gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #127933 from rnhmjoj/qemu-restoration

Browse Source 
Qemu restoration
This commit is contained in:
Timothy DeHerrera
2021-09-28 21:35:23 -06:00
committed by GitHub
parent 8a587c79f6 bd3cb03c6f
commit 895f3956d2
10 changed files with 301 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View File

@@ -1078,6 +1078,40 @@ Superuser created successfully.
<literal>linuxPackages_latest</literal>) remain untouched. <literal>linuxPackages_latest</literal>) remain untouched.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
In NixOS virtual machines (QEMU), the
<literal>virtualisation</literal> module has been updated with
new options to configure:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
IPv4 port forwarding
(<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>virtualisation.forwardPorts</literal></link>),
</para>
</listitem>
<listitem>
<para>
shared host directories
(<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>virtualisation.sharedDirectories</literal></link>),
</para>
</listitem>
<listitem>
<para>
screen resolution
(<link xlink:href="options.html#opt-virtualisation.resolution"><literal>virtualisation.resolution</literal></link>).
</para>
</listitem>
</itemizedlist>
<para>
In addition, the default
<link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link>
parameter in 9P filesystems (including /nix/store and all
shared directories) has been increased to 16K for improved
performance.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The setting The setting

8
nixos/doc/manual/release-notes/rl-2111.section.md
View File

@@ -333,9 +333,17 @@ In addition to numerous new and upgraded packages, this release has the followin
## Other Notable Changes {#sec-release-21.11-notable-changes} ## Other Notable Changes {#sec-release-21.11-notable-changes}
- The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set. - The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set.
In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched. In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched.
- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure:
- IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)),
- shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)),
- screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)).
In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance.
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs.

10
nixos/lib/build-vms.nix
View File

@@ -4,15 +4,14 @@
, # Ignored , # Ignored
config ? null config ? null
, # Nixpkgs, for qemu, lib and more , # Nixpkgs, for qemu, lib and more
pkgs pkgs, lib
, # !!! See comment about args in lib/modules.nix , # !!! See comment about args in lib/modules.nix
specialArgs ? {} specialArgs ? {}
, # NixOS configuration to add to the VMs , # NixOS configuration to add to the VMs
extraConfigurations ? [] extraConfigurations ? []
}: }:
with pkgs.lib; with lib;
with import ../lib/qemu-flags.nix { inherit pkgs; };
rec { rec {
@@ -93,8 +92,9 @@ rec {
"${config.networking.hostName}\n")); "${config.networking.hostName}\n"));
virtualisation.qemu.options = virtualisation.qemu.options =
forEach interfacesNumbered let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; };
({ fst, snd }: qemuNICFlags snd fst m.snd); in flip concatMap interfacesNumbered
({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd);
}; };
} }
) )

10
nixos/lib/qemu-flags.nix → nixos/lib/qemu-common.nix
View File

@@ -1,12 +1,12 @@
# QEMU flags shared between various Nix expressions. # QEMU-related utilities shared between various Nix expressions.
{ pkgs }: { lib, pkgs }:
let let
zeroPad = n: zeroPad = n:
pkgs.lib.optionalString (n < 16) "0" + lib.optionalString (n < 16) "0" +
(if n > 255 (if n > 255
then throw "Can't have more than 255 nets or nodes!" then throw "Can't have more than 255 nets or nodes!"
else pkgs.lib.toHexString n); else lib.toHexString n);
in in
rec { rec {
@@ -14,7 +14,7 @@ rec {
qemuNICFlags = nic: net: machine: qemuNICFlags = nic: net: machine:
[ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}"
"-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}" ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"''
]; ];
qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0"

3
nixos/lib/testing-python.nix
View File

@@ -217,7 +217,7 @@ rec {
nodes = qemu_pkg: nodes = qemu_pkg:
let let
build-vms = import ./build-vms.nix { build-vms = import ./build-vms.nix {
inherit system pkgs minimal specialArgs; inherit system lib pkgs minimal specialArgs;
extraConfigurations = extraConfigurations ++ [( extraConfigurations = extraConfigurations ++ [(
{ {
virtualisation.qemu.package = qemu_pkg; virtualisation.qemu.package = qemu_pkg;
@@ -257,7 +257,6 @@ rec {
inherit test driver driverInteractive nodes; inherit test driver driverInteractive nodes;
}; };
abortForFunction = functionName: abort ''The ${functionName} function was abortForFunction = functionName: abort ''The ${functionName} function was
removed because it is not an essential part of the NixOS testing removed because it is not an essential part of the NixOS testing
infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated

