summary refs log tree commit diff
path: root/nixos/modules/virtualisation
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r--nixos/modules/virtualisation/amazon-config.nix2
-rw-r--r--nixos/modules/virtualisation/azure-common.nix61
-rw-r--r--nixos/modules/virtualisation/azure-image.nix32
-rw-r--r--nixos/modules/virtualisation/container-config.nix3
-rw-r--r--nixos/modules/virtualisation/docker-image.nix2
-rw-r--r--nixos/modules/virtualisation/docker.nix2
-rw-r--r--nixos/modules/virtualisation/ec2-data.nix10
-rw-r--r--nixos/modules/virtualisation/google-compute-config.nix4
-rw-r--r--nixos/modules/virtualisation/libvirtd.nix13
-rw-r--r--nixos/modules/virtualisation/lxc-container.nix2
-rw-r--r--nixos/modules/virtualisation/nova-image.nix12
-rw-r--r--nixos/modules/virtualisation/vmware-guest.nix47
12 files changed, 142 insertions, 48 deletions
diff --git a/nixos/modules/virtualisation/amazon-config.nix b/nixos/modules/virtualisation/amazon-config.nix
index a27e52a8e68c..809cdb4d108e 100644
--- a/nixos/modules/virtualisation/amazon-config.nix
+++ b/nixos/modules/virtualisation/amazon-config.nix
@@ -1,3 +1,3 @@
 {
-  imports = [ ./amazon-image.nix ];
+  imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
 }
diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix
new file mode 100644
index 000000000000..47022c6887c3
--- /dev/null
+++ b/nixos/modules/virtualisation/azure-common.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  imports = [ ../profiles/headless.nix ];
+
+  boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];
+  boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];
+
+  # Generate a GRUB menu. 
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.grub.version = 2;
+  boot.loader.grub.timeout = 0;
+
+  # Don't put old configurations in the GRUB menu.  The user has no
+  # way to select them anyway.
+  boot.loader.grub.configurationLimit = 0;
+
+  fileSystems."/".device = "/dev/disk/by-label/nixos";
+
+  # Allow root logins only using the SSH key that the user specified
+  # at instance creation time, ping client connections to avoid timeouts
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "without-password";
+  services.openssh.extraConfig = ''
+    ClientAliveInterval 180
+  '';
+
+  # Force getting the hostname from Azure
+  networking.hostName = mkDefault "";
+
+  # Always include cryptsetup so that NixOps can use it.
+  # sg_scan is needed to finalize disk removal on older kernels
+  environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ];
+
+  networking.usePredictableInterfaceNames = false;
+
+  services.udev.extraRules = ''
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0",
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1",
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3"
+
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7"
+
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11"
+
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14"
+    ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15"
+
+  '';
+
+}
diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix
index ab5a9c51fa5b..3f554d127c35 100644
--- a/nixos/modules/virtualisation/azure-image.nix
+++ b/nixos/modules/virtualisation/azure-image.nix
@@ -5,8 +5,6 @@ let
   diskSize = "4096";
 in
 {
-  imports = [ ../profiles/headless.nix ];
-
   system.build.azureImage =
     pkgs.vmTools.runInLinuxVM (
       pkgs.runCommand "azure-image"
@@ -24,7 +22,6 @@ in
 
           postVM =
             ''
-              echo Converting
               mkdir -p $out
               ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
               rm $diskImage
@@ -93,34 +90,11 @@ in
         ''
     );
 
-  fileSystems."/".device = "/dev/disk/by-label/nixos";
+  imports = [ ./azure-common.nix ];
 
   # Azure metadata is available as a CD-ROM drive.
   fileSystems."/metadata".device = "/dev/sr0";
 
-  boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];
-  boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];
-
-  # Generate a GRUB menu. 
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.version = 2;
-  boot.loader.grub.timeout = 0;
-
-  # Don't put old configurations in the GRUB menu.  The user has no
-  # way to select them anyway.
-  boot.loader.grub.configurationLimit = 0;
-
-  # Allow root logins only using the SSH key that the user specified
-  # at instance creation time.
-  services.openssh.enable = true;
-  services.openssh.permitRootLogin = "without-password";
-
-  # Force getting the hostname from Azure
-  networking.hostName = mkDefault "";
-
-  # Always include cryptsetup so that NixOps can use it.
-  environment.systemPackages = [ pkgs.cryptsetup ];
-
   systemd.services.fetch-ssh-keys =
     { description = "Fetch host keys and authorized_keys for root user";
 
@@ -157,8 +131,4 @@ in
       serviceConfig.StandardOutput = "journal+console";
      };
 
-  networking.usePredictableInterfaceNames = false;
-
-  #users.extraUsers.root.openssh.authorizedKeys.keys = [ (builtins.readFile <ssh-pub-key>) ];
-
 }
diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix
index a7e8953827a6..67047541102c 100644
--- a/nixos/modules/virtualisation/container-config.nix
+++ b/nixos/modules/virtualisation/container-config.nix
@@ -9,6 +9,7 @@ with lib;
     # Disable some features that are not useful in a container.
     sound.enable = mkDefault false;
     services.udisks2.enable = mkDefault false;
+    powerManagement.enable = mkDefault false;
 
     networking.useHostResolvConf = true;
 
@@ -20,6 +21,8 @@ with lib;
 
     systemd.services.systemd-remount-fs.enable = false;
 
+    systemd.services.systemd-random-seed.enable = false;
+
   };
 
 }
diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix
index 0195ca5c6dce..9535e3e0d677 100644
--- a/nixos/modules/virtualisation/docker-image.nix
+++ b/nixos/modules/virtualisation/docker-image.nix
@@ -2,7 +2,7 @@
 
 {
   imports = [
-    ../profiles/container.nix
+    ../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/
   ];
 
   boot.postBootCommands =
diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
index 5be76b2682f5..49170f2220bc 100644
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -45,7 +45,7 @@ in
       };
     extraOptions =
       mkOption {
-        type = types.str;
+        type = types.separatedString " ";
         default = "";
         description =
           ''
diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix
index 15114b1e76ac..fd062237bb07 100644
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -35,8 +35,8 @@ with lib;
 
             wget="wget -q --retry-connrefused -O -"
 
-            echo "setting host name..."
             ${optionalString (config.networking.hostName == "") ''
+              echo "setting host name..."
               ${pkgs.nettools}/bin/hostname $($wget http://169.254.169.254/1.0/meta-data/hostname)
             ''}
 
@@ -69,9 +69,11 @@ with lib;
             fi
 
             ${optionalString (! config.ec2.metadata) ''
-            # Since the user data is sensitive, prevent it from being
-            # accessed from now on.
-            ip route add blackhole 169.254.169.254/32
+              # Since the user data is sensitive, prevent it from
+              # being accessed from now on. FIXME: remove at some
+              # point, since current NixOps no longer relies on
+              # metadata secrecy.
+              ip route add blackhole 169.254.169.254/32
             ''}
           '';
 
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix
index 9e6be93b6d98..f6bca1aa8579 100644
--- a/nixos/modules/virtualisation/google-compute-config.nix
+++ b/nixos/modules/virtualisation/google-compute-config.nix
@@ -1,5 +1,5 @@
-{ config, pkgs, modulesPath, ... }:
+{ config, pkgs, ... }:
 
 {
-  imports = [ "${modulesPath}/virtualisation/google-compute-image.nix" ];
+  imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ];
 }
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
index 7410609e0642..16aedbbb185d 100644
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -57,6 +57,17 @@ in
           '';
       };
 
+    virtualisation.libvirtd.extraOptions =
+      mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        example = [ "--verbose" ];
+        description =
+          ''
+            Extra command line arguments passed to libvirtd on startup.
+          '';
+      };
+
     virtualisation.libvirtd.onShutdown =
       mkOption {
         type = types.enum ["shutdown" "suspend" ];
@@ -140,7 +151,7 @@ in
             done
           ''; # */
 
-        serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
+        serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon ${concatStringsSep " " cfg.extraOptions}'';
         serviceConfig.Type = "forking";
         serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
 
diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index 2fa749d542ea..0208787e7795 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -4,7 +4,7 @@ with lib;
 
 {
   imports = [
-    ../profiles/container.nix
+    ../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/
   ];
 
   # Allow the user to login as root without password.
diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix
index 2523dacc0b56..20ec6b024e91 100644
--- a/nixos/modules/virtualisation/nova-image.nix
+++ b/nixos/modules/virtualisation/nova-image.nix
@@ -46,16 +46,20 @@ with lib;
 
           # Register the paths in the Nix database.
           printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
-              chroot /mnt ${config.nix.package}/bin/nix-store --load-db
+              chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
 
           # Create the system profile to allow nixos-rebuild to work.
-          chroot /mnt ${config.nix.package}/bin/nix-env \
+          chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
               -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
 
           # `nixos-rebuild' requires an /etc/NIXOS.
           mkdir -p /mnt/etc
           touch /mnt/etc/NIXOS
 
+          # `switch-to-configuration' requires a /bin/sh
+          mkdir -p /mnt/bin
+          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
+
           # Install a configuration.nix.
           mkdir -p /mnt/etc/nixos
           cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix
@@ -104,10 +108,6 @@ with lib;
     boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
     */
 
-  # Since Nova allows VNC access to instances, it's nice to start to
-  # start a few virtual consoles.
-  services.mingetty.ttys = [ "tty1" "tty2" ];
-
   # Allow root logins only using the SSH key that the user specified
   # at instance creation time.
   services.openssh.enable = true;
diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix
new file mode 100644
index 000000000000..3f19f6a28b2b
--- /dev/null
+++ b/nixos/modules/virtualisation/vmware-guest.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.vmwareGuest;
+  open-vm-tools = pkgs.open-vm-tools;
+in
+{
+  options = {
+    services.vmwareGuest.enable = mkEnableOption "Enable VMWare Guest Support";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [ {
+      assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64;
+      message = "VMWare guest is not currently supported on ${pkgs.stdenv.system}";
+    } ];
+
+    environment.systemPackages = [ open-vm-tools ];
+
+    systemd.services.vmware =
+      { description = "VMWare Guest Service";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig.ExecStart = "${open-vm-tools}/bin/vmtoolsd";
+      };
+
+    services.xserver = {
+      videoDrivers = mkOverride 50 [ "vmware" ];
+
+      config = ''
+          Section "InputDevice"
+            Identifier "VMMouse"
+            Driver "vmmouse"
+          EndSection
+        '';
+
+      serverLayoutSection = ''
+          InputDevice "VMMouse"
+        '';
+
+      displayManager.sessionCommands = ''
+          ${open-vm-tools}/bin/vmware-user-suid-wrapper
+        '';
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-31 02:31:47 +0000