public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libvirtd (nixos): support bridging for user sessions

Browse Source
This commit is contained in:
Peter Hoeg 2019-01-02 21:35:58 +08:00
parent 38798eefc7
commit 28563ef5cb
1 changed files with 64 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
nixos/modules/virtualisation/libvirtd.nix
View File

@ -23,14 +23,16 @@ let
''} ''}
${cfg.qemuVerbatimConfig} ${cfg.qemuVerbatimConfig}
''; '';
dirName = "libvirt";
subDirs = list: [ dirName ] ++ map (e: "${dirName}/${e}") list;
in { in {
###### interface ###### interface
options = { options.virtualisation.libvirtd = {
virtualisation.libvirtd.enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
@ -41,7 +43,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.qemuPackage = mkOption { qemuPackage = mkOption {
type = types.package; type = types.package;
default = pkgs.qemu; default = pkgs.qemu;
description = '' description = ''
@ -51,7 +53,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = ''
@ -60,7 +62,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.qemuRunAsRoot = mkOption { qemuRunAsRoot = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = ''
@ -72,7 +74,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.qemuVerbatimConfig = mkOption { qemuVerbatimConfig = mkOption {
type = types.lines; type = types.lines;
default = '' default = ''
namespaces = [] namespaces = []
@ -84,7 +86,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.qemuOvmf = mkOption { qemuOvmf = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = ''
@ -93,7 +95,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.extraOptions = mkOption { extraOptions = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "--verbose" ]; example = [ "--verbose" ];
@ -102,7 +104,7 @@ in {
''; '';
}; };
virtualisation.libvirtd.onShutdown = mkOption { onShutdown = mkOption {
type = types.enum ["shutdown" "suspend" ]; type = types.enum ["shutdown" "suspend" ];
default = "suspend"; default = "suspend";
description = '' description = ''
@ -113,6 +115,14 @@ in {
''; '';
}; };
allowedBridges = mkOption {
type = types.listOf types.str;
default = [ "virbr0" ];
description = ''
List of bridge devices that can be used by qemu:///session
'';
};
}; };
@ -120,7 +130,12 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ libvirt libressl.nc cfg.qemuPackage ]; environment = {
# this file is expected in /etc/qemu and not sysconfdir (/var/lib)
etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e:
"allow ${e}") cfg.allowedBridges;
systemPackages = with pkgs; [ libvirt libressl.nc cfg.qemuPackage ];
};
boot.kernelModules = [ "tun" ]; boot.kernelModules = [ "tun" ];
@ -134,30 +149,15 @@ in {
group = "qemu-libvirtd"; group = "qemu-libvirtd";
}; };
security.wrappers.qemu-bridge-helper = {
source = "/run/${dirName}/nix-helpers/qemu-bridge-helper";
};
systemd.packages = [ pkgs.libvirt ]; systemd.packages = [ pkgs.libvirt ];
systemd.services.libvirtd = { systemd.services.libvirtd-config = {
description = "Libvirt Virtual Machine Management Daemon"; description = "Libvirt Virtual Machine Management Daemon - configuration";
script = ''
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ]
++ optional vswitch.enable "vswitchd.service";
environment.LIBVIRTD_ARGS = ''--config "${configFile}" ${concatStringsSep " " cfg.extraOptions}'';
path = [ cfg.qemuPackage ] # libvirtd requires qemu-img to manage disk images
++ optional vswitch.enable vswitch.package;
preStart = ''
mkdir -p /var/log/libvirt/qemu -m 755
rm -f /var/run/libvirtd.pid
mkdir -p /var/lib/libvirt
mkdir -p /var/lib/libvirt/dnsmasq
chmod 755 /var/lib/libvirt
chmod 755 /var/lib/libvirt/dnsmasq
# Copy default libvirt network config .xml files to /var/lib # Copy default libvirt network config .xml files to /var/lib
# Files modified by the user will not be overwritten # Files modified by the user will not be overwritten
for i in $(cd ${pkgs.libvirt}/var/lib && echo \ for i in $(cd ${pkgs.libvirt}/var/lib && echo \
@ -169,21 +169,45 @@ in {
done done
# Copy generated qemu config to libvirt directory # Copy generated qemu config to libvirt directory
cp -f ${qemuConfigFile} /var/lib/libvirt/qemu.conf cp -f ${qemuConfigFile} /var/lib/${dirName}/qemu.conf
# stable (not GC'able as in /nix/store) paths for using in <emulator> section of xml configs # stable (not GC'able as in /nix/store) paths for using in <emulator> section of xml configs
mkdir -p /run/libvirt/nix-emulators
for emulator in ${pkgs.libvirt}/libexec/libvirt_lxc ${cfg.qemuPackage}/bin/qemu-kvm ${cfg.qemuPackage}/bin/qemu-system-*; do for emulator in ${pkgs.libvirt}/libexec/libvirt_lxc ${cfg.qemuPackage}/bin/qemu-kvm ${cfg.qemuPackage}/bin/qemu-system-*; do
ln -s --force "$emulator" /run/libvirt/nix-emulators/ ln -s --force "$emulator" /run/${dirName}/nix-emulators/
done
for helper in libexec/qemu-bridge-helper bin/qemu-pr-helper; do
ln -s --force ${cfg.qemuPackage}/$helper /run/${dirName}/nix-helpers/
done done
${optionalString cfg.qemuOvmf '' ${optionalString cfg.qemuOvmf ''
mkdir -p /run/libvirt/nix-ovmf ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd /run/${dirName}/nix-ovmf/
ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd /run/libvirt/nix-ovmf/ ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd /run/${dirName}/nix-ovmf/
ln -s --force ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd /run/libvirt/nix-ovmf/
''} ''}
''; '';
serviceConfig = {
Type = "oneshot";
RuntimeDirectoryPreserve = "yes";
LogsDirectory = subDirs [ "qemu" ];
RuntimeDirectory = subDirs [ "nix-emulators" "nix-helpers" "nix-ovmf" ];
StateDirectory = subDirs [ "dnsmasq" ];
};
};
systemd.services.libvirtd = {
description = "Libvirt Virtual Machine Management Daemon";
wantedBy = [ "multi-user.target" ];
requires = [ "libvirtd-config.service" ];
after = [ "systemd-udev-settle.service" "libvirtd-config.service" ]
++ optional vswitch.enable "vswitchd.service";
environment.LIBVIRTD_ARGS = ''--config "${configFile}" ${concatStringsSep " " cfg.extraOptions}'';
path = [ cfg.qemuPackage ] # libvirtd requires qemu-img to manage disk images
++ optional vswitch.enable vswitch.package;
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
KillMode = "process"; # when stopping, leave the VMs alone KillMode = "process"; # when stopping, leave the VMs alone
@ -203,7 +227,7 @@ in {
systemd.sockets.virtlogd = { systemd.sockets.virtlogd = {
description = "Virtual machine log manager socket"; description = "Virtual machine log manager socket";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
listenStreams = [ "/run/libvirt/virtlogd-sock" ]; listenStreams = [ "/run/${dirName}/virtlogd-sock" ];
}; };
systemd.services.virtlogd = { systemd.services.virtlogd = {
@ -215,7 +239,7 @@ in {
systemd.sockets.virtlockd = { systemd.sockets.virtlockd = {
description = "Virtual machine lock manager socket"; description = "Virtual machine lock manager socket";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
listenStreams = [ "/run/libvirt/virtlockd-sock" ]; listenStreams = [ "/run/${dirName}/virtlockd-sock" ];
}; };
systemd.services.virtlockd = { systemd.services.virtlockd = {