Commit graph

721 commits

Author SHA1 Message Date
lewo
3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
Jörg Thalheim
553e0d81ee
Merge pull request #48771 from arianvp/container-tweaks
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
2018-10-31 16:08:16 +00:00
Lizard
a937dbedea nixos/libvirtd: utilize onShutdown option (#49480)
`services.virtualisation.libvirtd.onShutdown` was previously unused.
While suspending a domain on host shutdown is the default, this commit
makes it so domains can be shut down, also.
2018-10-31 00:01:00 +01:00
Alyssa Ross
c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Renaud
7ab76cc5e8
nixos/virtualbox-image: increase disk to 50G
100GB breaks cptofs but 50GB is fine and benchmarks shows it takes the same time as building the demo VBox VM with a 10GB disk

+ enabled VM sound output by default
+ set USB controller in USB2.0 mode
+ add manifest file in the OVA as it allows integrity checking on imports
2018-10-28 00:53:54 +02:00
Arian van Putten
9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Jörg Thalheim
e37892744f
Merge pull request #48640 from gnidorah/kvmgt
kvmgt module: add restart on failure
2018-10-19 10:45:04 +01:00
gnidorah
a6603fd8a8 kvmgt module: add service restart on failure 2018-10-18 22:35:32 +03:00
Silvan Mosberger
8319ec35b2
Merge pull request #47975 from aneeshusa/make-container-journals-available-from-host
containers: Make systemd journals available from the host
2018-10-17 02:56:05 +02:00
Eelco Dolstra
0bdd0d8e04
amazon-image.nix: Disable udisks
This reduces the system closure by 89 MiB.
2018-10-15 21:54:28 +02:00
Eelco Dolstra
47dfe25e1b
ec2-amis.nix: Add 18.09 images 2018-10-15 21:43:16 +02:00
Aneesh Agrawal
d85317c7b2 nixos/containers: Make systemd journals available from the host
This is set by default if using the upstream systemd-nspawn@ units.
2018-10-14 14:40:08 -07:00
volth
0d44d639f6 nixos/qemu-guest-agent: pkgs.{kvm -> qemu} (#48293)
there is no top-level pkgs.kvm
2018-10-13 00:41:46 +02:00
Silvan Mosberger
c881a04a5d
Merge pull request #47902 from pvgoran/correct-mkEnableOption-uses
nixos: correct improper uses of mkEnableOption, clarify service descr…
2018-10-11 21:31:32 +02:00
Renaud
d3b79965df
Revert "Increase Virtualbox disk image size" (#48151) 2018-10-10 12:53:48 +02:00
Samuel Dionne-Riel
7fb45271b2
Merge pull request #47917 from arianvp/fix-imperative-containers
Fix imperative containers
2018-10-08 16:55:38 -04:00
Matthew Bauer
751dc01977
Merge pull request #46649 from brainrape/patch-1
Increase Virtualbox disk image size
2018-10-05 22:42:06 -05:00
Arian van Putten
3624bb5362 nixos-container: Force container to talk to host nix-daemon
When logging into a container by using
  nixos-container root-login
all nix-related commands in the container would fail, as they
tried to modify the nix db and nix store, which are mounted
read-only in the container.  We want nixos-container to not
try to modify the nix store at all, but instead delegate
any build commands to the nix daemon of the host operating system.

This already works for non-root users inside a nixos-container,
as it doesn't 'own' the nix-store, and thus defaults
to talking to the daemon socket at /nix/var/nix/daemon-socket/,
which is bind-mounted to the host daemon-socket, causing all nix
commands to be delegated to the host.

However, when we are the root user inside the container, we have the
same uid as the nix store owner, eventhough it's not actually
the same root user (due to user namespaces). Nix gets confused,
and is convinced it's running in single-user mode, and tries
to modify the nix store directly instead.

By setting `NIX_REMOTE=daemon` in `/etc/profile`, we force nix
to operate in multi-user mode, so that it will talk to the host
daemon instead, which will modify the nix store for the container.

This fixes #40355
2018-10-05 18:36:47 +02:00
Pavel Goran
858b263bf0 nixos: correct improper uses of mkEnableOption, clarify service descriptions
Several service definitions used `mkEnableOption` with text starting
with "Whether to", which produced funny option descriptions like
"Whether to enable Whether to run the rspamd daemon..".

