virtualbox: nixfmt

# Module for VirtualBox guests.

{ config, lib, pkgs, ... }:

{

  config,

  lib,

  pkgs,

  ...

}:

let

  cfg = config.virtualisation.virtualbox.guest;

  kernel = config.boot.kernelPackages;

in

{

  imports = [

    (lib.mkRenamedOptionModule [ "virtualisation" "virtualbox" "guest" "draganddrop" ] [ "virtualisation" "virtualbox" "guest" "dragAndDrop" ])

    (lib.mkRenamedOptionModule

      [

        "virtualisation"

        "virtualbox"

        "guest"

        "draganddrop"

      ]

      [

        "virtualisation"

        "virtualbox"

        "guest"

        "dragAndDrop"

      ]

    )

  ];

  options.virtualisation.virtualbox.guest = {

  ###### implementation

  config = lib.mkIf cfg.enable (lib.mkMerge [

  config = lib.mkIf cfg.enable (

    lib.mkMerge [

      {

        assertions = [

          {

      assertions = [{

            assertion = pkgs.stdenv.hostPlatform.isx86;

            message = "Virtualbox not currently supported on ${pkgs.stdenv.hostPlatform.system}";

      }];

          }

        ];

        environment.systemPackages = [ kernel.virtualboxGuestAdditions ];

          serviceConfig.ExecStart = "@${kernel.virtualboxGuestAdditions}/bin/VBoxService VBoxService --foreground";

        };

      services.udev.extraRules =

        ''

        services.udev.extraRules = ''

          # /dev/vboxuser is necessary for VBoxClient to work.  Maybe we

          # should restrict this to logged-in users.

          KERNEL=="vboxuser",  OWNER="root", GROUP="root", MODE="0666"

        systemd.user.services.virtualboxClientVmsvga = mkVirtualBoxUserService "--vmsvga-session";

      }

    (

      lib.mkIf cfg.clipboard {

      (lib.mkIf cfg.clipboard {

        systemd.user.services.virtualboxClientClipboard = mkVirtualBoxUserService "--clipboard";

      }

    )

    (

      lib.mkIf cfg.seamless {

      })

      (lib.mkIf cfg.seamless {

        systemd.user.services.virtualboxClientSeamless = mkVirtualBoxUserService "--seamless";

      }

    )

    (

      lib.mkIf cfg.dragAndDrop {

      })

      (lib.mkIf cfg.dragAndDrop {

        systemd.user.services.virtualboxClientDragAndDrop = mkVirtualBoxUserService "--draganddrop";

      }

    )

  ]);

      })

    ]

  );

}

{ config, lib, pkgs, ... }:

{

  config,

  lib,

  pkgs,

  ...

}:

let

  cfg = config.virtualisation.virtualbox.host;

  virtualbox = cfg.package.override {

    inherit (cfg) enableHardening headless enableWebService enableKvm;

    inherit (cfg)

      enableHardening

      headless

      enableWebService

      enableKvm

      ;

    extensionPack = if cfg.enableExtensionPack then pkgs.virtualboxExtpack else null;

  };

    };

  };

  config = lib.mkIf cfg.enable (lib.mkMerge [{

    warnings = lib.mkIf (pkgs.config.virtualbox.enableExtensionPack or false)

      ["'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"];

  config = lib.mkIf cfg.enable (

    lib.mkMerge [

      {

        warnings = lib.mkIf (pkgs.config.virtualbox.enableExtensionPack or false) [

          "'nixpkgs.virtualbox.enableExtensionPack' has no effect, please use 'virtualisation.virtualbox.host.enableExtensionPack'"

        ];

        environment.systemPackages = [ virtualbox ];

    security.wrappers = let

        security.wrappers =

          let

            mkSuid = program: {

              source = "${virtualbox}/libexec/virtualbox/${program}";

              owner = "root";

              group = "vboxusers";

              setuid = true;

            };

      executables = [

            executables =

              [

                "VBoxHeadless"

                "VBoxNetAdpCtl"

                "VBoxNetDHCP"

                "VBoxNetNAT"

                "VBoxVolInfo"

      ] ++ (lib.optionals (!cfg.headless) [

              ]

              ++ (lib.optionals (!cfg.headless) [

                "VBoxSDL"

                "VirtualBoxVM"

