diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
| commit | 75eafe97f7df0d653bec67f3962214d7c357831f (patch) | |
| tree | 09f2cc901e0e637876cbb78d192dfe2fcfef8156 /nixpkgs/nixos/modules/virtualisation | |
| parent | a53b121bf4331497da63df3b1b7f1a7897dad146 (diff) | |
| parent | a2e06fc3423c4be53181b15c28dfbe0bcf67dd73 (diff) | |
| download | nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.gz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.bz2 nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.lz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.xz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.zst nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.zip | |
Merge commit 'a2e06fc3423c4be53181b15c28dfbe0bcf67dd73'
Diffstat (limited to 'nixpkgs/nixos/modules/virtualisation')
7 files changed, 148 insertions, 35 deletions
diff --git a/nixpkgs/nixos/modules/virtualisation/docker-containers.nix b/nixpkgs/nixos/modules/virtualisation/docker-containers.nix index 760cb9122a2f..5ab990a3d7cc 100644 --- a/nixpkgs/nixos/modules/virtualisation/docker-containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/docker-containers.nix @@ -10,11 +10,24 @@ let options = { image = mkOption { - type = types.str; + type = with types; str; description = "Docker image to run."; example = "library/hello-world"; }; + imageFile = mkOption { + type = with types; nullOr package; + default = null; + description = '' + Path to an image file to load instead of pulling from a registry. + If defined, do not pull from registry. + + You still need to set the <literal>image</literal> attribute, as it + will be used as the image name for docker to start a container. + ''; + example = literalExample "pkgs.dockerTools.buildDockerImage {...};"; + }; + cmd = mkOption { type = with types; listOf str; default = []; @@ -26,7 +39,7 @@ let entrypoint = mkOption { type = with types; nullOr str; - description = "Overwrite the default entrypoint of the image."; + description = "Override the default entrypoint of the image."; default = null; example = "/bin/my-app"; }; @@ -132,7 +145,7 @@ let Note that this is a list of <literal>"src:dst"</literal> strings to allow for <literal>src</literal> to refer to - <literal>/nix/store</literal> paths, which would difficult with an + <literal>/nix/store</literal> paths, which would be difficult with an attribute set. There are also a variety of mount options available as a third field; please refer to the <link xlink:href="https://docs.docker.com/engine/reference/run/#volume-shared-filesystems"> @@ -153,6 +166,24 @@ let example = "/var/lib/hello_world"; }; + dependsOn = mkOption { + type = with types; listOf str; + default = []; + description = '' + Define which other containers this one depends on. They will be added to both After and Requires for the unit. + + Use the same name as the attribute under <literal>services.docker-containers</literal>. + ''; + example = literalExample '' + services.docker-containers = { + node1 = {}; + node2 = { + dependsOn = [ "node1" ]; + } + } + ''; + }; + extraDockerOptions = mkOption { type = with types; listOf str; default = []; @@ -161,18 +192,39 @@ let ["--network=host"] ''; }; + + autoStart = mkOption { + type = types.bool; + default = true; + description = '' + When enabled, the container is automatically started on boot. + If this option is set to false, the container has to be started on-demand via its service. + ''; + }; }; }; - mkService = name: container: { - wantedBy = [ "multi-user.target" ]; - after = [ "docker.service" "docker.socket" ]; - requires = [ "docker.service" "docker.socket" ]; + mkService = name: container: let + mkAfter = map (x: "docker-${x}.service") container.dependsOn; + in rec { + wantedBy = [] ++ optional (container.autoStart) "multi-user.target"; + after = [ "docker.service" "docker.socket" ] ++ mkAfter; + requires = after; + path = [ pkgs.docker ]; + + preStart = '' + docker rm -f ${name} || true + ${optionalString (container.imageFile != null) '' + docker load -i ${container.imageFile} + ''} + ''; + postStop = "docker rm -f ${name} || true"; + serviceConfig = { ExecStart = concatStringsSep " \\\n " ([ "${pkgs.docker}/bin/docker run" "--rm" - "--name=%n" + "--name=${name}" "--log-driver=${container.log-driver}" ] ++ optional (container.entrypoint != null) "--entrypoint=${escapeShellArg container.entrypoint}" @@ -185,9 +237,8 @@ let ++ [container.image] ++ map escapeShellArg container.cmd ); - ExecStartPre = "-${pkgs.docker}/bin/docker rm -f %n"; - ExecStop = ''${pkgs.bash}/bin/sh -c "[ $SERVICE_RESULT = success ] || ${pkgs.docker}/bin/docker stop %n"''; - ExecStopPost = "-${pkgs.docker}/bin/docker rm -f %n"; + + ExecStop = ''${pkgs.bash}/bin/sh -c "[ $SERVICE_RESULT = success ] || docker stop ${name}"''; ### There is no generalized way of supporting `reload` for docker ### containers. Some containers may respond well to SIGHUP sent to their diff --git a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix index 0f1f052880c5..adc2810a9939 100644 --- a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix @@ -32,7 +32,7 @@ in { ]; kernelParams = [ - "video=hyperv_fb:${cfg.videoMode}" + "video=hyperv_fb:${cfg.videoMode} elevator=noop" ]; }; diff --git a/nixpkgs/nixos/modules/virtualisation/kvmgt.nix b/nixpkgs/nixos/modules/virtualisation/kvmgt.nix index 36ef6d17df69..0902d2dc2cb0 100644 --- a/nixpkgs/nixos/modules/virtualisation/kvmgt.nix +++ b/nixpkgs/nixos/modules/virtualisation/kvmgt.nix @@ -19,7 +19,8 @@ in { virtualisation.kvmgt = { enable = mkEnableOption '' KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card. - Currently only one graphical device can be shared + Currently only one graphical device can be shared. To allow users to access the device without root add them + to the kvm group: <literal>users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];</literal> ''; # multi GPU support is under the question device = mkOption { @@ -35,9 +36,7 @@ in { and find info about device via <command>cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description</command> ''; example = { - i915-GVTg_V5_8 = { - uuid = "a297db4a-f4c2-11e6-90f6-d3b88d6c9525"; - }; + i915-GVTg_V5_8.uuid = "a297db4a-f4c2-11e6-90f6-d3b88d6c9525"; }; }; }; @@ -50,10 +49,7 @@ in { }; boot.kernelModules = [ "kvmgt" ]; - - boot.extraModprobeConfig = '' - options i915 enable_gvt=1 - ''; + boot.kernelParams = [ "i915.enable_gvt=1" ]; systemd.paths = mapAttrs' (name: value: nameValuePair "kvmgt-${name}" { @@ -65,6 +61,10 @@ in { } ) cfg.vgpus; + services.udev.extraRules = '' + SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm" + ''; + systemd.services = mapAttrs' (name: value: nameValuePair "kvmgt-${name}" { description = "KVMGT VGPU ${name}"; diff --git a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix index 52d852894ce5..9f7bac480e38 100644 --- a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix +++ b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix @@ -219,7 +219,7 @@ in { wantedBy = [ "multi-user.target" ]; requires = [ "libvirtd-config.service" ]; after = [ "systemd-udev-settle.service" "libvirtd-config.service" ] - ++ optional vswitch.enable "vswitchd.service"; + ++ optional vswitch.enable "ovs-vswitchd.service"; environment.LIBVIRTD_ARGS = ''--config "${configFile}" ${concatStringsSep " " cfg.extraOptions}''; diff --git a/nixpkgs/nixos/modules/virtualisation/lxd.nix b/nixpkgs/nixos/modules/virtualisation/lxd.nix index b4934a86cf56..de48d3a780e2 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxd.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxd.nix @@ -7,6 +7,7 @@ with lib; let cfg = config.virtualisation.lxd; + zfsCfg = config.boot.zfs; in @@ -26,11 +27,40 @@ in <command>lxc</command> command line tool, among others. ''; }; + + package = mkOption { + type = types.package; + default = pkgs.lxd; + defaultText = "pkgs.lxd"; + description = '' + The LXD package to use. + ''; + }; + + lxcPackage = mkOption { + type = types.package; + default = pkgs.lxc; + defaultText = "pkgs.lxc"; + description = '' + The LXC package to use with LXD (required for AppArmor profiles). + ''; + }; + + zfsPackage = mkOption { + type = types.package; + default = with pkgs; if zfsCfg.enableUnstable then zfsUnstable else zfs; + defaultText = "pkgs.zfs"; + description = '' + The ZFS package to use with LXD. + ''; + }; + zfsSupport = mkOption { type = types.bool; default = false; description = '' - enables lxd to use zfs as a storage for containers. + Enables lxd to use zfs as a storage for containers. + This option is enabled by default if a zfs pool is configured with nixos. ''; @@ -54,15 +84,15 @@ in config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.lxd ]; + environment.systemPackages = [ cfg.package ]; security.apparmor = { enable = true; profiles = [ - "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start" - "${pkgs.lxc}/etc/apparmor.d/lxc-containers" + "${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start" + "${cfg.lxcPackage}/etc/apparmor.d/lxc-containers" ]; - packages = [ pkgs.lxc ]; + packages = [ cfg.lxcPackage ]; }; systemd.services.lxd = { @@ -71,14 +101,14 @@ in wantedBy = [ "multi-user.target" ]; after = [ "systemd-udev-settle.service" ]; - path = lib.optional cfg.zfsSupport pkgs.zfs; + path = lib.optional cfg.zfsSupport cfg.zfsPackage; preStart = '' mkdir -m 0755 -p /var/lib/lxc/rootfs ''; serviceConfig = { - ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd"; + ExecStart = "@${cfg.package.bin}/bin/lxd lxd --group lxd"; Type = "simple"; KillMode = "process"; # when stopping, leave the containers alone LimitMEMLOCK = "infinity"; diff --git a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix index 6b8ad83661fe..c6a3ceddc3e0 100644 --- a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix +++ b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix @@ -124,7 +124,7 @@ in { ''; }; - systemd.services.vswitchd = { + systemd.services.ovs-vswitchd = { description = "Open_vSwitch Daemon"; wantedBy = [ "multi-user.target" ]; bindsTo = [ "ovsdb.service" ]; @@ -139,6 +139,8 @@ in { PIDFile = "/run/openvswitch/ovs-vswitchd.pid"; # Use service type 'forking' to correctly determine when vswitchd is ready. Type = "forking"; + Restart = "always"; + RestartSec = 3; }; }; @@ -182,4 +184,7 @@ in { ''; }; })])); + + meta.maintainers = with maintainers; [ netixx ]; + } diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix index ab65523592d7..788b4d9d9761 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix @@ -45,10 +45,41 @@ in { The file name of the VirtualBox appliance. ''; }; + params = mkOption { + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); + example = { + audio = "alsa"; + rtcuseutc = "on"; + usb = "off"; + }; + description = '' + Parameters passed to the Virtualbox appliance. + + Run <literal>VBoxManage modifyvm --help</literal> to see more options. + ''; + }; }; }; config = { + + virtualbox.params = mkMerge [ + (mapAttrs (name: mkDefault) { + acpi = "on"; + vram = 32; + nictype1 = "virtio"; + nic1 = "nat"; + audiocontroller = "ac97"; + audio = "alsa"; + audioout = "on"; + rtcuseutc = "on"; + usb = "on"; + usbehci = "on"; + mouse = "usbtablet"; + }) + (mkIf (pkgs.stdenv.hostPlatform.system == "i686-linux") { pae = "on"; }) + ]; + system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix { name = cfg.vmDerivationName; @@ -69,12 +100,8 @@ in { VBoxManage createvm --name "$vmName" --register \ --ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"} VBoxManage modifyvm "$vmName" \ - --memory ${toString cfg.memorySize} --acpi on --vram 32 \ - ${optionalString (pkgs.stdenv.hostPlatform.system == "i686-linux") "--pae on"} \ - --nictype1 virtio --nic1 nat \ - --audiocontroller ac97 --audio alsa --audioout on \ - --rtcuseutc on \ - --usb on --usbehci on --mouse usbtablet + --memory ${toString cfg.memorySize} \ + ${lib.cli.toGNUCommandLineShell { } cfg.params} VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \ --medium disk.vmdk |