diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-04 13:05:09 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-04 13:05:09 +0200 |
commit | 17457297cb05461696cfc36844b88294bd38222d (patch) | |
tree | 295571acc18df41615e1b9c330260a3af3ae1de5 /modules/virtualisation | |
parent | 3a23e6dd31d39d0a8ea229661d29855361c143cb (diff) | |
download | nixlib-17457297cb05461696cfc36844b88294bd38222d.tar nixlib-17457297cb05461696cfc36844b88294bd38222d.tar.gz nixlib-17457297cb05461696cfc36844b88294bd38222d.tar.bz2 nixlib-17457297cb05461696cfc36844b88294bd38222d.tar.lz nixlib-17457297cb05461696cfc36844b88294bd38222d.tar.xz nixlib-17457297cb05461696cfc36844b88294bd38222d.tar.zst nixlib-17457297cb05461696cfc36844b88294bd38222d.zip |
Update all legacy-style modules
I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module.
Diffstat (limited to 'modules/virtualisation')
-rw-r--r-- | modules/virtualisation/amazon-config.nix | 2 | ||||
-rw-r--r-- | modules/virtualisation/amazon-image.nix | 4 | ||||
-rw-r--r-- | modules/virtualisation/ec2-data.nix | 159 | ||||
-rw-r--r-- | modules/virtualisation/nova-config.nix | 2 | ||||
-rw-r--r-- | modules/virtualisation/nova-image.nix | 2 | ||||
-rw-r--r-- | modules/virtualisation/qemu-vm.nix | 514 |
6 files changed, 344 insertions, 339 deletions
diff --git a/modules/virtualisation/amazon-config.nix b/modules/virtualisation/amazon-config.nix index 836c46caae8d..e816ed2d183a 100644 --- a/modules/virtualisation/amazon-config.nix +++ b/modules/virtualisation/amazon-config.nix @@ -1,5 +1,5 @@ { config, pkgs, modulesPath, ... }: { - require = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; + imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; } diff --git a/modules/virtualisation/amazon-image.nix b/modules/virtualisation/amazon-image.nix index 30b06b9ef242..11939c9ba967 100644 --- a/modules/virtualisation/amazon-image.nix +++ b/modules/virtualisation/amazon-image.nix @@ -3,7 +3,7 @@ with pkgs.lib; { - require = [ ../profiles/headless.nix ./ec2-data.nix ]; + imports = [ ../profiles/headless.nix ./ec2-data.nix ]; system.build.amazonImage = pkgs.vmTools.runInLinuxVM ( @@ -83,7 +83,7 @@ with pkgs.lib; udevadm control --exit || true kill -9 -1 ''; - + # Mount all formatted ephemeral disks and activate all swap devices. # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options # because the set of devices is dependent on the instance type diff --git a/modules/virtualisation/ec2-data.nix b/modules/virtualisation/ec2-data.nix index 42c50d857e42..fccf45e0e193 100644 --- a/modules/virtualisation/ec2-data.nix +++ b/modules/virtualisation/ec2-data.nix @@ -5,7 +5,8 @@ { config, pkgs, ... }: with pkgs.lib; -let + +{ options = { ec2.metadata = mkOption { type = types.bool; @@ -15,84 +16,84 @@ let ''; }; }; -in -{ - require = [options]; - - systemd.services."fetch-ec2-data" = - { description = "Fetch EC2 Data"; - - wantedBy = [ "multi-user.target" ]; - before = [ "sshd.service" ]; - after = [ "network.target" ]; - - path = [ pkgs.curl pkgs.iproute ]; - - script = - '' - ip route del blackhole 169.254.169.254/32 || true - - curl="curl --retry 3 --retry-delay 0 --fail" - - echo "setting host name..." - ${optionalString (config.networking.hostName == "") '' - ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) - ''} - - # Don't download the SSH key if it has already been injected - # into the image (a Nova feature). - if ! [ -e /root/.ssh/authorized_keys ]; then - echo "obtaining SSH key..." - mkdir -p /root/.ssh - $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key - if [ $? -eq 0 -a -e /root/key.pub ]; then - if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then - cat /root/key.pub >> /root/.ssh/authorized_keys - echo "new key added to authorized_keys" - fi - chmod 600 /root/.ssh/authorized_keys - rm -f /root/key.pub - fi - fi - - # Extract the intended SSH host key for this machine from - # the supplied user data, if available. Otherwise sshd will - # generate one normally. - $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true - key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" - key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" - if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then - mkdir -m 0755 -p /etc/ssh - (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) - echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub - fi - - ${optionalString (! config.ec2.metadata) '' - # Since the user data is sensitive, prevent it from being - # accessed from now on. - ip route add blackhole 169.254.169.254/32 - ''} - ''; - - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - }; - systemd.services."print-host-key" = - { description = "Print SSH Host Key"; - wantedBy = [ "multi-user.target" ]; - after = [ "sshd.service" ]; - script = - '' - # Print the host public key on the console so that the user - # can obtain it securely by parsing the output of - # ec2-get-console-output. - echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console - ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console - echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - }; + config = { + + systemd.services."fetch-ec2-data" = + { description = "Fetch EC2 Data"; + + wantedBy = [ "multi-user.target" ]; + before = [ "sshd.service" ]; + after = [ "network.target" ]; + + path = [ pkgs.curl pkgs.iproute ]; + + script = + '' + ip route del blackhole 169.254.169.254/32 || true + curl="curl --retry 3 --retry-delay 0 --fail" + + echo "setting host name..." + ${optionalString (config.networking.hostName == "") '' + ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) + ''} + + # Don't download the SSH key if it has already been injected + # into the image (a Nova feature). + if ! [ -e /root/.ssh/authorized_keys ]; then + echo "obtaining SSH key..." + mkdir -p /root/.ssh + $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key + if [ $? -eq 0 -a -e /root/key.pub ]; then + if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then + cat /root/key.pub >> /root/.ssh/authorized_keys + echo "new key added to authorized_keys" + fi + chmod 600 /root/.ssh/authorized_keys + rm -f /root/key.pub + fi + fi + + # Extract the intended SSH host key for this machine from + # the supplied user data, if available. Otherwise sshd will + # generate one normally. + $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true + key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" + key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" + if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then + mkdir -m 0755 -p /etc/ssh + (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) + echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub + fi + + ${optionalString (! config.ec2.metadata) '' + # Since the user data is sensitive, prevent it from being + # accessed from now on. + ip route add blackhole 169.254.169.254/32 + ''} + ''; + + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + systemd.services."print-host-key" = + { description = "Print SSH Host Key"; + wantedBy = [ "multi-user.target" ]; + after = [ "sshd.service" ]; + script = + '' + # Print the host public key on the console so that the user + # can obtain it securely by parsing the output of + # ec2-get-console-output. + echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console + ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console + echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + }; } diff --git a/modules/virtualisation/nova-config.nix b/modules/virtualisation/nova-config.nix index df41f8f88afe..f8239cdec519 100644 --- a/modules/virtualisation/nova-config.nix +++ b/modules/virtualisation/nova-config.nix @@ -1,5 +1,5 @@ { config, pkgs, modulesPath, ... }: { - require = [ "${modulesPath}/virtualisation/nova-image.nix" ]; + imports = [ "${modulesPath}/virtualisation/nova-image.nix" ]; } diff --git a/modules/virtualisation/nova-image.nix b/modules/virtualisation/nova-image.nix index 59b88a54367d..ab625dba11d3 100644 --- a/modules/virtualisation/nova-image.nix +++ b/modules/virtualisation/nova-image.nix @@ -3,7 +3,7 @@ with pkgs.lib; { - require = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ]; + imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ]; system.build.novaImage = pkgs.vmTools.runInLinuxVM ( diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index 61d5d20f3be2..9476db8076c2 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -18,6 +18,123 @@ let then "noname" else config.networking.hostName; + cfg = config.virtualisation; + + qemuGraphics = if cfg.graphics then "" else "-nographic"; + kernelConsole = if cfg.graphics then "" else "console=ttyS0"; + ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ]; + + # Shell script to start the VM. + startVM = + '' + #! ${pkgs.stdenv.shell} + + NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) + + if ! test -e "$NIX_DISK_IMAGE"; then + ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ + ${toString config.virtualisation.diskSize}M || exit 1 + fi + + # Create a directory for exchanging data with the VM. + if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then + TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) + fi + cd $TMPDIR + mkdir -p $TMPDIR/xchg + + idx=2 + extraDisks="" + ${flip concatMapStrings cfg.emptyDiskImages (size: '' + ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M" + extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report" + idx=$((idx + 1)) + '')} + + # Start