6
nixos/modules/misc/documentation.nix
View File

@@ -6,7 +6,11 @@ let
cfg = config.documentation; cfg = config.documentation;
manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); manualModules =
baseModules
# Modules for which to show options even when not imported
++ [ ../virtualisation/qemu-vm.nix ]
++ optionals cfg.nixos.includeAllModules (extraModules ++ modules);
/* For the purpose of generating docs, evaluate options with each derivation /* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".

17
nixos/modules/testing/test-instrumentation.nix
View File

@@ -4,7 +4,10 @@
{ options, config, lib, pkgs, ... }: { options, config, lib, pkgs, ... }:
with lib; with lib;
with import ../../lib/qemu-flags.nix { inherit pkgs; };
let
qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
in
{ {
@@ -12,8 +15,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
systemd.services.backdoor = systemd.services.backdoor =
{ wantedBy = [ "multi-user.target" ]; { wantedBy = [ "multi-user.target" ];
requires = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; requires = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ];
after = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; after = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ];
script = script =
'' ''
export USER=root export USER=root
@@ -30,7 +33,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
cd /tmp cd /tmp
exec < /dev/hvc0 > /dev/hvc0 exec < /dev/hvc0 > /dev/hvc0
while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done while ! exec 2> /dev/${qemu-common.qemuSerialDevice}; do sleep 0.1; done
echo "connecting to host..." >&2 echo "connecting to host..." >&2
stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion
echo echo
@@ -42,7 +45,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
# Prevent agetty from being instantiated on the serial device, since it # Prevent agetty from being instantiated on the serial device, since it
# interferes with the backdoor (writes to it will randomly fail # interferes with the backdoor (writes to it will randomly fail
# with EIO). Likewise for hvc0. # with EIO). Likewise for hvc0.
systemd.services."serial-getty@${qemuSerialDevice}".enable = false; systemd.services."serial-getty@${qemu-common.qemuSerialDevice}".enable = false;
systemd.services."serial-getty@hvc0".enable = false; systemd.services."serial-getty@hvc0".enable = false;
# Only set these settings when the options exist. Some tests (e.g. those # Only set these settings when the options exist. Some tests (e.g. those
@@ -57,7 +60,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
# we avoid defining consoles if not possible. # we avoid defining consoles if not possible.
# TODO: refactor such that test-instrumentation can import qemu-vm # TODO: refactor such that test-instrumentation can import qemu-vm
# or declare virtualisation.qemu.console option in a module that's always imported # or declare virtualisation.qemu.console option in a module that's always imported
consoles = [ qemuSerialDevice ]; consoles = [ qemu-common.qemuSerialDevice ];
package = lib.mkDefault pkgs.qemu_test; package = lib.mkDefault pkgs.qemu_test;
}; };
}; };
@@ -88,7 +91,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
# Panic if an error occurs in stage 1 (rather than waiting for # Panic if an error occurs in stage 1 (rather than waiting for
# user intervention). # user intervention).
boot.kernelParams = boot.kernelParams =
[ "console=${qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; [ "console=${qemu-common.qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ];
# `xwininfo' is used by the test driver to query open windows. # `xwininfo' is used by the test driver to query open windows.
environment.systemPackages = [ pkgs.xorg.xwininfo ]; environment.systemPackages = [ pkgs.xorg.xwininfo ];