              ]);

    in lib.mkIf cfg.enableHardening

      (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables));

          in

          lib.mkIf cfg.enableHardening (

            builtins.listToAttrs (

              map (x: {

                name = x;

                value = mkSuid x;

              }) executables

            )

          );

        users.groups.vboxusers.gid = config.ids.gids.vboxusers;

    services.udev.extraRules =

      ''

        services.udev.extraRules = ''

          SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"

          SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"

          SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"

          SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"

        '';

  } (lib.mkIf cfg.enableKvm {

      }

      (lib.mkIf cfg.enableKvm {

        assertions = [

          {

            assertion = !cfg.addNetworkInterface;

            message = "VirtualBox KVM only supports standard NAT networking for VMs. Please turn off virtualisation.virtualbox.host.addNetworkInterface.";

          }

        ];

  }) (lib.mkIf (!cfg.enableKvm) {

    boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];

      })

      (lib.mkIf (!cfg.enableKvm) {

        boot.kernelModules = [

          "vboxdrv"

          "vboxnetadp"

          "vboxnetflt"

        ];

        boot.extraModulePackages = [ kernelModules ];

    services.udev.extraRules =

      ''

        services.udev.extraRules = ''

          KERNEL=="vboxdrv",    OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"

          KERNEL=="vboxdrvu",   OWNER="root", GROUP="root",      MODE="0666", TAG+="systemd"

          KERNEL=="vboxnetctl", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"

        '';

        # Since we lack the right setuid/setcap binaries, set up a host-only network by default.

  }) (lib.mkIf cfg.addNetworkInterface {

    systemd.services.vboxnet0 =

      { description = "VirtualBox vboxnet0 Interface";

      })

      (lib.mkIf cfg.addNetworkInterface {

        systemd.services.vboxnet0 = {

          description = "VirtualBox vboxnet0 Interface";

          requires = [ "dev-vboxnetctl.device" ];

          after = [ "dev-vboxnetctl.device" ];

        wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];

          wantedBy = [

            "network.target"

            "sys-subsystem-net-devices-vboxnet0.device"

          ];

          path = [ virtualbox ];

          serviceConfig.RemainAfterExit = true;

          serviceConfig.Type = "oneshot";

          serviceConfig.PrivateTmp = true;

          environment.VBOX_USER_HOME = "/tmp";

        script =

          ''

          script = ''

            if ! [ -e /sys/class/net/vboxnet0 ]; then

              VBoxManage hostonlyif create

              cat /tmp/VBoxSVC.log >&2

            fi

          '';

        postStop =

          ''

          postStop = ''

            VBoxManage hostonlyif remove vboxnet0

          '';

        };

    networking.interfaces.vboxnet0.ipv4.addresses = [{ address = "192.168.56.1"; prefixLength = 24; }];

        networking.interfaces.vboxnet0.ipv4.addresses = [

          {

            address = "192.168.56.1";

            prefixLength = 24;

          }

        ];

        # Make sure NetworkManager won't assume this interface being up

        # means we have internet access.

        networking.networkmanager.unmanaged = [ "vboxnet0" ];

  }) (lib.mkIf config.networking.useNetworkd {

      })

      (lib.mkIf config.networking.useNetworkd {

        systemd.network.networks."40-vboxnet0".extraConfig = ''

          [Link]

          RequiredForOnline=no

        '';

      })

]);

    ]

  );

}

{ config, stdenv, fetchurl, fetchpatch, callPackage, lib, acpica-tools, dev86, pam, libxslt, libxml2, wrapQtAppsHook

, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL2, libcap, libGL, libGLU

, libpng, glib, lvm2, libXrandr, libXinerama, libopus, libtpms, qtbase, qtx11extras

