Repository: https://github.com/vegetableman/nixos24.11-packer

Following are two steps I had to follow to make sure I could set this vm up on my machine (MacOS using M3):

Booting NixOS manually through QEMU

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

vegetableman@mac:~$ /opt/homebrew/bin/qemu-system-aarch64 \  
     -name nixos-arm64 \
     -M virt,highmem=on \
     -accel hvf \
     -cpu host \
     -m 2048 \
     -smp 4 \
     -drive file=output-nixos-qemu/nixos-arm64.qcow2,if=virtio,cache=writeback,discard=ignore,format=qcow2 \
     -drive file="./nixos-minimal-24.11.1-aarch64-linux.iso",media=cdrom,if=none,id=cdrom \
     -device virtio-scsi-device \
     -device scsi-cd,drive=cdrom \
     -device virtio-net-device,netdev=user.0 \
     -netdev user,id=user.0,hostfwd=tcp::4414-:22 \
     -bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
     -nographic

Booting the NixOS iso manually through QEMU helped me understand the required configuration parameters to run it optimally and most importantly, it helped me verify whether my machine could, in fact, run NixOS on QEMU. Above is the configuration that worked out well on my system.

Fixing SSH handshaking issues popping up during the build process

This was the most frustating of issues that I had to face to get packer working. It’s not difficult to find these issues reported on the packer repo.

To cut to the chase, the most important parameter to tweak is boot_wait. I went with 30s. However, I have seen it being set to a much higher value, like, 120s on some repo’s. This is the time packer waits BEFORE sending any boot commands. The time should be reasonable enough for the guest vm to boot completely including finish setting up the sshd daemon, without which packer goes on an endless loop of failed connection attempts. I have seen way too many of those failures, but I live to tell the tale.

Other parameters that might help you from getting stuck are: ssh_handshake_attempts, ssh_wait_timeout, ssh_timeout. Details on them are documented on the repo above.

The boot commands (boot_command) are the second most important detail where we send commands to save the public key on the guest vm, that both packer and vagrant need to establish SSH connections to the vm, for provisioning and logging in respectively. More details on it are documented here.

In fact, Hashicorp provides its own set of public and private keys called insecured keypairs (available on this repo) that could be placed on a directory. While the private key is set through ssh_private_key_file, the public key is sent to the guest vm using the http_directory parameter.

This process of building my vagrant box also led me to publish it to the vagrant cloud.

Until next time.