292
nixos/modules/virtualisation/qemu-vm.nix
View File

@@ -10,10 +10,10 @@
{ config, lib, pkgs, options, ... }: { config, lib, pkgs, options, ... }:
with lib; with lib;
with import ../../lib/qemu-flags.nix { inherit pkgs; };
let let
qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
cfg = config.virtualisation; cfg = config.virtualisation;
@@ -75,7 +75,7 @@ let
in in
"-drive ${driveOpts} ${device}"; "-drive ${driveOpts} ${device}";
drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives); drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives);
# Creates a device name from a 1-based a numerical index, e.g. # Creates a device name from a 1-based a numerical index, e.g.
@@ -108,7 +108,7 @@ let
'' ''
#! ${pkgs.runtimeShell} #! ${pkgs.runtimeShell}
NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}")
if ! test -e "$NIX_DISK_IMAGE"; then if ! test -e "$NIX_DISK_IMAGE"; then
${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
@@ -121,26 +121,29 @@ let
fi fi
# Create a directory for exchanging data with the VM. # Create a directory for exchanging data with the VM.
mkdir -p $TMPDIR/xchg mkdir -p "$TMPDIR/xchg"
${if cfg.useBootLoader then '' ${lib.optionalString cfg.useBootLoader
''
# Create a writable copy/snapshot of the boot disk. # Create a writable copy/snapshot of the boot disk.
# A writable boot disk can be booted from automatically. # A writable boot disk can be booted from automatically.
${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1 ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1
NIX_EFI_VARS=$(readlink -f ''${NIX_EFI_VARS:-${cfg.efiVars}}) NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}")
${if cfg.useEFIBoot then '' ${lib.optionalString cfg.useEFIBoot
''
# VM needs writable EFI vars # VM needs writable EFI vars
if ! test -e "$NIX_EFI_VARS"; then if ! test -e "$NIX_EFI_VARS"; then
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1 cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1
chmod 0644 "$NIX_EFI_VARS" || exit 1 chmod 0644 "$NIX_EFI_VARS" || exit 1
fi fi
'' else ""} ''}
'' else ""} ''}
cd $TMPDIR cd "$TMPDIR" || exit 1
idx=0
${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"}
${flip concatMapStrings cfg.emptyDiskImages (size: '' ${flip concatMapStrings cfg.emptyDiskImages (size: ''
if ! test -e "empty$idx.qcow2"; then if ! test -e "empty$idx.qcow2"; then
${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
@@ -149,17 +152,18 @@ let
'')} '')}
# Start QEMU. # Start QEMU.
exec ${qemuBinary qemu} \ exec ${qemu-common.qemuBinary qemu} \
-name ${config.system.name} \ -name ${config.system.name} \
-m ${toString config.virtualisation.memorySize} \ -m ${toString config.virtualisation.memorySize} \
-smp ${toString config.virtualisation.cores} \ -smp ${toString config.virtualisation.cores} \
-device virtio-rng-pci \ -device virtio-rng-pci \
${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \ ${concatStringsSep " \\\n "
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ (mapAttrsToList
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}")
config.virtualisation.sharedDirectories)} \
${drivesCmdLine config.virtualisation.qemu.drives} \ ${drivesCmdLine config.virtualisation.qemu.drives} \
${toString config.virtualisation.qemu.options} \ ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \
$QEMU_OPTS \ $QEMU_OPTS \
"$@" "$@"
''; '';
@@ -270,20 +274,21 @@ in
virtualisation.memorySize = virtualisation.memorySize =
mkOption { mkOption {
type = types.ints.positive;
default = 384; default = 384;
description = description =
'' ''
Memory size (M) of virtual machine. The memory size in megabytes of the virtual machine.
''; '';
}; };
virtualisation.msize = virtualisation.msize =
mkOption { mkOption {
default = null; type = types.ints.positive;
type = types.nullOr types.ints.unsigned; default = 16384;
description = description =
'' ''
msize (maximum packet size) option passed to 9p file systems, in The msize (maximum packet size) option passed to 9p file systems, in
bytes. Increasing this should increase performance significantly, bytes. Increasing this should increase performance significantly,
at the cost of higher RAM usage. at the cost of higher RAM usage.
''; '';
@@ -291,15 +296,17 @@ in
virtualisation.diskSize = virtualisation.diskSize =
mkOption { mkOption {
type = types.nullOr types.ints.positive;
default = 512; default = 512;
description = description =
'' ''
Disk size (M) of virtual machine. The disk size in megabytes of the virtual machine.
''; '';
}; };
virtualisation.diskImage = virtualisation.diskImage =
mkOption { mkOption {
type = types.str;
default = "./${config.system.name}.qcow2"; default = "./${config.system.name}.qcow2";
