diff options
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/amazon-config.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/azure-common.nix | 61 | ||||
-rw-r--r-- | nixos/modules/virtualisation/azure-image.nix | 32 | ||||
-rw-r--r-- | nixos/modules/virtualisation/container-config.nix | 3 | ||||
-rw-r--r-- | nixos/modules/virtualisation/docker-image.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/docker.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/ec2-data.nix | 10 | ||||
-rw-r--r-- | nixos/modules/virtualisation/google-compute-config.nix | 4 | ||||
-rw-r--r-- | nixos/modules/virtualisation/libvirtd.nix | 13 | ||||
-rw-r--r-- | nixos/modules/virtualisation/lxc-container.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/nova-image.nix | 12 | ||||
-rw-r--r-- | nixos/modules/virtualisation/vmware-guest.nix | 47 |
12 files changed, 142 insertions, 48 deletions
diff --git a/nixos/modules/virtualisation/amazon-config.nix b/nixos/modules/virtualisation/amazon-config.nix index a27e52a8e68c..809cdb4d108e 100644 --- a/nixos/modules/virtualisation/amazon-config.nix +++ b/nixos/modules/virtualisation/amazon-config.nix @@ -1,3 +1,3 @@ { - imports = [ ./amazon-image.nix ]; + imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ]; } diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix new file mode 100644 index 000000000000..47022c6887c3 --- /dev/null +++ b/nixos/modules/virtualisation/azure-common.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ ../profiles/headless.nix ]; + + boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; + boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; + + # Generate a GRUB menu. + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.version = 2; + boot.loader.grub.timeout = 0; + + # Don't put old configurations in the GRUB menu. The user has no + # way to select them anyway. + boot.loader.grub.configurationLimit = 0; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + + # Allow root logins only using the SSH key that the user specified + # at instance creation time, ping client connections to avoid timeouts + services.openssh.enable = true; + services.openssh.permitRootLogin = "without-password"; + services.openssh.extraConfig = '' + ClientAliveInterval 180 + ''; + + # Force getting the hostname from Azure + networking.hostName = mkDefault ""; + + # Always include cryptsetup so that NixOps can use it. + # sg_scan is needed to finalize disk removal on older kernels + environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ]; + + networking.usePredictableInterfaceNames = false; + + services.udev.extraRules = '' + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15" + + ''; + +} diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index ab5a9c51fa5b..3f554d127c35 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -5,8 +5,6 @@ let diskSize = "4096"; in { - imports = [ ../profiles/headless.nix ]; - system.build.azureImage = pkgs.vmTools.runInLinuxVM ( pkgs.runCommand "azure-image" @@ -24,7 +22,6 @@ in postVM = '' - echo Converting mkdir -p $out ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd rm $diskImage @@ -93,34 +90,11 @@ in '' ); - fileSystems."/".device = "/dev/disk/by-label/nixos"; + imports = [ ./azure-common.nix ]; # Azure metadata is available as a CD-ROM drive. fileSystems."/metadata".device = "/dev/sr0"; - boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; - - # Generate a GRUB menu. - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.version = 2; - boot.loader.grub.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - services.openssh.enable = true; - services.openssh.permitRootLogin = "without-password"; - - # Force getting the hostname from Azure - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services.fetch-ssh-keys = { description = "Fetch host keys and authorized_keys for root user"; @@ -157,8 +131,4 @@ in serviceConfig.StandardOutput = "journal+console"; }; - networking.usePredictableInterfaceNames = false; - - #users.extraUsers.root.openssh.authorizedKeys.keys = [ (builtins.readFile <ssh-pub-key>) ]; - } diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index a7e8953827a6..67047541102c 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -9,6 +9,7 @@ with lib; # Disable some features that are not useful in a container. sound.enable = mkDefault false; services.udisks2.enable = mkDefault false; + powerManagement.enable = mkDefault false; networking.useHostResolvConf = true; @@ -20,6 +21,8 @@ with lib; systemd.services.systemd-remount-fs.enable = false; + systemd.services.systemd-random-seed.enable = false; + }; } diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix index 0195ca5c6dce..9535e3e0d677 100644 --- a/nixos/modules/virtualisation/docker-image.nix +++ b/nixos/modules/virtualisation/docker-image.nix @@ -2,7 +2,7 @@ { imports = [ - ../profiles/container.nix + ../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/ ]; boot.postBootCommands = diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 5be76b2682f5..49170f2220bc 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -45,7 +45,7 @@ in }; extraOptions = mkOption { - type = types.str; + type = types.separatedString " "; default = ""; description = '' diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix index 15114b1e76ac..fd062237bb07 100644 --- a/nixos/modules/virtualisation/ec2-data.nix +++ b/nixos/modules/virtualisation/ec2-data.nix @@ -35,8 +35,8 @@ with lib; wget="wget -q --retry-connrefused -O -" - echo "setting host name..." ${optionalString (config.networking.hostName == "") '' + echo "setting host name..." ${pkgs.nettools}/bin/hostname $($wget http://169.254.169.254/1.0/meta-data/hostname) ''} @@ -69,9 +69,11 @@ with lib; fi ${optionalString (! config.ec2.metadata) '' - # Since the user data is sensitive, prevent it from being - # accessed from now on. - ip route add blackhole 169.254.169.254/32 + # Since the user data is sensitive, prevent it from + # being accessed from now on. FIXME: remove at some + # point, since current NixOps no longer relies on + # metadata secrecy. + ip route add blackhole 169.254.169.254/32 ''} ''; diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 9e6be93b6d98..f6bca1aa8579 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -1,5 +1,5 @@ -{ config, pkgs, modulesPath, ... }: +{ config, pkgs, ... }: { - imports = [ "${modulesPath}/virtualisation/google-compute-image.nix" ]; + imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; } diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 7410609e0642..16aedbbb185d 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -57,6 +57,17 @@ in ''; }; + virtualisation.libvirtd.extraOptions = + mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--verbose" ]; + description = + '' + Extra command line arguments passed to libvirtd on startup. + ''; + }; + virtualisation.libvirtd.onShutdown = mkOption { type = types.enum ["shutdown" "suspend" ]; @@ -140,7 +151,7 @@ in done ''; # */ - serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose''; + serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon ${concatStringsSep " " cfg.extraOptions}''; serviceConfig.Type = "forking"; serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix index 2fa749d542ea..0208787e7795 100644 --- a/nixos/modules/virtualisation/lxc-container.nix +++ b/nixos/modules/virtualisation/lxc-container.nix @@ -4,7 +4,7 @@ with lib; { imports = [ - ../profiles/container.nix + ../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/ ]; # Allow the user to login as root without password. diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix index 2523dacc0b56..20ec6b024e91 100644 --- a/nixos/modules/virtualisation/nova-image.nix +++ b/nixos/modules/virtualisation/nova-image.nix @@ -46,16 +46,20 @@ with lib; # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db + chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env \ + chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \ -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} # `nixos-rebuild' requires an /etc/NIXOS. mkdir -p /mnt/etc touch /mnt/etc/NIXOS + # `switch-to-configuration' requires a /bin/sh + mkdir -p /mnt/bin + ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh + # Install a configuration.nix. mkdir -p /mnt/etc/nixos cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix @@ -104,10 +108,6 @@ with lib; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; */ - # Since Nova allows VNC access to instances, it's nice to start to - # start a few virtual consoles. - services.mingetty.ttys = [ "tty1" "tty2" ]; - # Allow root logins only using the SSH key that the user specified # at instance creation time. services.openssh.enable = true; diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix new file mode 100644 index 000000000000..3f19f6a28b2b --- /dev/null +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.vmwareGuest; + open-vm-tools = pkgs.open-vm-tools; +in +{ + options = { + services.vmwareGuest.enable = mkEnableOption "Enable VMWare Guest Support"; + }; + + config = mkIf cfg.enable { + assertions = [ { + assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + message = "VMWare guest is not currently supported on ${pkgs.stdenv.system}"; + } ]; + + environment.systemPackages = [ open-vm-tools ]; + + systemd.services.vmware = + { description = "VMWare Guest Service"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${open-vm-tools}/bin/vmtoolsd"; + }; + + services.xserver = { + videoDrivers = mkOverride 50 [ "vmware" ]; + + config = '' + Section "InputDevice" + Identifier "VMMouse" + Driver "vmmouse" + EndSection + ''; + + serverLayoutSection = '' + InputDevice "VMMouse" + ''; + + displayManager.sessionCommands = '' + ${open-vm-tools}/bin/vmware-user-suid-wrapper + ''; + }; + }; +} |