Git Sagar
b6a080af4b
Add essentials.windowsUpdate template that boots Audit Mode, uses the Windows Update COM API to search/download/install all available updates (cumulative, .NET, Defender), handles multi-round reboots with Audit Mode preservation, and compacts the image afterward. Known issues being worked: - Audit Mode preservation after update reboot needs verification - Install takes ~60-90 min with 4GB RAM on slow machines Includes full session notes in wip/ with detailed test log, build commands, issue analysis, timing data, and Claude memory files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
41 lines
2.8 KiB
Markdown
41 lines
2.8 KiB
Markdown
# vmix.nix Project Memory
|
|
|
|
## Build Preferences
|
|
- Always use VNC display (`:1` / port 5901) when building Windows images so progress can be monitored
|
|
- Pass `vncDisplay = ":1"` to customizeImage templates for build monitoring
|
|
- Use `gvnccapture localhost:1 /tmp/screenshot.png` to take VNC screenshots (package: gtk-vnc)
|
|
- For VNC inside vmix namespace: `ip netns exec windows.vmix nix-shell -p gtk-vnc --run 'gvnccapture 127.0.0.1:1 /tmp/screenshot.png'`
|
|
|
|
## Key Architecture
|
|
- Offline registry uses `ControlSet001` (not `CurrentControlSet`) for virt-win-reg merges
|
|
- Sysprep resets offline registry changes — RDP must be re-enabled in post-OOBE script
|
|
- TermService won't listen on port 3389 in Audit Mode without a password on Administrator
|
|
- `LimitBlankPasswordUse=0` alone is NOT sufficient for RDP in Audit Mode — password required
|
|
- OOBE AutoLogon `<Password>` in unattend XML is unreliable — set via `reg add` in post-oobe.cmd instead
|
|
- OOBE creates user with blank password regardless of unattend — set real password via `net user` in post-oobe.cmd
|
|
- `sc config` can fail silently for some services — use `reg add` to set `Start` value directly
|
|
|
|
## RDP on Win10 IoT Enterprise LTSC 2021
|
|
- **CRITICAL**: `rdpwd.sys` and `tdtcp.sys` don't exist in this Windows build (removed in 19041+)
|
|
- `termsrv.dll` version is `10.0.19041.1202` — not supported by RDPWrap v1.6.2 or community INI files
|
|
- TermService runs but never creates the `rdp-tcp` WinStation listener — no port 3389
|
|
- The ISO (`en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso`) has 2 indexes:
|
|
- Index 1: Windows 10 Enterprise LTSC 2021
|
|
- Index 2: Windows 10 IoT Enterprise LTSC 2021
|
|
- Product key `M7XTQ-FN8P6-TTKYV-9D4CC-J462D` = Enterprise LTSC (not IoT)
|
|
- MAS HWID activation switches edition to IoT Enterprise S (partial key YY74H)
|
|
- **TODO**: Either generate custom RDPWrap config for termsrv 10.0.19041.1202, use a different ISO, or use third-party RDP server
|
|
|
|
## generalize.nix Changes
|
|
- `enableRDP` flag added — applies RDP settings in post-oobe.cmd (survives sysprep)
|
|
- AutoLogon fix: blank password in unattend, real password + AutoAdminLogon registry in post-oobe.cmd
|
|
- `LogonCount=999` for persistent AutoLogon
|
|
- SessionEnv + UmRdpService set to auto-start via `reg add` (Start=2)
|
|
- Firewall: `Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'` + `Set-NetFirewallRule -Profile Any`
|
|
|
|
## labv2.nix junto Deployment
|
|
- vmix flake input rev is pinned in `flake.nix` — must update the URL to change versions
|
|
- Use `path:/storage/gitrepos/vmix.nix` for local dev, `git+https://...?rev=<hash>` for production
|
|
- `colmena apply-local` doesn't support `--override-input`
|
|
- DNS: `dns.resolver.useHostResolvConf = true` breaks when host uses systemd-resolved (127.0.0.53) — use explicit upstream like `1.1.1.1`
|
|
- QEMU Guest Agent socket at `/tmp/qga-win10.sock` — use from inside namespace
|