description = description =
'' ''
@@ -311,7 +318,7 @@ in
virtualisation.bootDevice = virtualisation.bootDevice =
mkOption { mkOption {
type = types.str; type = types.path;
example = "/dev/vda"; example = "/dev/vda";
description = description =
'' ''
@@ -321,8 +328,8 @@ in
virtualisation.emptyDiskImages = virtualisation.emptyDiskImages =
mkOption { mkOption {
type = types.listOf types.ints.positive;
default = []; default = [];
type = types.listOf types.int;
description = description =
'' ''
Additional disk images to provide to the VM. The value is Additional disk images to provide to the VM. The value is
@@ -333,6 +340,7 @@ in
virtualisation.graphics = virtualisation.graphics =
mkOption { mkOption {
type = types.bool;
default = true; default = true;
description = description =
'' ''
@@ -342,10 +350,20 @@ in
''; '';
}; };
virtualisation.resolution =
mkOption {
type = options.services.xserver.resolutions.type.nestedTypes.elemType;
default = { x = 1024; y = 768; };
description =
''
The resolution of the virtual machine display.
'';
};
virtualisation.cores = virtualisation.cores =
mkOption { mkOption {
type = types.ints.positive;
default = 1; default = 1;
type = types.int;
description = description =
'' ''
Specify the number of cores the guest is permitted to use. Specify the number of cores the guest is permitted to use.
@@ -354,8 +372,34 @@ in
''; '';
}; };
virtualisation.sharedDirectories =
mkOption {
type = types.attrsOf
(types.submodule {
options.source = mkOption {
type = types.str;
description = "The path of the directory to share, can be a shell variable";
};
options.target = mkOption {
type = types.path;
description = "The mount point of the directory inside the virtual machine";
};
});
default = { };
example = {
my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; };
};
description =
''
An attributes set of directories that will be shared with the
virtual machine using VirtFS (9P filesystem over VirtIO).
The attribute name will be used as the 9P mount tag.
'';
};
virtualisation.pathsInNixDB = virtualisation.pathsInNixDB =
mkOption { mkOption {
type = types.listOf types.path;
default = []; default = [];
description = description =
'' ''
@@ -367,8 +411,78 @@ in
''; '';
}; };
virtualisation.forwardPorts = mkOption {
type = types.listOf
(types.submodule {
options.from = mkOption {
type = types.enum [ "host" "guest" ];
default = "host";
description =
''
Controls the direction in which the ports are mapped:
- <literal>"host"</literal> means traffic from the host ports
is forwarded to the given guest port.
- <literal>"guest"</literal> means traffic from the guest ports
is forwarded to the given host port.
'';
};
options.proto = mkOption {
type = types.enum [ "tcp" "udp" ];
default = "tcp";
description = "The protocol to forward.";
};
options.host.address = mkOption {
type = types.str;
default = "";
description = "The IPv4 address of the host.";
};
options.host.port = mkOption {
type = types.port;
description = "The host port to be mapped.";
};
options.guest.address = mkOption {
type = types.str;
default = "";
description = "The IPv4 address on the guest VLAN.";
};
options.guest.port = mkOption {
type = types.port;
description = "The guest port to be mapped.";
};
});
default = [];
example = lib.literalExample
''
[ # forward local port 2222 -> 22, to ssh into the VM
{ from = "host"; host.port = 2222; guest.port = 22; }
# forward local port 80 -> 10.0.2.10:80 in the VLAN
{ from = "guest";
guest.address = "10.0.2.10"; guest.port = 80;
host.address = "127.0.0.1"; host.port = 80;
}
]
'';
description =
''
When using the SLiRP user networking (default), this option allows to
forward ports to/from the host/guest.
<warning><para>
If the NixOS firewall on the virtual machine is enabled, you also
have to open the guest ports to enable the traffic between host and
guest.
</para></warning>
<note><para>Currently QEMU supports only IPv4 forwarding.</para></note>
'';
};
virtualisation.vlans = virtualisation.vlans =
mkOption { mkOption {
type = types.listOf types.ints.unsigned;
default = [ 1 ]; default = [ 1 ];
example = [ 1 2 ]; example = [ 1 2 ];
description = description =
@@ -386,6 +500,7 @@ in
virtualisation.writableStore = virtualisation.writableStore =
mkOption { mkOption {
type = types.bool;
default = true; # FIXME default = true; # FIXME
description = description =
'' ''
@@ -397,6 +512,7 @@ in
virtualisation.writableStoreUseTmpfs = virtualisation.writableStoreUseTmpfs =
mkOption { mkOption {
type = types.bool;
default = true; default = true;
description = description =
'' ''
@@ -407,6 +523,7 @@ in
networking.primaryIPAddress = networking.primaryIPAddress =
mkOption { mkOption {
type = types.str;
default = ""; default = "";