, qttools, qtsvg, qtwayland, pkg-config, which, docbook_xsl, docbook_xml_dtd_43

, alsa-lib, curl, libvpx, nettools, dbus, substituteAll, gsoap, zlib, xz

, yasm, glslang

, nixosTests

{

  config,

  stdenv,

  fetchurl,

  fetchpatch,

  callPackage,

  lib,

  acpica-tools,

  dev86,

  pam,

  libxslt,

  libxml2,

  wrapQtAppsHook,

  libX11,

  xorgproto,

  libXext,

  libXcursor,

  libXmu,

  libIDL,

  SDL2,

  libcap,

  libGL,

  libGLU,

  libpng,

  glib,

  lvm2,

  libXrandr,

  libXinerama,

  libopus,

  libtpms,

  qtbase,

  qtx11extras,

  qttools,

  qtsvg,

  qtwayland,

  pkg-config,

  which,

  docbook_xsl,

  docbook_xml_dtd_43,

  alsa-lib,

  curl,

  libvpx,

  nettools,

  dbus,

  substituteAll,

  gsoap,

  zlib,

  xz,

  yasm,

  glslang,

  nixosTests,

  # If open-watcom-bin is not passed, VirtualBox will fall back to use

  # the shipped alternative sources (assembly).

, open-watcom-bin

, makeself, perl

, vulkan-loader

, javaBindings ? true, jdk # Almost doesn't affect closure size

, pythonBindings ? false, python3

, extensionPack ? null, fakeroot

, pulseSupport ? config.pulseaudio or stdenv.hostPlatform.isLinux, libpulseaudio

, enableHardening ? false

, headless ? false

, enable32bitGuests ? true

, enableWebService ? false

, enableKvm ? false

, extraConfigureFlags ? ""

  open-watcom-bin,

  makeself,

  perl,

  vulkan-loader,

  javaBindings ? true,

  jdk, # Almost doesn't affect closure size

  pythonBindings ? false,

  python3,

  extensionPack ? null,

  fakeroot,

  pulseSupport ? config.pulseaudio or stdenv.hostPlatform.isLinux,

  libpulseaudio,

  enableHardening ? false,

  headless ? false,

  enable32bitGuests ? true,

  enableWebService ? false,

  enableKvm ? false,

  extraConfigureFlags ? "",

}:

# The web services use Java infrastructure.

  virtualboxGuestAdditionsIso = callPackage guest-additions-iso/default.nix { };

  inherit (lib) optional optionals optionalString getDev getLib;

in stdenv.mkDerivation (finalAttrs: {

  inherit (lib)

    optional

    optionals

    optionalString

    getDev

    getLib

    ;

in

stdenv.mkDerivation (finalAttrs: {

  pname = "virtualbox";

  version = finalAttrs.virtualboxVersion;

  inherit buildType virtualboxVersion virtualboxSha256 kvmPatchVersion kvmPatchHash virtualboxGuestAdditionsIso;

  inherit

    buildType

    virtualboxVersion

    virtualboxSha256

    kvmPatchVersion

    kvmPatchHash

    virtualboxGuestAdditionsIso

    ;

  src = fetchurl {

    url = "https://download.virtualbox.org/virtualbox/${finalAttrs.virtualboxVersion}/VirtualBox-${finalAttrs.virtualboxVersion}.tar.bz2";

  outputs = [ "out" ] ++ optional withModsrc "modsrc";

  nativeBuildInputs = [ pkg-config which docbook_xsl docbook_xml_dtd_43 yasm glslang ]

    ++ optional (!headless) wrapQtAppsHook;

  nativeBuildInputs = [

    pkg-config

    which

    docbook_xsl

    docbook_xml_dtd_43

    yasm

    glslang

  ] ++ optional (!headless) wrapQtAppsHook;

  # Wrap manually because we wrap just a small number of executables.

  dontWrapQtApps = true;

  buildInputs = [

    acpica-tools dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL

    libcap glib lvm2 alsa-lib curl libvpx pam makeself perl

    libXmu libXrandr libpng libopus libtpms python3 xz ]

  buildInputs =

    [

      acpica-tools

      dev86

      libxslt

      libxml2

      xorgproto

      libX11

      libXext

      libXcursor

      libIDL

      libcap

      glib

      lvm2

      alsa-lib

      curl

      libvpx

      pam

      makeself

      perl

      libXmu

      libXrandr

      libpng

      libopus

      libtpms

      python3

      xz

    ]

    ++ optional javaBindings jdk

    ++ optional pythonBindings python3 # Python is needed even when not building bindings

    ++ optional pulseSupport libpulseaudio

    ++ optionals headless [ libGL ]

    ++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL2 libGLU ]

    ++ optionals enableWebService [ gsoap zlib ];

    ++ optionals (!headless) [

      qtbase

      qtx11extras

      libXinerama

      SDL2

      libGLU

    ]

    ++ optionals enableWebService [

      gsoap

      zlib

    ];

  hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ];

  hardeningDisable = [

    "format"

    "fortify"

    "pic"

    "stackprotector"

