Compare commits
3 commits
5f58a2ebb2
...
fc83efdb95
| Author | SHA1 | Date | |
|---|---|---|---|
|
fc83efdb95 | ||
|
|
6d710952ee | ||
|
|
61dd3938aa |
5 changed files with 42 additions and 11 deletions
|
|
@ -41,7 +41,7 @@ char *extract_uvm(const char *host_string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
char *result;
|
char *result;
|
||||||
if (asprintf(&result, "%s/uvms/%s/CONNECT.sock", home, &host_string[PREFIX_LEN]) == -1) {
|
if (asprintf(&result, "%s/uvms/%s/vsock.sock", home, &host_string[PREFIX_LEN]) == -1) {
|
||||||
perror("ch-proxy/extract_uvm");
|
perror("ch-proxy/extract_uvm");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
@ -59,7 +59,7 @@ char *extract_muvm(const char *host_string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
char *result;
|
char *result;
|
||||||
if (asprintf(&result, "/var/lib/microvms/%s/CONNECT.sock", &host_string[PREFIX_LEN]) == -1) {
|
if (asprintf(&result, "/var/lib/microvms/%s/vsock.sock", &host_string[PREFIX_LEN]) == -1) {
|
||||||
perror("ch-proxy/extract_muvm");
|
perror("ch-proxy/extract_muvm");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -51,8 +51,8 @@ in
|
||||||
"--cmdline=${lib.concatStringsSep " " cfg.cmdline}"
|
"--cmdline=${lib.concatStringsSep " " cfg.cmdline}"
|
||||||
"--kernel=${config.boot.kernelPackages.kernel}/${pkgs.stdenv.hostPlatform.linux-kernel.target}"
|
"--kernel=${config.boot.kernelPackages.kernel}/${pkgs.stdenv.hostPlatform.linux-kernel.target}"
|
||||||
"--initramfs=${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"
|
"--initramfs=${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"
|
||||||
"--vsock=cid=4,socket=CONNECT.sock"
|
"--vsock=cid=4,socket=vsock.sock"
|
||||||
"--api-socket=ch.sock"
|
"--api-socket=vmm.sock"
|
||||||
"--serial=tty"
|
"--serial=tty"
|
||||||
"--console=null"
|
"--console=null"
|
||||||
"--watchdog"
|
"--watchdog"
|
||||||
|
|
@ -69,7 +69,7 @@ in
|
||||||
mkdir -p "$HOME/uvms/$GUESTNAME"
|
mkdir -p "$HOME/uvms/$GUESTNAME"
|
||||||
cd "$HOME/uvms/$GUESTNAME"
|
cd "$HOME/uvms/$GUESTNAME"
|
||||||
cleanup() {
|
cleanup() {
|
||||||
rm "$HOME/uvms/$GUESTNAME"/{ch,CONNECT}.sock
|
rm "$HOME/uvms/$GUESTNAME"/{vmm,vsock}.sock
|
||||||
}
|
}
|
||||||
exec -a "uuvm/$GUESTNAME" "''${args[@]}"
|
exec -a "uuvm/$GUESTNAME" "''${args[@]}"
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
|
|
@ -7,12 +7,32 @@
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
mkIfGuest = import ../lib/mkIfMicrovmGuest.nix { inherit options config lib; };
|
mkIfGuest = import ../lib/mkIfMicrovmGuest.nix { inherit options config lib; };
|
||||||
|
inherit (lib) types;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./vsock-connect-guest.nix
|
./vsock-connect-guest.nix
|
||||||
./uvms-users.nix
|
./uvms-users.nix
|
||||||
];
|
];
|
||||||
|
options = {
|
||||||
|
uvms.zswap.enable = lib.mkEnableOption "Pass zswap.enabled=1 to kernelParams (and disable zramSwap)";
|
||||||
|
uvms.zswap.settings = lib.mkOption {
|
||||||
|
description = "Zswap kernel module configuration";
|
||||||
|
type = types.submodule {
|
||||||
|
freeformType = types.attrsOf types.str;
|
||||||
|
options.max_pool_percent = lib.mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 25;
|
||||||
|
description = "...";
|
||||||
|
};
|
||||||
|
options.compressor = lib.mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "zstd";
|
||||||
|
description = "...";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
config = lib.mkMerge [
|
config = lib.mkMerge [
|
||||||
(mkIfGuest {
|
(mkIfGuest {
|
||||||
microvm = {
|
microvm = {
|
||||||
|
|
@ -31,10 +51,21 @@ in
|
||||||
size = 768;
|
size = 768;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
systemd.services."microvm@".serviceConfig.ExecStartPost = [
|
||||||
|
(pkgs.writeShellScript "microvm-fix-umask" ''
|
||||||
|
if [[ -e vsock.sock ]] ; then
|
||||||
|
chmod g+rw vsock.sock
|
||||||
|
fi
|
||||||
|
'')
|
||||||
|
];
|
||||||
})
|
})
|
||||||
{
|
(lib.mkIf config.uvms.zswap.enable {
|
||||||
boot.kernelParams = [ "zswap.enabled=1" ];
|
|
||||||
zramSwap.enable = false;
|
zramSwap.enable = false;
|
||||||
}
|
boot.kernelParams =
|
||||||
|
builtins.attrValues ((lib.mapAttrs (
|
||||||
|
name: value: "zswap.${name}=${toString value}"
|
||||||
|
)) config.uvms.zswap.settings)
|
||||||
|
++ [ "zswap.enabled=1" ];
|
||||||
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ in
|
||||||
uvms.users.pubkeys.ssh = lib.mkOption {
|
uvms.users.pubkeys.ssh = lib.mkOption {
|
||||||
description = "Authorized SSH keys for user@ and root@";
|
description = "Authorized SSH keys for user@ and root@";
|
||||||
type = lib.types.listOf lib.types.str;
|
type = lib.types.listOf lib.types.str;
|
||||||
defalut = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
uvms.users.pubkeys.enable =
|
uvms.users.pubkeys.enable =
|
||||||
lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM"
|
lib.mkEnableOption "Deploy (SSH, &c) public (authorized) keys. This leaks certain public IDs into the VM"
|
||||||
|
|
@ -49,7 +49,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
(lib.mkIf cfg.deployPubkeys {
|
(lib.mkIf cfg.pubkeys.enable {
|
||||||
users.users.root.openssh = { inherit authorizedKeys; };
|
users.users.root.openssh = { inherit authorizedKeys; };
|
||||||
users.users.user.openssh = { inherit authorizedKeys; };
|
users.users.user.openssh = { inherit authorizedKeys; };
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ in
|
||||||
(mkIfGuest {
|
(mkIfGuest {
|
||||||
microvm.cloud-hypervisor.extraArgs = [
|
microvm.cloud-hypervisor.extraArgs = [
|
||||||
"--vsock"
|
"--vsock"
|
||||||
"cid=4,socket=CONNECT.sock"
|
"cid=4,socket=vsock.sock"
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue