diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-05-18 14:34:25 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-05-18 16:21:12 +0000 |
| commit | 93e90ca356baed5941e1cccf8c0d8e3e2c460e29 (patch) | |
| tree | f6c26f06a2f830a3f1bab00fdc029b76be8805c6 /nixpkgs/nixos/modules/virtualisation | |
| parent | d2753504ef2bd591ade35851dad31d3aac117e19 (diff) | |
| parent | b47873026c7e356a340d0e1de7789d4e8428ac66 (diff) | |
| download | nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar.gz nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar.bz2 nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar.lz nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar.xz nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.tar.zst nixlib-93e90ca356baed5941e1cccf8c0d8e3e2c460e29.zip | |
Merge commit 'b47873026c7e356a340d0e1de7789d4e8428ac66'
Diffstat (limited to 'nixpkgs/nixos/modules/virtualisation')
| -rw-r--r-- | nixpkgs/nixos/modules/virtualisation/libvirtd.nix | 15 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/virtualisation/rkt.nix | 64 |
2 files changed, 11 insertions, 68 deletions
diff --git a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix index 4f22099443f4..f89e5d544b22 100644 --- a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix +++ b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix @@ -7,10 +7,8 @@ let cfg = config.virtualisation.libvirtd; vswitch = config.virtualisation.vswitch; configFile = pkgs.writeText "libvirtd.conf" '' - unix_sock_group = "libvirtd" - unix_sock_rw_perms = "0770" - auth_unix_ro = "none" - auth_unix_rw = "none" + auth_unix_ro = "polkit" + auth_unix_rw = "polkit" ${cfg.extraConfig} ''; qemuConfigFile = pkgs.writeText "qemu.conf" '' @@ -269,5 +267,14 @@ in { systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ]; systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ]; + + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.libvirt.unix.manage" && + subject.isInGroup("libvirtd")) { + return polkit.Result.YES; + } + }); + ''; }; } diff --git a/nixpkgs/nixos/modules/virtualisation/rkt.nix b/nixpkgs/nixos/modules/virtualisation/rkt.nix deleted file mode 100644 index fd662b52df52..000000000000 --- a/nixpkgs/nixos/modules/virtualisation/rkt.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.virtualisation.rkt; -in -{ - options.virtualisation.rkt = { - enable = mkEnableOption "rkt metadata service"; - - gc = { - automatic = mkOption { - default = true; - type = types.bool; - description = "Automatically run the garbage collector at a specific time."; - }; - - dates = mkOption { - default = "03:15"; - type = types.str; - description = '' - Specification (in the format described by - <citerefentry><refentrytitle>systemd.time</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>) of the time at - which the garbage collector will run. - ''; - }; - - options = mkOption { - default = "--grace-period=24h"; - type = types.str; - description = '' - Options given to <filename>rkt gc</filename> when the - garbage collector is run automatically. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.rkt ]; - - systemd.services.rkt = { - description = "rkt metadata service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.rkt}/bin/rkt metadata-service"; - }; - }; - - systemd.services.rkt-gc = { - description = "rkt garbage collection"; - startAt = optionalString cfg.gc.automatic cfg.gc.dates; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.rkt}/bin/rkt gc ${cfg.gc.options}"; - }; - }; - - users.groups.rkt = {}; - }; -} |