  ];

  prePatch = ''

    set -x

    sed -e 's@MKISOFS --version@MKISOFS -version@' \

        -e 's@PYTHONDIR=.*@PYTHONDIR=${optionalString pythonBindings python3}@' \

        -e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \

        ${optionalString (!headless) ''

        ${

          optionalString (!headless) ''

            -e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qtbase}/bin"@' \

        ''} -i configure

          ''

        } -i configure

    ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux.so.2

    ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2

    grep 'libpulse\.so\.0'      src include -rI --files-with-match | xargs sed -i -e '

      ${optionalString pulseSupport

        ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}'

      ${optionalString pulseSupport ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}'

    grep 'libdbus-1\.so\.3'     src include -rI --files-with-match | xargs sed -i -e '

      s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g'

  patches =

    optional enableHardening ./hardened.patch

    # Since VirtualBox 7.0.8, VBoxSDL requires SDL2, but the build framework uses SDL1

  ++ optionals (!headless) [ ./fix-sdl.patch

    ++ optionals (!headless) [

      ./fix-sdl.patch

      # No update patch disables check for update function

      # https://bugs.launchpad.net/ubuntu/+source/virtualbox-ose/+bug/272212

      (fetchpatch {

        url = "https://salsa.debian.org/pkg-virtualbox-team/virtualbox/-/raw/debian/7.0.14-dfsg-1/debian/patches/16-no-update.patch";

        hash = "sha256-UJHpuB6QB/BbxJorlqZXUF12lgq8gbLMRHRMsbyqRpY=";

     })]

      })

    ]

    ++ [ ./extra_symbols.patch ]

    # When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees

    # the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH.

      -name src -o -exec cp -avt "$libexec" {} +

    mkdir -p $out/bin

    for file in ${optionalString (!headless) "VirtualBox VBoxSDL"} ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do

    for file in ${

      optionalString (!headless) "VirtualBox VBoxSDL"

    } ${optionalString enableWebService "vboxwebsrv"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do

        echo "Linking $file to /bin"

        test -x "$libexec/$file"

        ln -s "$libexec/$file" $out/bin/$file

    ln -s "${finalAttrs.virtualboxGuestAdditionsIso}" "$out/share/virtualbox/VBoxGuestAdditions.iso"

  '';

  preFixup = optionalString (!headless) ''

  preFixup =

    optionalString (!headless) ''

      wrapQtApp $out/bin/VirtualBox

    ''

    # If hardening is disabled, wrap the VirtualBoxVM binary instead of patching

    ];

    license = lib.licenses.gpl2;

    homepage = "https://www.virtualbox.org/";

    maintainers = with lib.maintainers; [ sander friedrichaltheide blitz ];

    maintainers = with lib.maintainers; [

      sander

      friedrichaltheide

      blitz

    ];

    platforms = [ "x86_64-linux" ];

    mainProgram = "VirtualBox";

  };

{ fetchurl, lib, virtualbox }:

{

  fetchurl,

  lib,

  virtualbox,

}:

let

  inherit (virtualbox) version;

in

    # Manually sha256sum the extensionPack file, must be hex!

    # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.

    # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS

    let value = "d750fb17688d70e0cb2d7b06f1ad3a661303793f4d1ac39cfa9a54806b89da25";

    in assert (builtins.stringLength value) == 64; value;

    let

      value = "d750fb17688d70e0cb2d7b06f1ad3a661303793f4d1ac39cfa9a54806b89da25";

    in

    assert (builtins.stringLength value) == 64;

    value;

  meta = with lib; {

    description = "Oracle Extension pack for VirtualBox";

    license = licenses.virtualbox-puel;

    homepage = "https://www.virtualbox.org/";

    maintainers = with maintainers; [ sander friedrichaltheide ];

    maintainers = with maintainers; [

      sander

      friedrichaltheide

    ];

    platforms = [ "x86_64-linux" ];

  };

}

{ fetchurl, lib, virtualbox}:

{

  fetchurl,

  lib,

  virtualbox,

}:

let

  inherit (virtualbox) version;

    '';

    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];

    license = lib.licenses.gpl2;

    maintainers = [ lib.maintainers.sander lib.maintainers.friedrichaltheide ];

    platforms = [ "i686-linux" "x86_64-linux" ];

    maintainers = [

      lib.maintainers.sander

      lib.maintainers.friedrichaltheide

    ];

    platforms = [

      "i686-linux"

      "x86_64-linux"

    ];

  };

}