, we can't set `authorized_keys` from home-manager because SSH won't like the file being owned by
+        # root.
+        strictModes = mkBoolOpt' false
+          ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+
+          "before accepting login.");
+      };
     };
 
     # Only present in >=22.05, so forward declare
@@ -104,6 +112,11 @@ in
         useDHCP = mkDefault false;
         enableIPv6 = mkDefault true;
       };
+      virtualisation = {
+        forwardPorts = flatten [
+          (optional config.services.openssh.openFirewall { from = "host"; host.port = 2222; guest.port = 22; })
+        ];
+      };
 
       environment.systemPackages = with pkgs; [
         bash-completion
@@ -123,6 +136,7 @@ in
 
         openssh = {
           enable = mkDefault true;
+          extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';
         };
       };
 
@@ -138,6 +152,9 @@ in
         })
       ];
     })
+    (mkIf config.my.build.isDevVM {
+      networking.interfaces.eth0.useDHCP = mkDefault true;
+    })
   ];
 
   meta.buildDocsInSandbox = false;