cc-sandbox: add alias for full auto claude code

flake.nix

@@ -90,7 +90,22 @@
 				mem = 8192;
 				extraModules = [({ pkgs, ... }: {
 					nixpkgs.config.allowUnfree = true;
-					nix.settings.experimental-features = [ "nix-command" "flakes" ];
+					nix = {
+						registry.nix-mcp = {
+							from = {
+								type = "github";
+								owner = "illustris";
+								repo = "nix-mcp";
+							};
+							to = nix-mcp;
+						};
+						settings.experimental-features = [ "nix-command" "flakes" ];
+					};
+
+					services.openssh.enable = true;
+					users.users.root.openssh.authorizedKeys.keys = [
+						"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAm3qVkTmuYEayM3Vstruv8w5SM4K9riokAxUcpothhO illustris@illustris-thinkpad"
+					];
 
 					environment.systemPackages = with pkgs; [
 						claude-code-bin
@@ -98,10 +113,15 @@
 						curl
 						vim
 						nix-mcp.packages.x86_64-linux.default
+						tmux
+						(writeScriptBin "c" "IS_SANDBOX=1 exec ${lib.getExe claude-code-bin} --dangerously-skip-permissions $@")
 					];
 
 					microvm = {
 						writableStoreOverlay = "/nix/.rw-store";
+						forwardPorts = [
+							{ from = "host"; host.port = 2222; guest.port = 22; }
+						];
 						shares = [
 							{
 								proto = "9p";
@@ -128,6 +148,29 @@
 						};
 					};
 
+
+					# Create and loop-mount an ext4 image on the 9p data volume
+					# for the overlay upper/work (9p can't serve as overlayfs upper)
+					systemd.services.claude-overlay-img = {
+						description = "Create ext4 image for Claude overlay";
+						wantedBy = [ "var-lib-claude\\x2drw.mount" ];
+						before = [ "var-lib-claude\\x2drw.mount" ];
+						after = [ "var-lib-cc\\x2dsandbox.mount" ];
+						requires = [ "var-lib-cc\\x2dsandbox.mount" ];
+						unitConfig.DefaultDependencies = false;
+						serviceConfig = {
+							Type = "oneshot";
+							RemainAfterExit = true;
+							ExecStart = pkgs.writeShellScript "claude-overlay-img" ''
+								img=/var/lib/cc-sandbox/claude-overlay.img
+								if [ ! -f "$img" ]; then
+									${pkgs.coreutils}/bin/truncate -s 128M "$img"
+									${pkgs.e2fsprogs}/bin/mkfs.ext4 -q "$img"
+								fi
+							'';
+						};
+					};
+
 					fileSystems = {
 						# tmpfs backing for the writable nix store overlay
 						"/nix/.rw-store" = {
@@ -136,11 +179,14 @@
 							neededForBoot = true;
 						};
 
-						# Claude config: ephemeral overlay on top of host's ~/.claude
+						# Loop-mounted ext4 image for overlay upper/work
 						"/var/lib/claude-rw" = {
-							fsType = "tmpfs";
+							device = "/var/lib/cc-sandbox/claude-overlay.img";
-							options = [ "size=128M" "mode=0700" ];
+							fsType = "ext4";
+							options = [ "loop" ];
 						};
+
+						# Claude config: persistent overlay on top of host's ~/.claude
 						"/root/.claude".overlay = {
 							lowerdir = [ "/var/lib/claude-lower" ];
 							upperdir = "/var/lib/claude-rw/upper";
@@ -175,6 +221,40 @@
 				})];
 			};
 
+			vpn = {
+				vcpu = 2;
+				mem = 2047;
+				extraModules = [({ pkgs, ... }: {
+					imports = [ self.nixosModules.storeOverlay ];
+
+					# Mount ovpn configs read-only
+					microvm.shares = [
+						{
+							proto = "9p";
+							tag = "ovpn";
+							source = "/home/illustris/Documents/ovpn/air";
+							mountPoint = "/etc/openvpn/air";
+							readOnly = true;
+						}
+					];
+
+					# OpenVPN client service
+					services.openvpn.servers.airvpn = {
+						config = ''
+							config /etc/openvpn/air/AirVPN_United-States_UDP-443.ovpn
+						'';
+						autoStart = true;
+					};
+
+					environment.systemPackages = with pkgs; [
+						openvpn
+						rclone
+						tmux
+						nmap
+					];
+				})];
+			};
+
 			crash = {};
 		};
 	};