Extremely minimal sway setup.

nix/configuration/boot.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [];
+
+  boot.loader.grub.enable = false;
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  # TODO: make not write bootx64.efi
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  # Automatically delete old generations
+  boot.loader.systemd-boot.configurationLimit = 3;
+}
+
+# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
+
+
+# Text-only:
+# sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
+
+# Full graphics:
+# $ sudo nix-shell -p refind efibootmgr
+# $ refind-install

nix/configuration/configuration.nix

@@ -0,0 +1,178 @@
+{ config, lib, pkgs, pkgs-unstable, ... }:
+
+{
+  imports =
+    [
+      ./hosts/odo
+      "${builtins.fetchTarball {url="https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";sha256="0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";}}/module.nix"
+      ./boot.nix
+      ./zfs.nix
+      ./network.nix
+      ./roles/sway
+    ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  users.mutableUsers = false;
+  users.users.talexander = {
+    isNormalUser = true;
+    createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
+    extraGroups = [ "wheel" ];
+    packages = with pkgs; [
+      tree
+    ];
+    # Generate with `mkpasswd -m scrypt`
+    hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
+    ];
+  };
+
+  # Automatic garbage collection
+  nix.gc = {
+    # Runs nix-collect-garbage --delete-older-than 5d
+    automatic = true;
+    randomizedDelaySec = "14m";
+    options = "--delete-older-than 5d";
+  };
+
+  # Use doas instead of sudo
+  security.doas.enable = true;
+  security.doas.wheelNeedsPassword = false;
+  security.sudo.enable = false;
+  security.doas.extraRules = [{
+    # Retain environment (for example NIX_PATH)
+    keepEnv = true;
+    persist = true;  # Only ask for a password the first time.
+  }];
+
+  # Do not use default packages (nixos includes some defaults like nano)
+  environment.defaultPackages = lib.mkForce [];
+
+  environment.systemPackages = with pkgs; [
+    git
+    wget
+    mg
+    rsync
+    libinput
+    htop
+    tmux
+    file
+    usbutils # for lsusb
+    pciutils # for lspci
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+    hostKeys = [
+      {
+        path = "/persist/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "/persist/ssh/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedUDPPorts = [ ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Check what will be lost with `zfs diff zroot/linux/root@blank`
+  boot.initrd.systemd.enable = lib.mkDefault true;
+  boot.initrd.systemd.services.zfs-rollback = {
+    description = "Rollback ZFS root dataset to blank snapshot";
+    wantedBy = [
+      "initrd.target"
+    ];
+    after = [
+      "zfs-import-zroot.service"
+    ];
+    before = [
+      "sysroot.mount"
+    ];
+    path = with pkgs; [
+      zfs
+    ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      zfs rollback -r zroot/linux/root@blank
+      zfs rollback -r zroot/linux/home@blank
+      echo "rollback complete"
+    '';
+  };
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/etc/nixos" # Contains system configuration, optional
+      "/etc/NetworkManager/system-connections" # Wifi settings
+      "/var/lib/iwd" # Wifi settings
+      "/var/lib/nixos" # Contains user information (uids/gids)
+    ];
+    files = [
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+    ];
+    # users.talexander = {
+    #   directories = [];
+    #   files = [];
+    # };
+  };
+
+  # Write a list of the currently installed packages to /etc/current-system-packages
+  environment.etc."current-system-packages".text =
+    let
+      packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
+      sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
+      formatted = builtins.concatStringsSep "\n" sortedUnique;
+    in
+      formatted;
+
+  # nixpkgs.overlays = [
+  #   (final: prev: {
+  #     nix = pkgs-unstable.nix;
+  #   })
+  # ];
+
+
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}

nix/configuration/flake.lock

@@ -0,0 +1,99 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734366194,
+        "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-24.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1734200366,
+        "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1734323986,
+        "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "394571358ce82dff7411395829aa6a3aad45b907",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-b93b4e9b5": {
+      "locked": {
+        "lastModified": 1713721570,
+        "narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1734424634,
+        "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "impermanence": "impermanence",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nix/configuration/flake.nix

