dotfiles/vmix.nix
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
vmix.nix/wip/claude-memory/MEMORY.md
Git Sagar db5913dc5c WIP: add Windows Update template with online COM API updates 
Add essentials.windowsUpdate template that boots Audit Mode, uses the
Windows Update COM API to search/download/install all available updates
(cumulative, .NET, Defender), handles multi-round reboots with Audit
Mode preservation, and compacts the image afterward.

Known issues being worked:
- Audit Mode preservation after update reboot needs verification
- Install takes ~60-90 min with 4GB RAM on slow machines

Includes full session notes in wip/ with detailed test log, build
commands, issue analysis, timing data, and Claude memory files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-09 10:35:23 +05:30

2.8 KiB
Raw Blame History

vmix.nix Project Memory

Build Preferences

  • Always use VNC display (:1 / port 5901) when building Windows images so progress can be monitored
  • Pass vncDisplay = ":1" to customizeImage templates for build monitoring
  • Use gvnccapture localhost:1 /tmp/screenshot.png to take VNC screenshots (package: gtk-vnc)
  • For VNC inside vmix namespace: ip netns exec windows.vmix nix-shell -p gtk-vnc --run 'gvnccapture 127.0.0.1:1 /tmp/screenshot.png'

Key Architecture

  • Offline registry uses ControlSet001 (not CurrentControlSet) for virt-win-reg merges
  • Sysprep resets offline registry changes — RDP must be re-enabled in post-OOBE script
  • TermService won't listen on port 3389 in Audit Mode without a password on Administrator
  • LimitBlankPasswordUse=0 alone is NOT sufficient for RDP in Audit Mode — password required
  • OOBE AutoLogon <Password> in unattend XML is unreliable — set via reg add in post-oobe.cmd instead
  • OOBE creates user with blank password regardless of unattend — set real password via net user in post-oobe.cmd
  • sc config can fail silently for some services — use reg add to set Start value directly

RDP on Win10 IoT Enterprise LTSC 2021

  • CRITICAL: rdpwd.sys and tdtcp.sys don't exist in this Windows build (removed in 19041+)
  • termsrv.dll version is 10.0.19041.1202 — not supported by RDPWrap v1.6.2 or community INI files
  • TermService runs but never creates the rdp-tcp WinStation listener — no port 3389
  • The ISO (en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso) has 2 indexes:
    • Index 1: Windows 10 Enterprise LTSC 2021
    • Index 2: Windows 10 IoT Enterprise LTSC 2021
  • Product key M7XTQ-FN8P6-TTKYV-9D4CC-J462D = Enterprise LTSC (not IoT)
  • MAS HWID activation switches edition to IoT Enterprise S (partial key YY74H)
  • TODO: Either generate custom RDPWrap config for termsrv 10.0.19041.1202, use a different ISO, or use third-party RDP server

generalize.nix Changes

  • enableRDP flag added — applies RDP settings in post-oobe.cmd (survives sysprep)
  • AutoLogon fix: blank password in unattend, real password + AutoAdminLogon registry in post-oobe.cmd
  • LogonCount=999 for persistent AutoLogon
  • SessionEnv + UmRdpService set to auto-start via reg add (Start=2)
  • Firewall: Enable-NetFirewallRule -DisplayGroup 'Remote Desktop' + Set-NetFirewallRule -Profile Any

labv2.nix junto Deployment

  • vmix flake input rev is pinned in flake.nix — must update the URL to change versions
  • Use path:/storage/gitrepos/vmix.nix for local dev, git+https://...?rev=<hash> for production
  • colmena apply-local doesn't support --override-input
  • DNS: dns.resolver.useHostResolvConf = true breaks when host uses systemd-resolved (127.0.0.53) — use explicit upstream like 1.1.1.1
  • QEMU Guest Agent socket at /tmp/qga-win10.sock — use from inside namespace