internal = true; internal = true;
description = "Primary IP address used in /etc/hosts."; description = "Primary IP address used in /etc/hosts.";
@@ -423,7 +540,7 @@ in
options = options =
mkOption { mkOption {
type = types.listOf types.unspecified; type = types.listOf types.str;
default = []; default = [];
example = [ "-vga std" ]; example = [ "-vga std" ];
description = "Options passed to QEMU."; description = "Options passed to QEMU.";
@@ -432,7 +549,7 @@ in
consoles = mkOption { consoles = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = let default = let
consoles = [ "${qemuSerialDevice},115200n8" "tty0" ]; consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ];
in if cfg.graphics then consoles else reverseList consoles; in if cfg.graphics then consoles else reverseList consoles;
example = [ "console=tty1" ]; example = [ "console=tty1" ];
description = '' description = ''
@@ -448,17 +565,18 @@ in
networkingOptions = networkingOptions =
mkOption { mkOption {
default = [
"-net nic,netdev=user.0,model=virtio"
"-netdev user,id=user.0\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
];
type = types.listOf types.str; type = types.listOf types.str;
default = [ ];
example = [
"-net nic,netdev=user.0,model=virtio"
"-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
];
description = '' description = ''
Networking-related command-line options that should be passed to qemu. Networking-related command-line options that should be passed to qemu.
The default is to use userspace networking (slirp). The default is to use userspace networking (SLiRP).
If you override this option, be advised to keep If you override this option, be advised to keep
''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example)
to keep the default runtime behaviour. to keep the default runtime behaviour.
''; '';
}; };
@@ -472,16 +590,16 @@ in
diskInterface = diskInterface =
mkOption { mkOption {
type = types.enum [ "virtio" "scsi" "ide" ];
default = "virtio"; default = "virtio";
example = "scsi"; example = "scsi";
type = types.enum [ "virtio" "scsi" "ide" ];
description = "The interface used for the virtual hard disks."; description = "The interface used for the virtual hard disks.";
}; };
guestAgent.enable = guestAgent.enable =
mkOption { mkOption {
default = true;
type = types.bool; type = types.bool;
default = true;
description = '' description = ''
Enable the Qemu guest agent. Enable the Qemu guest agent.
''; '';
@@ -490,6 +608,7 @@ in
virtualisation.useBootLoader = virtualisation.useBootLoader =
mkOption { mkOption {
type = types.bool;
default = false; default = false;
description = description =
'' ''
@@ -504,6 +623,7 @@ in
virtualisation.useEFIBoot = virtualisation.useEFIBoot =
mkOption { mkOption {
type = types.bool;
default = false; default = false;
description = description =
'' ''
@@ -515,6 +635,7 @@ in
virtualisation.efiVars = virtualisation.efiVars =
mkOption { mkOption {
type = types.str;
default = "./${config.system.name}-efi-vars.fd"; default = "./${config.system.name}-efi-vars.fd";
description = description =
'' ''
@@ -525,8 +646,8 @@ in
virtualisation.bios = virtualisation.bios =
mkOption { mkOption {
default = null;
type = types.nullOr types.package; type = types.nullOr types.package;
default = null;
description = description =
'' ''
An alternate BIOS (such as <package>qboot</package>) with which to start the VM. An alternate BIOS (such as <package>qboot</package>) with which to start the VM.
@@ -539,6 +660,25 @@ in
config = { config = {
assertions =
lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule:
[
{ assertion = rule.from == "guest" -> rule.proto == "tcp";
message =
''
Invalid virtualisation.forwardPorts.<entry ${toString i}>.proto:
Guest forwarding supports only TCP connections.
'';
}
{ assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address;
message =
''
Invalid virtualisation.forwardPorts.<entry ${toString i}>.guest.address:
The address must be in the default VLAN (10.0.2.0/24).
'';
}
]));
# Note [Disk layout with `useBootLoader`] # Note [Disk layout with `useBootLoader`]
# #
# If `useBootLoader = true`, we configure 2 drives: # If `useBootLoader = true`, we configure 2 drives:
@@ -560,6 +700,7 @@ in
then driveDeviceName 2 # second disk then driveDeviceName 2 # second disk
else cfg.bootDevice else cfg.bootDevice
); );
boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}";
boot.initrd.extraUtilsCommands = boot.initrd.extraUtilsCommands =
'' ''
@@ -618,6 +759,28 @@ in
virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
virtualisation.sharedDirectories = {
nix-store = { source = "/nix/store"; target = "/nix/store"; };
xchg = { source = ''"$TMPDIR"/xchg''; target = "/tmp/xchg"; };
shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; };
};
virtualisation.qemu.networkingOptions =
let
forwardingOptions = flip concatMapStrings cfg.forwardPorts
({ proto, from, host, guest }:
if from == "host"
then "hostfwd=${proto}:${host.address}:${toString host.port}-" +
"${guest.address}:${toString guest.port},"
else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" +
"cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}',"
);
in
[
"-net nic,netdev=user.0,model=virtio"
"-netdev user,id=user.0,${forwardingOptions}\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
];
# FIXME: Consolidate this one day. # FIXME: Consolidate this one day.
virtualisation.qemu.options = mkMerge [ virtualisation.qemu.options = mkMerge [
(mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
@@ -646,7 +809,7 @@ in
virtualisation.qemu.drives = mkMerge [ virtualisation.qemu.drives = mkMerge [
[{ [{
name = "root"; name = "root";
file = "$NIX_DISK_IMAGE"; file = ''"$NIX_DISK_IMAGE"'';
driveExtraOpts.cache = "writeback"; driveExtraOpts.cache = "writeback";
driveExtraOpts.werror = "report"; driveExtraOpts.werror = "report";
}] }]
@@ -655,7 +818,7 @@ in
# note [Disk layout with `useBootLoader`]. # note [Disk layout with `useBootLoader`].
{ {
name = "boot"; name = "boot";
file = "$TMPDIR/disk.img"; file = ''"$TMPDIR"/disk.img'';
driveExtraOpts.media = "disk"; driveExtraOpts.media = "disk";
deviceExtraOpts.bootindex = "1"; deviceExtraOpts.bootindex = "1";
} }
@@ -672,15 +835,26 @@ in
# configuration, where the regular value for the `fileSystems' # configuration, where the regular value for the `fileSystems'
# attribute should be disregarded for the purpose of building a VM # attribute should be disregarded for the purpose of building a VM
# test image (since those filesystems don't exist in the VM). # test image (since those filesystems don't exist in the VM).
fileSystems = mkVMOverride ( fileSystems =
cfg.fileSystems // let
{ "/".device = cfg.bootDevice; mkSharedDir = tag: share:
${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} = {
{ device = "store"; name =
fsType = "9p"; if tag == "nix-store" && cfg.writableStore
options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; then "/nix/.ro-store"
neededForBoot = true; else share.target;
}; value.device = tag;
value.fsType = "9p";
value.neededForBoot = true;
value.options =
[ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ]
++ lib.optional (tag == "nix-store") "cache=loose";
};
in
mkVMOverride (cfg.fileSystems //
{
"/".device = cfg.bootDevice;
"/tmp" = mkIf config.boot.tmpOnTmpfs "/tmp" = mkIf config.boot.tmpOnTmpfs
{ device = "tmpfs"; { device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
@@ -688,32 +862,20 @@ in
# Sync with systemd's tmp.mount; # Sync with systemd's tmp.mount;
options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ];
}; };
"/tmp/xchg" =
{ device = "xchg"; "/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs)
fsType = "9p";
options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}";
neededForBoot = true;
};
"/tmp/shared" =
{ device = "shared";
fsType = "9p";
options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}";
neededForBoot = true;
};
} // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs)
{ "/nix/.rw-store" =
{ fsType = "tmpfs"; { fsType = "tmpfs";
options = [ "mode=0755" ]; options = [ "mode=0755" ];
neededForBoot = true; neededForBoot = true;
}; };
} // optionalAttrs cfg.useBootLoader
{ "/boot" = "/boot" = mkIf cfg.useBootLoader
# see note [Disk layout with `useBootLoader`] # see note [Disk layout with `useBootLoader`]
{ device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` { device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk`
fsType = "vfat"; fsType = "vfat";
noCheck = true; # fsck fails on a r/o filesystem noCheck = true; # fsck fails on a r/o filesystem
}; };
}); } // lib.mapAttrs' mkSharedDir cfg.sharedDirectories);
swapDevices = mkVMOverride [ ]; swapDevices = mkVMOverride [ ];
boot.initrd.luks.devices = mkVMOverride {}; boot.initrd.luks.devices = mkVMOverride {};
@@ -734,7 +896,7 @@ in
# video driver the host uses. # video driver the host uses.
services.xserver.videoDrivers = mkVMOverride [ "modesetting" ]; services.xserver.videoDrivers = mkVMOverride [ "modesetting" ];
services.xserver.defaultDepth = mkVMOverride 0; services.xserver.defaultDepth = mkVMOverride 0;
services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ]; services.xserver.resolutions = mkVMOverride [ cfg.resolution ];
services.xserver.monitorSection = services.xserver.monitorSection =
'' ''
# Set a higher refresh rate so that resolutions > 800x600 work. # Set a higher refresh rate so that resolutions > 800x600 work.