@@ -0,0 +1,111 @@
+{
+  description = "My system configuration";
+
+  inputs = {
+    impermanence.url = "github:nix-community/impermanence";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-b93b4e9b5, impermanence, home-manager, ... }@inputs: let
+    base-system = {};
+    odoqemu = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      specialArgs = {
+        pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
+          inherit system;
+          # config.allowUnfree = true;
+        };
+        pkgs-unstable = import nixpkgs-unstable {
+          inherit system;
+          # config.allowUnfree = true;
+        };
+      };
+      modules = [
+        impermanence.nixosModules.impermanence
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+        }
+        ./configuration.nix
+        ({lib, ...}: {
+          imports = [ <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ];
+          virtualisation.qemu.options = [
+            "-device virtio-vga"
+          ];
+          virtualisation.vmVariant = {
+            # following configuration is added only when building VM with build-vm
+            virtualisation = {
+              memorySize = 2048; # Use 2048MiB memory.
+              cores = 3;
+              graphics = false;
+            };
+          };
+          networking.dhcpcd.enable = lib.mkForce true;
+          networking.useDHCP = lib.mkForce true;
+          boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
+          # doas nixos-rebuild build-vm --flake .#odoqemu
+          #./result/bin/run-nixos-vm
+        })
+      ];
+    };
+  in
+    {
+      # doas nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#vms.odo
+      # ./result/bin/run-nixos-vim
+      vms.odo = odoqemu.config.system.build.vm;
+      nixosConfigurations.odo = nixpkgs.lib.nixosSystem rec {
+        system = "x86_64-linux";
+        specialArgs = {
+          pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
+            inherit system;
+            # config.allowUnfree = true;
+          };
+          pkgs-unstable = import nixpkgs-unstable {
+            inherit system;
+            # config.allowUnfree = true;
+          };
+        };
+        modules = [
+          impermanence.nixosModules.impermanence
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+          }
+          ./configuration.nix
+        ];
+      };
+      nixosConfigurations.odovm = nixpkgs.lib.nixosSystem rec {
+        system = "x86_64-linux";
+        specialArgs = {
+          pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
+            inherit system;
+            # config.allowUnfree = true;
+          };
+          pkgs-unstable = import nixpkgs-unstable {
+            inherit system;
+            # config.allowUnfree = true;
+          };
+        };
+        modules = [
+          impermanence.nixosModules.impermanence
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+          }
+          ./configuration.nix
+          ({lib, ...}: {
+            networking.dhcpcd.enable = lib.mkForce true;
+            networking.useDHCP = lib.mkForce true;
+            boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
+          })
+        ];
+      };
+    };
+}

nix/configuration/hosts/odo/default.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
+  networking.hostId = "908cbf04";
+
+  networking.hostName = "odo"; # Define your hostname.
+
+  time.timeZone = "America/New_York";
+}

nix/configuration/hosts/odo/disk-config.nix

@@ -0,0 +1,110 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" "noatime" "discard" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        # mode = "mirror";
+        # Workaround: cannot import 'zroot': I/O error in disko tests
+        options.cachefile = "none";
+        options = {
+          ashift = "12";
+          compatibility = "openzfs-2.2-freebsd";
+          autotrim = "on";
+        };
+        rootFsOptions = {
+          acltype = "posixacl";
+          atime = "off";
+          relatime = "off";
+          xattr = "sa";
+          mountpoint = "none";
+          compression = "lz4";
+          canmount = "off";
+          utf8only = "on";
+          dnodesize = "auto";
+          normalization = "formD";
+        };
+
+        datasets = {
+          "linux/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+            options = {
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+              # keylocation = "file:///tmp/secret.key";
+            };
+          };
+          "linux/nix/root" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
+          };
+          "linux/nix/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/nix";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
+            options = {
+              recordsize = "16MiB";
+              compression = "zstd-19";
+            };
+          };
+          "linux/nix/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/home";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
+          };
+          "linux/nix/persist" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/persist";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
+          };
+          "linux/nix/state" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/state";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
+          };
+        };
+      };
+    };
+  };
+
+  # Make sure all persistent volumes are marked as neededForBoot
+  #
+  # Also mounts /home so it is mounted before the user home directories are created.
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/state".neededForBoot = true;
+  fileSystems."/home".neededForBoot = true;
+}

nix/configuration/hosts/odo/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nix/configuration/network.nix

@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [];
+
+  networking.dhcpcd.enable = false;
+  networking.useDHCP = false;
+  # networking.nameservers = ["8.8.8.8" "8.8.4.4"];
+  networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "[2a07:e340::2]#doh.mullvad.net" ];
+  # networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = [ ];
+    dnsovertls = "true";
+  };
+  networking.wireless.iwd = {
+    enable = true;
+
+    settings = {
+      General = {
+        EnableNetworkConfiguration = true;
+        AddressRandomization = "network";
+      };
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    iw
+    iwd
+  ];
+}

nix/configuration/roles/sway/default.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [];
+
+  environment.systemPackages = with pkgs; [
+    alacritty
+    firefox
+  ];
+
+  environment.sessionVariables = {
+    WLR_RENDERER_ALLOW_SOFTWARE = "1";
+  };
+
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    extraOptions = [
+      "--debug"
+      "--config"
+      "${./files/config}"
+      "--unsupported-gpu"
+    ];
+  };
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+}

nix/configuration/roles/sway/files/config

@@ -0,0 +1,32 @@
+# Default config for sway
+#
+# Copy this to ~/.config/sway/config and edit it to your liking.
+#
+# Read `man 5 sway` for a complete reference.
+
+### Variables
+#
+# Logo key. Use Mod1 for Alt.
+set $mod Mod4
+# set $mod Mod1
+# Home row direction keys, like vim
+set $left h
+set $down j
+set $up k
+set $right l
+# Your preferred terminal emulator
+set $term alacritty
+# Your preferred application launcher
+# Note: it's recommended that you pass the final command to sway
+# set $menu dmenu_path | dmenu | xargs swaymsg exec
+set $menu wofi --show drun --gtk-dark
+
+# Do not show a title bar on windows
+default_border pixel 2
+
+bindsym $mod+grave exec $term
+
+exec alacritty
+
+include ~/.config/sway/config.d/*.conf
+include /etc/sway/config.d/*

