Add base wine container

I figured out how to get wine working on Nix, and it works surprisingly well, however I'd like to avoid programs from writing wherever they want and don't want to rely on a solution like firejail. As it turns out, systemd-nspawn containers enable us to run wine applications in a reasonably private container without access to neither the files of the host nor its internet connection.
2024-11-22 08:14:00 +01:00 · 2023-06-03 15:29:49 -04:00 · 2023-06-03 15:29:49 -04:00 · 6985903631
commit 6985903631
parent a22b9355dd
1 changed files with 50 additions and 0 deletions
--- a/containers/wine.nix
+++ b/containers/wine.nix
@ -0,0 +1,50 @@
+{
+  containers.wine = {
+    autoStart = true;
+    privateNetwork = true;
+
+    bindMounts = {
+      "/home/user" = {
+        hostPath = "/home/user/containers/wine";
+        isReadOnly = false;
+      };
+    };
+
+    config = { pkgs, lib, ... }: {
+      programs = {
+        fish.enable = true;
+        neovim.enable = true;
+        starship.enable = true;
+      };
+
+      users = {
+        defaultUserShell = pkgs.fish;
+        mutableUsers = false;
+        allowNoPasswordLogin = true;
+
+        users.user = {
+          isNormalUser = true;
+          home = "/home/user";
+        };
+      };
+
+      environment = {
+        shells = with pkgs; [ fish ];
+
+        variables = {
+          TERM = "xterm-kitty";
+        };
+
+        defaultPackages = [ ];
+      };
+
+      environment.systemPackages = with pkgs; [
+        kitty
+        wine-staging
+        winetricks
+      ];
+
+      system.stateVersion = "22.11";
+    };
+  };
+}