QEMU. + # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd. + exec ${pkgs.qemu_kvm}/bin/qemu-kvm \ + -name ${vmName} \ + -m ${toString config.virtualisation.memorySize} \ + ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \ + -net nic,vlan=0,model=virtio \ + -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ + -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ + -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ + -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${if cfg.useBootLoader then '' + -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ + -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \ + -boot menu=on + '' else '' + -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ + -kernel ${config.system.build.toplevel}/kernel \ + -initrd ${config.system.build.toplevel}/initrd \ + -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ + ''} \ + $extraDisks \ + ${qemuGraphics} \ + ${toString config.virtualisation.qemu.options} \ + $QEMU_OPTS + ''; + + + regInfo = pkgs.runCommand "reginfo" + { exportReferencesGraph = + map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB; + buildInputs = [ pkgs.perl ]; + preferLocalBuild = true; + } + '' + printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out + ''; + + + # Generate a hard disk image containing a /boot partition and GRUB + # in the MBR. Used when the `useBootLoader' option is set. + bootDisk = + pkgs.vmTools.runInLinuxVM ( + pkgs.runCommand "nixos-boot-disk" + { preVM = + '' + mkdir $out + diskImage=$out/disk.img + ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M" + ''; + buildInputs = [ pkgs.utillinux ]; + } + '' + # Create a single /boot partition. + ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + . /sys/class/block/vda1/uevent + mknod /dev/vda1 b $MAJOR $MINOR + . /sys/class/block/vda/uevent + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1 + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + + # Mount /boot. + mkdir /boot + mount /dev/vda1 /boot + + # This is needed for GRUB 0.97, which doesn't know about virtio devices. + mkdir /boot/grub + echo '(hd0) /dev/vda' > /boot/grub/device.map + + # Install GRUB and generate the GRUB boot menu. + touch /etc/NIXOS + mkdir -p /nix/var/nix/profiles + ${config.system.build.toplevel}/bin/switch-to-configuration boot + + umount /boot + '' + ); + +in + +{ + imports = [ ../profiles/qemu-guest.nix ]; + options = { virtualisation.memorySize = @@ -154,264 +271,151 @@ let }; - cfg = config.virtualisation; - - qemuGraphics = if cfg.graphics then "" else "-nographic"; - kernelConsole = if cfg.graphics then "" else "console=ttyS0"; - ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ]; - - # Shell script to start the VM. - startVM = - '' - #! ${pkgs.stdenv.shell} - - NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) - - if ! test -e "$NIX_DISK_IMAGE"; then - ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ - ${toString config.virtualisation.diskSize}M || exit 1 - fi - - # Create a directory for exchanging data with the VM. - if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then - TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) - fi - cd $TMPDIR - mkdir -p $TMPDIR/xchg - - idx=2 - extraDisks="" - ${flip concatMapStrings cfg.emptyDiskImages (size: '' - ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M" - extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report" - idx=$((idx + 1)) - '')} - - # Start QEMU. - # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd. - exec ${pkgs.qemu_kvm}/bin/qemu-kvm \ - -name ${vmName} \ - -m ${toString config.virtualisation.memorySize} \ - ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \ - -net nic,vlan=0,model=virtio \ - -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ - -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ - -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ - -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ - ${if cfg.useBootLoader then '' - -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ - -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \ - -boot menu=on + config = { + + boot.loader.grub.device = mkOverride 50 "/dev/vda"; + + boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse"; + + boot.initrd.extraUtilsCommands = + '' + # We need mke2fs in the initrd. + cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin + ''; + + boot.initrd.postDeviceCommands = + '' + # If the disk image appears to be empty, run mke2fs to + # initialise. + FSTYPE=$(blkid -o value -s TYPE /dev/vda || true) + if test -z "$FSTYPE"; then + mke2fs -t ext4 /dev/vda + fi + ''; + + boot.initrd.postMountCommands = + '' + # Mark this as a NixOS machinex. + mkdir -p $targetRoot/etc + echo -n > $targetRoot/etc/NIXOS + + # Fix the permissions