nix/configuration/zfs.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [];
+
+  boot.zfs.devNodes = "/dev/disk/by-partuuid";
+
+  services.zfs = {
+    autoScrub = {
+      enable = true;
+      interval = "monthly";
+    };
+    trim.enable = true;
+  };
+
+}

nix/virtual_machine/nix_vm.bash

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+#
+# Manage a nix vm for testing.
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+: ${VM_ROOT_ZFS:="zroot/linux/archmain/vm/nix"}
+: ${VM_ROOT_MOUNT:="/vm/nix"}
+: ${VM_DISK_SIZE:="100G"}
+
+# Manual Steps:
+#
+#   Download the nixos livecd from https://channels.nixos.org/nixos-24.11/latest-nixos-gnome-x86_64-linux.iso
+
+############## Setup #########################
+
+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
+function log {
+    (>&2 echo "${@}")
+}
+
+############## Program #########################
+
+function main {
+    local cmd="$1"
+    shift 1
+    if [ "$cmd" = "init" ]; then
+        vm_init "${@}"
+    elif [ "$cmd" = "install" ]; then
+        vm_install "${@}"
+    elif [ "$cmd" = "run" ]; then
+        vm_run "${@}"
+    elif [ "$cmd" = "iso_ssh" ]; then
+        vm_iso_ssh "${@}"
+    elif [ "$cmd" = "iso_sync" ]; then
+        vm_iso_sync "${@}"
+    elif [ "$cmd" = "ssh" ]; then
+        vm_ssh "${@}"
+    elif [ "$cmd" = "sync" ]; then
+        vm_sync "${@}"
+    else
+        die 1 "Unknown command: $cmd"
+    fi
+}
+
+function vm_init {
+    zfs create -o mountpoint=none -o canmount=off "$VM_ROOT_ZFS"
+    zfs create -u -o "mountpoint=$VM_ROOT_MOUNT" -o canmount=on "$VM_ROOT_ZFS/settings"
+    zfs create -s "-V${VM_DISK_SIZE}" -o volmode=dev -o primarycache=metadata -o secondarycache=none -o volblocksize=64K "${VM_ROOT_ZFS}/disk0"
+
+    zfs snapshot -r "$VM_ROOT_ZFS@empty"
+
+    zfs mount "$VM_ROOT_ZFS/settings"
+
+    # Empty EFI variables
+    cp /usr/share/edk2/x64/OVMF_VARS.4m.fd "${VM_ROOT_MOUNT}/"
+}
+
+function vm_install {
+    VM_CDROM="$1"
+    shift 1
+    vm_run "${@}"
+}
+
+function vm_run {
+    local additional_args=()
+
+    if [ -n "${VM_CDROM:-}" ]; then
+        log "Using CD $VM_CDROM"
+        additional_args+=("-cdrom" "$VM_CDROM")
+    fi
+
+    exec qemu-system-x86_64 \
+         -accel kvm \
+         -cpu host \
+         -smp cores=8 \
+         -m 32768 \
+         -drive file=/usr/share/edk2/x64/OVMF_CODE.4m.fd,if=pflash,format=raw,readonly=on \
+         -drive if=pflash,format=raw,file="$(readlink -f "${VM_ROOT_MOUNT}/OVMF_VARS.4m.fd")" \
+         -drive "if=none,file=/dev/zvol/${VM_ROOT_ZFS}/disk0,format=raw,id=hd0" \
+         -device nvme,serial=deadbeef,drive=hd0 \
+         -nic user,hostfwd=tcp::60022-:22 \
+         -boot order=d \
+         "${additional_args[@]}"
+}
+
+function vm_iso_ssh {
+    exec gpg_auth ssh -p 60022 nixos@127.0.0.1
+}
+
+function vm_iso_sync {
+    gpg_auth rsync -av --delete --progress -e 'ssh -p 60022' "$DIR/../configuration" nixos@127.0.0.1:~/
+    gpg_auth ssh -p 60022 nixos@127.0.0.1 'sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount ./configuration/hosts/odo/disk-config.nix'
+    gpg_auth ssh -t -p 60022 nixos@127.0.0.1 sudo nixos-install --flake ./configuration#odovm
+}
+
+function vm_ssh {
+    exec gpg_auth ssh -p 60022 127.0.0.1
+}
+
+function vm_sync {
+    gpg_auth rsync -av --delete --progress -e 'ssh -p 60022' "$DIR/../configuration" 127.0.0.1:~/
+    gpg_auth ssh -t -p 60022 127.0.0.1 doas nixos-rebuild boot --flake ./configuration#odovm
+}
+
+main "${@}"