diff --git a/pkgs/ch-proxy/proxy.c b/pkgs/ch-proxy/proxy.c index 74f4f32..78bfefd 100644 --- a/pkgs/ch-proxy/proxy.c +++ b/pkgs/ch-proxy/proxy.c @@ -41,7 +41,7 @@ char *extract_uvm(const char *host_string) { } char *result; - if (asprintf(&result, "%s/uvms/%s/CONNECT.sock", home, &host_string[PREFIX_LEN]) == -1) { + if (asprintf(&result, "%s/uvms/%s/vsock.sock", home, &host_string[PREFIX_LEN]) == -1) { perror("ch-proxy/extract_uvm"); exit(EXIT_FAILURE); } @@ -59,7 +59,7 @@ char *extract_muvm(const char *host_string) { } char *result; - if (asprintf(&result, "/var/lib/microvms/%s/CONNECT.sock", &host_string[PREFIX_LEN]) == -1) { + if (asprintf(&result, "/var/lib/microvms/%s/vsock.sock", &host_string[PREFIX_LEN]) == -1) { perror("ch-proxy/extract_muvm"); exit(EXIT_FAILURE); } diff --git a/profiles/ch-runner.nix b/profiles/ch-runner.nix index de0dab9..fbb09a4 100644 --- a/profiles/ch-runner.nix +++ b/profiles/ch-runner.nix @@ -51,8 +51,8 @@ in "--cmdline=${lib.concatStringsSep " " cfg.cmdline}" "--kernel=${config.boot.kernelPackages.kernel}/${pkgs.stdenv.hostPlatform.linux-kernel.target}" "--initramfs=${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" - "--vsock=cid=4,socket=CONNECT.sock" - "--api-socket=ch.sock" + "--vsock=cid=4,socket=vsock.sock" + "--api-socket=vmm.sock" "--serial=tty" "--console=null" "--watchdog" @@ -69,7 +69,7 @@ in mkdir -p "$HOME/uvms/$GUESTNAME" cd "$HOME/uvms/$GUESTNAME" cleanup() { - rm "$HOME/uvms/$GUESTNAME"/{ch,CONNECT}.sock + rm "$HOME/uvms/$GUESTNAME"/{vmm,vsock}.sock } exec -a "uuvm/$GUESTNAME" "''${args[@]}" ''; diff --git a/profiles/uvms-guest.nix b/profiles/uvms-guest.nix index fb9bc1c..7fd95c8 100644 --- a/profiles/uvms-guest.nix +++ b/profiles/uvms-guest.nix @@ -7,12 +7,32 @@ }: let mkIfGuest = import ../lib/mkIfMicrovmGuest.nix { inherit options config lib; }; + inherit (lib) types; in { imports = [ ./vsock-connect-guest.nix ./uvms-users.nix ]; + options = { + uvms.zswap.enable = lib.mkEnableOption "Pass zswap.enabled=1 to kernelParams (and disable zramSwap)"; + uvms.zswap.settings = lib.mkOption { + description = "Zswap kernel module configuration"; + type = types.submodule { + freeformType = types.attrsOf types.str; + options.max_pool_percent = lib.mkOption { + type = types.int; + default = 25; + description = "..."; + }; + options.compressor = lib.mkOption { + type = types.str; + default = "zstd"; + description = "..."; + }; + }; + }; + }; config = lib.mkMerge [ (mkIfGuest { microvm = { @@ -31,10 +51,21 @@ in size = 768; } ]; + systemd.services."microvm@".serviceConfig.ExecStartPost = [ + (pkgs.writeShellScript "microvm-fix-umask" '' + if [[ -e vsock.sock ]] ; then + chmod g+rw vsock.sock + fi + '') + ]; }) - { - boot.kernelParams = [ "zswap.enabled=1" ]; + (lib.mkIf config.uvms.zswap.enable { zramSwap.enable = false; - } + boot.kernelParams = + builtins.attrValues (lib.mapAttrs ( + name: value: "zswap.${name}=${toString value}" + )) config.uvms.zswap.settings + ++ [ "zswap.enabled=1" ]; + }) ]; } diff --git a/profiles/uvms-users.nix b/profiles/uvms-users.nix index abe7c80..e75ac8f 100644 --- a/profiles/uvms-users.nix +++ b/profiles/uvms-users.nix @@ -18,7 +18,7 @@ in uvms.users.pubkeys.ssh = lib.mkOption { description = "Authorized SSH keys for user@ and root@"; type = lib.types.listOf lib.types.str; - defalut = [ ]; + default = [ ]; }; uvms.users.pubkeys.enable = lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM" @@ -49,7 +49,7 @@ in }; }; } - (lib.mkIf cfg.deployPubkeys { + (lib.mkIf cfg.pubkeys.enable { users.users.root.openssh = { inherit authorizedKeys; }; users.users.user.openssh = { inherit authorizedKeys; }; }) diff --git a/profiles/vsock-connect-guest.nix b/profiles/vsock-connect-guest.nix index 823f990..13b7b13 100644 --- a/profiles/vsock-connect-guest.nix +++ b/profiles/vsock-connect-guest.nix @@ -12,7 +12,7 @@ in (mkIfGuest { microvm.cloud-hypervisor.extraArgs = [ "--vsock" - "cid=4,socket=CONNECT.sock" + "cid=4,socket=vsock.sock" ]; }) {