Home 零对冲(ZeroHedge)每日HackerNews

Show HN:Virby,基于VFKIT的Linux Builder Nix-Darwin
Show HN: Virby, a vfkit-based Linux builder for Nix-Darwin

原始链接: https://github.com/quinneden/virby-nix-darwin

Virby是一个Nix-Darwin模块,它利用VFKIT创建一个轻巧的Linux VM,该Linux VM充当MacOS上的远程NIX构建机。以Nix-Rosetta-Builder为模型,它允许使用Rosetta在Apple Silicon上构建Linux软件包,甚至构建X86_64。它提供按需VM激活,仅在需要时启动VM并在不活动后关闭,并保存资源。 配置在“ configuration.nix”中处理,允许对CPU内核,内存,磁盘大小甚至自定义NIXOS设置进行调整。使用自动生成的ED25519键和文件系统隔离,通过SSH访问Localhost的访问,将安全性优先考虑。 该服务包括Nix-Darwin模块,最小的Nixos磁盘图像以及基于Python的VM Runner,该跑步者管理VM的生命周期和SSH代理。调试选项可用于故障排除,尽管为安全性而劝阻,但可以通过SSH访问VM。 Virby精简的跨平台NIX在可配置的可配置环境中构建在MACO上。

黑客新闻新闻|过去|评论|问|显示|工作| SubmitLoginShow HN:Virby,基于VFKIT的Linux Builder for Nix-darwin(github.com/quinneden)18点1天|隐藏|过去|最喜欢的| 1 CommentVirby是Nix-Darwin的模块,该模块将轻巧的Linux VM配置为NIX的远程构建计算机,从而允许在MacOS上构建Linux软件包。 Nathanscully 23小时前[ - ] 与nix-darwin [1]中的内置Linux-builder相比,这是什么优点?我认为它是基于VFKIT的,可能会使它更具性能?是否有比较它们的基准? 考虑申请YC的2025年秋季批次!申请开放至8月4日 指南|常见问题解答|列表| API |安全|法律|申请YC |接触 搜索:
相关文章
原文

Virby is a module for nix-darwin that configures a lightweight, vfkit-based linux VM as a remote build machine for nix, allowing linux packages to be built on macOS. This project is modeled after nix-rosetta-builder, which provides a similar service, using lima to manage the VM. Some parts of the code in this repository are directly borrowed and adapted from that project.

Add to your flake and enable:

# flake.nix
{
  inputs.virby = {
    url = "github:quinneden/virby-nix-darwin";
    inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = { virby, ... }: {
    darwinConfigurations."myHost" = {
      modules = [ virby.darwinModules.default ];
    };
  };
}
# configuration.nix
services.virby = {
  enable = true;
  cores = 8;
  memory = "6GiB";
  diskSize = "100GiB";
};

Then rebuild: darwin-rebuild switch --flake .#myHost

  • On-demand activation - VM starts only when builds are needed, shuts down after inactivity
  • Rosetta support - Build x86_64-linux packages on Apple Silicon using Rosetta translation
  • Secure by default - Host-only access via loopback (i.e. 127.0.0.1), with automatic ED25519 key generation
  • Fully configurable - Adjust VM resources and add custom NixOS modules
Option Type Default Description
enable bool false Enable the service
cores int 8 CPU cores allocated to VM
memory int/string 6144 Memory in MiB or string format (e.g. "6GiB")
diskSize string "100GiB" VM disk size
port int 31222 SSH port for VM access
speedFactor int 1 Speed factor for Nix build machine

On-Demand Activation

services.virby.onDemand = {
  enable = true;
  ttl = 180;  # Idle timeout in minutes
};

Rosetta Support (Apple Silicon only)

services.virby.rosetta.enable = true;

Custom NixOS Configuration

services.virby.extraConfig = {
  inherit (config.nix) settings;
  # Any valid NixOS configuration
};

Debug Options (insecure, for troubleshooting only)

services.virby = {
  debug = true;         # Enable verbose logging
  allowUserSsh = true;  # Allow non-root SSH access
};

Note

Changes to extraConfig will cause the VM disk image and SSH keys to be recreated.

Virby integrates three components:

  • nix-darwin Module - Configures VM as a Nix build machine for host
  • VM Image - Minimal NixOS disk image configured for secure ssh access and build isolation
  • VM Runner - Python package managing VM lifecycle and SSH proxying

Build workflow: Linux build requested → VM started (if needed) → Build executed in isolated environment → Results returned → VM shutdown (after idle timeout)

Security model: VM accessible only via localhost with key-based SSH authentication, minimal privileges, and filesystem isolation.

Debug logging:

services.virby.debug = true;
# View daemon logs
tail -f /tmp/virbyd.stdout.log

SSH into VM:

# Requires allowUserSsh = true
ssh virby-vm
# or use sudo

License: MIT - see LICENSE file for details.

联系我们 contact @ memedata.com