4
nixos/tests/networking.nix
View File

@@ -8,7 +8,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib; with pkgs.lib;
let let
qemu-flags = import ../lib/qemu-flags.nix { inherit pkgs; }; qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; };
router = { config, pkgs, lib, ... }: router = { config, pkgs, lib, ... }:
with pkgs.lib; with pkgs.lib;
@@ -42,7 +42,7 @@ let
machines = flip map vlanIfs (vlan: machines = flip map vlanIfs (vlan:
{ {
hostName = "client${toString vlan}"; hostName = "client${toString vlan}";
ethernetAddress = qemu-flags.qemuNicMac vlan 1; ethernetAddress = qemu-common.qemuNicMac vlan 1;
ipAddress = "192.168.${toString vlan}.2"; ipAddress = "192.168.${toString vlan}.2";
} }
); );

8
pkgs/build-support/vm/default.nix
View File

@@ -9,9 +9,9 @@
}: }:
with pkgs; with pkgs;
with import ../../../nixos/lib/qemu-flags.nix { inherit pkgs; };
rec { rec {
qemu-common = import ../../../nixos/lib/qemu-common.nix { inherit lib pkgs; };
qemu = buildPackages.qemu_kvm; qemu = buildPackages.qemu_kvm;
@@ -192,13 +192,13 @@ rec {
export PATH=/bin:/usr/bin:${coreutils}/bin export PATH=/bin:/usr/bin:${coreutils}/bin
echo "Starting interactive shell..." echo "Starting interactive shell..."
echo "(To run the original builder: \$origBuilder \$origArgs)" echo "(To run the original builder: \$origBuilder \$origArgs)"
exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemuSerialDevice} &> /dev/${qemuSerialDevice} exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemu-common.qemuSerialDevice} &> /dev/${qemu-common.qemuSerialDevice}
fi fi
''; '';
qemuCommandLinux = '' qemuCommandLinux = ''
${qemuBinary qemu} \ ${qemu-common.qemuBinary qemu} \
-nographic -no-reboot \ -nographic -no-reboot \
-device virtio-rng-pci \ -device virtio-rng-pci \
-virtfs local,path=${storeDir},security_model=none,mount_tag=store \ -virtfs local,path=${storeDir},security_model=none,mount_tag=store \
@@ -206,7 +206,7 @@ rec {
''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \ ''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \
-kernel ${kernel}/${img} \ -kernel ${kernel}/${img} \
-initrd ${initrd}/initrd \ -initrd ${initrd}/initrd \
-append "console=${qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \ -append "console=${qemu-common.qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \
$QEMU_OPTS $QEMU_OPTS
''; '';