on /tmp. + chmod 1777 $targetRoot/tmp + + mkdir -p $targetRoot/boot + mount -o remount,ro $targetRoot/nix/store + ${optionalString cfg.writableStore '' + mkdir -p /unionfs-chroot/ro-store + mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store + + mkdir /unionfs-chroot/rw-store + ${if cfg.writableStoreUseTmpfs then '' + mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store '' else '' - -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ - -kernel ${config.system.build.toplevel}/kernel \ - -initrd ${config.system.build.toplevel}/initrd \ - -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ - ''} \ - $extraDisks \ - ${qemuGraphics} \ - ${toString config.virtualisation.qemu.options} \ - $QEMU_OPTS - ''; - - - regInfo = pkgs.runCommand "reginfo" - { exportReferencesGraph = - map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB; - buildInputs = [ pkgs.perl ]; - preferLocalBuild = true; - } - '' - printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out - ''; - - - # Generate a hard disk image containing a /boot partition and GRUB - # in the MBR. Used when the `useBootLoader' option is set. - bootDisk = - pkgs.vmTools.runInLinuxVM ( - pkgs.runCommand "nixos-boot-disk" - { preVM = - '' - mkdir $out - diskImage=$out/disk.img - ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M" - ''; - buildInputs = [ pkgs.utillinux ]; - } - '' - # Create a single /boot partition. - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s - . /sys/class/block/vda1/uevent - mknod /dev/vda1 b $MAJOR $MINOR - . /sys/class/block/vda/uevent - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1 - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 - - # Mount /boot. - mkdir /boot - mount /dev/vda1 /boot - - # This is needed for GRUB 0.97, which doesn't know about virtio devices. - mkdir /boot/grub - echo '(hd0) /dev/vda' > /boot/grub/device.map - - # Install GRUB and generate the GRUB boot menu. - touch /etc/NIXOS - mkdir -p /nix/var/nix/profiles - ${config.system.build.toplevel}/bin/switch-to-configuration boot + mkdir $targetRoot/.nix-rw-store + mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store + ''} - umount /boot - '' - ); - -in - -{ - require = [ options ../profiles/qemu-guest.nix ]; - - boot.loader.grub.device = mkOverride 50 "/dev/vda"; - - boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse"; - - boot.initrd.extraUtilsCommands = - '' - # We need mke2fs in the initrd. - cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin - ''; - - boot.initrd.postDeviceCommands = - '' - # If the disk image appears to be empty, run mke2fs to - # initialise. - FSTYPE=$(blkid -o value -s TYPE /dev/vda || true) - if test -z "$FSTYPE"; then - mke2fs -t ext4 /dev/vda - fi - ''; - - boot.initrd.postMountCommands = - '' - # Mark this as a NixOS machinex. - mkdir -p $targetRoot/etc - echo -n > $targetRoot/etc/NIXOS - - # Fix the permissions on /tmp. - chmod 1777 $targetRoot/tmp - - mkdir -p $targetRoot/boot - mount -o remount,ro $targetRoot/nix/store - ${optionalString cfg.writableStore '' - mkdir -p /unionfs-chroot/ro-store - mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store - - mkdir /unionfs-chroot/rw-store - ${if cfg.writableStoreUseTmpfs then '' - mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store - '' else '' - mkdir $targetRoot/.nix-rw-store - mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store ''} + ''; + + # After booting, register the closure of the paths in + # `virtualisation.pathsInNixDB' in the Nix database in the VM. This + # allows Nix operations to work in the VM. The path to the + # registration file is passed through the kernel command line to + # allow `system.build.toplevel' to be included. (If we had a direct + # reference to ${regInfo} here, then we would get a cyclic + # dependency.) + boot.postBootCommands = + '' + if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then + ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} + fi + ''; + + virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; + + virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ]; + + # Mount the host filesystem via 9P, and bind-mount the Nix store of + # the host into our own filesystem. We use mkOverride to allow this + # module to be applied to "normal" NixOS system configuration, where + # the regular value for the `fileSystems' attribute should be + # disregarded for the purpose of building a VM test image (since + # those filesystems don't exist in the VM). + fileSystems = mkOverride 10 + { "/".device = "/dev/vda"; + "/nix/store" = + { device = "store"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; + }; + "/tmp/xchg" = + { device = "xchg"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; + neededForBoot = true; + }; + "/tmp/shared" = + { device = "shared"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576"; + neededForBoot = true; + }; + } // optionalAttrs cfg.useBootLoader + { "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + options = "ro"; + noCheck = true; # fsck fails on a r/o filesystem + }; + }; - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store - ''} - ''; - - # After booting, register the closure of the paths in - # `virtualisation.pathsInNixDB' in the Nix database in the VM. This - # allows Nix operations to work in the VM. The path to the - # registration file is passed through the kernel command line to - # allow `system.build.toplevel' to be included. (If we had a direct - # reference to ${regInfo} here, then we would get a cyclic - # dependency.) - boot.postBootCommands = - '' - if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then - ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} - fi - ''; - - virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; - - virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ]; - - # Mount the host filesystem via 9P, and bind-mount the Nix store of - # the host into our own filesystem. We use mkOverride to allow this - # module to be applied to "normal" NixOS system configuration, where - # the regular value for the `fileSystems' attribute should be - # disregarded for the purpose of building a VM test image (since - # those filesystems don't exist in the VM). - fileSystems = mkOverride 10 - { "/".device = "/dev/vda"; - "/nix/store" = - { device = "store"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; - }; - "/tmp/xchg" = - { device = "xchg"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; - neededForBoot = true; - }; - "/tmp/shared" = - { device = "shared"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576"; - neededForBoot = true; - }; - } // optionalAttrs cfg.useBootLoader - { "/boot" = - { device = "/dev/disk/by-label/boot"; - fsType = "ext4"; - options = "ro"; - noCheck = true; # fsck fails on a r/o filesystem - }; - }; - - swapDevices = mkOverride 50 [ ]; - - # Don't run ntpd in the guest. It should get the correct time from KVM. - services.ntp.enable = false; - - system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } - '' - ensureDir $out/bin - ln -s ${config.system.build.toplevel} $out/system - ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm - ''; + swapDevices = mkOverride 50 [ ]; + + # Don't run ntpd in the guest. It should get the correct time from KVM. + services.ntp.enable = false; + + system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } + '' + ensureDir $out/bin + ln -s ${config.system.build.toplevel} $out/system + ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm + ''; + + # When building a regular system configuration, override whatever + # video driver the host uses. + services.xserver.videoDriver = mkOverride 50 null; + services.xserver.videoDrivers = mkOverride 50 [ "vesa" ]; + services.xserver.defaultDepth = mkOverride 50 0; + services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ]; + services.xserver.monitorSection = + '' + # Set a higher refresh rate so that resolutions > 800x600 work. + HorizSync 30-140 + VertRefresh 50-160 + ''; + + # Wireless won't work in the VM. + networking.wireless.enable = mkOverride 50 false; + + system.requiredKernelConfig = with config.lib.kernelConfig; + [ (isEnabled "VIRTIO_BLK") + (isEnabled "VIRTIO_PCI") + (isEnabled "VIRTIO_NET") + (isEnabled "EXT4_FS") + (isYes "BLK_DEV") + (isYes "PCI") + (isYes "EXPERIMENTAL") + (isYes "NETDEVICES") + (isYes "NET_CORE") + (isYes "INET") + (isYes "NETWORK_FILESYSTEMS") + ] ++ optional (!cfg.graphics) [ + (isYes "SERIAL_8250_CONSOLE") + (isYes "SERIAL_8250") + ]; - # When building a regular system configuration, override whatever - # video driver the host uses. - services.xserver.videoDriver = mkOverride 50 null; - services.xserver.videoDrivers = mkOverride 50 [ "vesa" ]; - services.xserver.defaultDepth = mkOverride 50 0; - services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ]; - services.xserver.monitorSection = - '' - # Set a higher refresh rate so that resolutions > 800x600 work. - HorizSync 30-140 - VertRefresh 50-160 - ''; - - # Wireless won't work in the VM. - networking.wireless.enable = mkOverride 50 false; - - system.requiredKernelConfig = with config.lib.kernelConfig; - [ (isEnabled "VIRTIO_BLK") - (isEnabled "VIRTIO_PCI") - (isEnabled "VIRTIO_NET") - (isEnabled "EXT4_FS") - (isYes "BLK_DEV") - (isYes "PCI") - (isYes "EXPERIMENTAL") - (isYes "NETDEVICES") - (isYes "NET_CORE") - (isYes "INET") - (isYes "NETWORK_FILESYSTEMS") - ] ++ optional (!cfg.graphics) [ - (isYes "SERIAL_8250_CONSOLE") - (isYes "SERIAL_8250") - ]; + }; } |