fix: ensure ip forwarding is enabled for vmix namespaces

NixOS firewall sets conf.all.forwarding=false via mkDefault, which overrides ip_forward=1. Use normal priority to beat mkDefault. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: use vmix's own locked nixpkgs for all image building
2026-06-15 11:10:32 -03:00 · 2026-06-15 10:04:52 -03:00 · 2026-06-09 13:18:12 +05:30
7 changed files with 29 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,9 +15,12 @@
    lib = pkgs.lib;
    vmixLib = import ./lib { inherit pkgs lib system; };
  in {
-    overlays.default = import ./overlay.nix;
+    overlays.default = final: prev: { inherit vmixLib; };
-    nixosModules.default = import ./module.nix;
+    nixosModules.default = { config, pkgs, lib, ... }: {
      imports = [ ./nixos/default.nix ];
      config.nixpkgs.overlays = [ self.overlays.default ];
    };
    lib.${system} = vmixLib;
--- a/lib/images/windows/helpers/customizeImage.nix
+++ b/lib/images/windows/helpers/customizeImage.nix
@ -25,6 +25,10 @@
    smp ? 4,
    memSize ? 4096,
    nicModel ? null,
    # Flatten COW chain into a standalone qcow2 (removes backing file dependency)
    compact ? false,
    # QEMU timeout in seconds (default 30 min, increase for Windows Update)
    qemuTimeout ? 1800,
  }:
  let
    originalImageName = lib.strings.removeSuffix "-vmix" (lib.strings.removeSuffix ".qcow2" originalImage.name);
@ -107,11 +111,11 @@
        ${cdromArgs} \
        -nic user,model=${if nicModel != null then nicModel else if isAHCI then "e1000" else "virtio-net-pci"}"
-      timeout 1800 qemu-system-x86_64 $VMIX_DISPLAY $QEMU_ARGS || \
+      timeout ${toString qemuTimeout} qemu-system-x86_64 $VMIX_DISPLAY $QEMU_ARGS || \
        if [[ "$VMIX_DISPLAY" == "-display sdl" ]]; then
          echo "=== vmix: SDL failed, retrying headless ==="
          cp ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd vars.fd && chmod +w vars.fd
-          timeout 1800 qemu-system-x86_64 -nographic $QEMU_ARGS
+          timeout ${toString qemuTimeout} qemu-system-x86_64 -nographic $QEMU_ARGS
        else
          exit 1
        fi
@ -125,6 +129,11 @@
      [ -n "${diskSize}" ] && qemu-img resize ${resultImg} ${diskSize}
      ${virtWinRegMerge}
      ${auditBootCommands}
      ${lib.optionalString compact ''
      echo "=== vmix: compacting image ==="
      qemu-img convert -O qcow2 ${resultImg} compact.qcow2
      mv compact.qcow2 ${resultImg}
      ''}
      mv ${resultImg} $out
    '';
  builtImage = pkgs.runCommand customImageName ({
--- a/lib/images/windows/templates/generalize.nix
+++ b/lib/images/windows/templates/generalize.nix
@ -81,9 +81,16 @@ in
    powershell -Command "Get-AppxPackage *MicrosoftEdgeDevToolsClient* | Remove-AppxPackage -ErrorAction SilentlyContinue"
-    :: Activate Windows using HWID method
+    :: Re-install product key and licenses to restore activation IDs after sysprep
    cscript //nologo C:\Windows\System32\slmgr.vbs /ipk M7XTQ-FN8P6-TTKYV-9D4CC-J462D
    cscript //nologo C:\Windows\System32\slmgr.vbs /rilc
    :: Restart SPP service and wait for it to settle
    net stop sppsvc /y 2>nul
    net start sppsvc
    ping -n 10 127.0.0.1 >nul
    :: Activate Windows using TSforge
    if exist C:\MAS_AIO.cmd (
-      echo. | call C:\MAS_AIO.cmd /HWID
+      echo. | call C:\MAS_AIO.cmd /Z-Windows
    )
    :: Activate Office using Ohook method (if Office is installed)
    if exist "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" (
--- a/module.nix
+++ b/module.nix
@ -1,6 +0,0 @@
 { ... }:
 {
  imports = [
    ./nixos/default.nix
  ];
 }
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
-  vmixLib = import ./../lib {inherit pkgs lib; };
+  vmixLib = pkgs.vmixLib;
  args = { inherit config pkgs lib vmixLib; };
 in
 {
@ -15,6 +15,4 @@ in
      (types.submodule (import ./namespaceSubmoduleOptions.nix args));
    default = {};
  };
-
+}
  config.nixpkgs.overlays = [ (import ../overlay.nix) ];
 }
--- a/nixos/networks/config.nix
+++ b/nixos/networks/config.nix
@ -286,5 +286,6 @@ in
 {
  config.systemd.services = namespaceGlobalService // networkServices;
  config.systemd.targets = networkTargets;
-  config.boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
+  config.boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkForce 1;
  config.boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = lib.mkForce true;
 }
--- a/overlay.nix
+++ b/overlay.nix
@ -1,7 +0,0 @@
 final: prev:
 let
  # Pin vmixLib to nixpkgs 25-11 so all VM images are built with a consistent toolchain
  vmixPkgs = prev.v25-11 or prev;
 in {
  vmixLib = vmixPkgs.callPackage ./lib {};
 }