Open
Conversation
jospint
reviewed
Mar 30, 2026
jospint
reviewed
Mar 30, 2026
Comment on lines
+206
to
+209
| nameservers = [ | ||
| "8.8.8.8" | ||
| "8.8.4.4" | ||
| ]; |
There was a problem hiding this comment.
From what I can read, you'd need to install a local DNS forwarder (dnsmasq) if you didn't want to use Google DNS resolvers. Would it make sense to do that?
There was a problem hiding this comment.
Actually the README says in prerequisites
"dnsmasq, nftables, e2fsprogs (for mke2fs), virtiofsd"
Owner
Author
There was a problem hiding this comment.
Readme now lists the prerequisites by platform - https://github.com/razvanz/nixbox/tree/feat/macos-vfkit-support?tab=readme-ov-file#prerequisites
jospint
approved these changes
Mar 30, 2026
razvanz
force-pushed
the
feat/macos-vfkit-support
branch
2 times, most recently
from
89e99f6 to
cfa91b1
Compare
Multi-system flake (x86_64-linux, aarch64-linux, aarch64-darwin) with conditional hypervisor selection: cloud-hypervisor+TAP on Linux, vfkit+vmnet NAT on macOS. Darwin path uses ARP-based IP discovery, native virtiofs (no virtiofsd), and DHCP networking. Hot-plug mount/unmount disabled on macOS MVP. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
uname -m returns "arm64" on Apple Silicon but Nix expects "aarch64". Also add fail-fast: false to E2E matrix so Linux E2E isn't canceled by macOS failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
microvm.nix requires an id for all interface types, not just tap. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
macOS GitHub runners cannot build aarch64-linux derivations required for the NixOS guest image. E2E stays linux-only; test job (ShellCheck, BATS, Nix eval) remains cross-platform. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
razvanz
force-pushed
the
feat/macos-vfkit-support
branch
from
cfa91b1 to
e7e6fe8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
x86_64-linux,aarch64-linux,aarch64-darwin) usinglib.genAttrswith per-systemnixosConfigurations,packages, andapps_portable_realpath,_sha256,_nix_system), ARP-based guest IP discovery, no virtiofsd/dnsmasq/nft dependenciesKey design decisions
lib/runners/vfkit.nixrather than hand-building CLI invocationsaarch64-linuxNixOS guest derivations (no Linux builder available). See ADR 015.Bug fixes discovered during CI
_nix_system(): Apple tools reportarm64but Nix expectsaarch64— added mappingflake.nix: missing requiredidfield on darwin microvm network interfaceKnown limitations (MVP)
openon macOS (no egress/DNS filtering)Test plan
nix flake showshows all three systems' outputsnix build .#packages.x86_64-linux.nixboxsucceeds (Linux regression)nix build .#packages.aarch64-darwin.vm-runnerproduces vfkit runner (on macOS)nixbox doctoron macOS passes without KVM/nft/dnsmasq/virtiofsdnixbox up→nixbox shell→nixbox downcycle works on macOS🤖 Generated with Claude Code