cc-sandbox: add persistent .claude overlay

cc-sandbox: add ssh
2026-03-12 12:15:22 +05:30 · 2026-03-11 20:19:58 +05:30
1 changed files with 48 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -90,7 +90,22 @@
 				mem = 8192;
 				extraModules = [({ pkgs, ... }: {
 					nixpkgs.config.allowUnfree = true;
-					nix.settings.experimental-features = [ "nix-command" "flakes" ];
+					nix = {
+						registry.nix-mcp = {
+							from = {
+								type = "github";
+								owner = "illustris";
+								repo = "nix-mcp";
+							};
+							to = nix-mcp;
+						};
+						settings.experimental-features = [ "nix-command" "flakes" ];
+					};
+
+					services.openssh.enable = true;
+					users.users.root.openssh.authorizedKeys.keys = [
+						"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAm3qVkTmuYEayM3Vstruv8w5SM4K9riokAxUcpothhO illustris@illustris-thinkpad"
+					];

 					environment.systemPackages = with pkgs; [
 						claude-code-bin
@@ -103,6 +118,9 @@

 					microvm = {
 						writableStoreOverlay = "/nix/.rw-store";
+						forwardPorts = [
+							{ from = "host"; host.port = 2222; guest.port = 22; }
+						];
 						shares = [
 							{
 								proto = "9p";
@@ -129,6 +147,29 @@
 						};
 					};

+
+					# Create and loop-mount an ext4 image on the 9p data volume
+					# for the overlay upper/work (9p can't serve as overlayfs upper)
+					systemd.services.claude-overlay-img = {
+						description = "Create ext4 image for Claude overlay";
+						wantedBy = [ "var-lib-claude\\x2drw.mount" ];
+						before = [ "var-lib-claude\\x2drw.mount" ];
+						after = [ "var-lib-cc\\x2dsandbox.mount" ];
+						requires = [ "var-lib-cc\\x2dsandbox.mount" ];
+						unitConfig.DefaultDependencies = false;
+						serviceConfig = {
+							Type = "oneshot";
+							RemainAfterExit = true;
+							ExecStart = pkgs.writeShellScript "claude-overlay-img" ''
+								img=/var/lib/cc-sandbox/claude-overlay.img
+								if [ ! -f "$img" ]; then
+									${pkgs.coreutils}/bin/truncate -s 128M "$img"
+									${pkgs.e2fsprogs}/bin/mkfs.ext4 -q "$img"
+								fi
+							'';
+						};
+					};
+
 					fileSystems = {
 						# tmpfs backing for the writable nix store overlay
 						"/nix/.rw-store" = {
@@ -137,11 +178,14 @@
 							neededForBoot = true;
 						};

-						# Claude config: ephemeral overlay on top of host's ~/.claude
+						# Loop-mounted ext4 image for overlay upper/work
 						"/var/lib/claude-rw" = {
-							fsType = "tmpfs";
-							options = [ "size=128M" "mode=0700" ];
+							device = "/var/lib/cc-sandbox/claude-overlay.img";
+							fsType = "ext4";
+							options = [ "loop" ];
 						};
+
+						# Claude config: persistent overlay on top of host's ~/.claude
 						"/root/.claude".overlay = {
 							lowerdir = [ "/var/lib/claude-lower" ];
 							upperdir = "/var/lib/claude-rw/upper";
Author	SHA1	Message	Date
illustris	9ab0eb3fb2	cc-sandbox: add persistent .claude overlay	2026-03-12 12:15:22 +05:30
illustris	0b3b5c5063	cc-sandbox: add ssh	2026-03-11 20:19:58 +05:30