This commit corrects this, and adds short descriptions of services
to affected service definitions.
2018-10-05 13:14:45 +07:00
Peter Hoeg
6e3e136f77 nixos on hyperv: hot-add CPU 2018-09-28 22:28:26 +08:00
Peter Hoeg
3a76bc7a79 nixos on hyperv: load modules and set video mode 2018-09-28 22:28:17 +08:00
zimbatm
9fb79868ab google-compute-engine: 20180510 -> 20180905
The list of corresponding NixOS services are also updated
2018-09-26 11:48:16 +02:00
Sarah Brofeldt
ded8f28c3a Revert "virtualization/qemu-vm: fix and improve virtio/scsi switching"
This reverts commit f777d2b719.
cc #34409
This breaks evaluation of the tested job:
attribute 'diskInterface' missing, at /nix/store/5k9kk52bv6zsvsyyvpxhm8xmwyn2yjvx-source/pkgs/build-support/vm/default.nix:316:24
2018-09-25 11:10:10 +02:00
Stefan Junker
f777d2b719 virtualization/qemu-vm: fix and improve virtio/scsi switching 2018-09-22 23:29:19 +02:00
Márton Boros
f96dde6fd7
Increase Virtualbox disk image size
10G is not enough for a desktop installation, and resizing a Virtualbox disk image is a pain. 
Let's increase the default disk size to 100G. It does not require more storage space, since the empty bits are left out.
2018-09-13 23:15:41 +02:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Sarah Brofeldt
78fb4bd644 nixos/qemu-vm: Don't explicitly mknod /dev/vda*
And don't need to source the uevent files anymore either since $MAJOR
or $MINOR aren't used elsewhere.

[dezgeg: The reason these are no longer needed is that 0d27df280f
switched /tmp to a devtmpfs which automatically creates such device
nodes]
2018-08-16 14:19:41 +03:00
(cdep)illabout
e04e92d38b
Merge remote-tracking branch 'origin/master' into vbox-extpack 2018-08-16 00:40:09 +09:00
zimbatm
1e65420eb3
virtualbox module: allow to pass the package (#44907) 2018-08-11 19:40:00 +01:00
(cdep)illabout
56ad359d93
virtualization: update the virtualbox-host module to use the extension pack if enabled. 2018-08-11 02:48:29 +09:00
xeji
980505dc3b nixos/libvirtd: add option to run qemu as non-root
New option virtualisation.libvirtd.qemuRunAsRoot (default: true).
If false, qemu is run as non-privileged user qemu-libvirtd,
reducing security risk
2018-08-10 13:59:58 +02:00
Tuomas Tynkkynen
96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00
Eelco Dolstra
c9ea04b57f EC2 AMIs: 18.03.131792.becbe4dbe16 -> 18.03.132946.1caae7247b8 2018-07-24 21:19:14 +02:00
volth
92b3e8f147 fix build with allowAliases=false 2018-07-23 00:12:23 +00:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Dave Laing
4d5371f373 nixos/virtualbox: Adds more options to virtualbox-image.nix (#42699)
* nixos/virtualbox: Adds more options to virtualbox-image.nix

Previously you could only set the size of the disk.

This change adds the ability to change the amount of memory
that the image gets, along with the name / derivation name /
file name for the VM.

* Incorporates some review feedback
2018-07-11 19:45:10 +02:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Cole Mickens
a44a9fdad6 azure: stop carrying qemu-220 patch 2018-06-12 02:06:03 -07:00
Rob Vermaas
19332e4d52
Merge pull request #41311 from AmineChikhaoui/fix-gce-fetch-ssh
GCE image: properly remove the temporary ssh host keys files/directory
2018-06-04 11:38:07 +02:00
AmineChikhaoui
1398d0c312
avoid redundant rm calls 2018-06-04 10:23:40 +01:00
Matthew Justin Bauer
0135f04d77
Merge pull request #40242 from gnidorah/gvt
linux: enable support for iGVT-g VGPU
2018-06-01 23:14:35 -04:00
AmineChikhaoui
95c05343ce
revert 4a86f8c9ab and properly remove
the temporary ssh host keys file/directory.
2018-05-31 12:49:15 +01:00
Rob Vermaas
a8ed1fc4ed Update GCE image for 18.03
(cherry picked from commit 8aa385069f830fc801c8a04d2bd8a70a02be3de4)
2018-05-30 19:36:39 +02:00
gnidorah
a3e239ac62 nixos/kvmgt: init 2018-05-29 19:29:23 +03:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Ihor Antonov
08ebd830a5 Fix kernel crash caused by absent root device 2018-05-12 02:55:33 +03:00
aszlig
fb9f5e4a03
nixos/testing: Fix output of systemd messages
Regression introduced by d4468bedb5.

No systemd messages are shown anymore during VM test runs, which is not
very helpful if you want to find out about failures.

There is a bit of a conflict between testing and the change that
introduced the regression. While the mentioned commit makes sure that
the primary console is tty0 for virtualisation.graphics = false, our VM
tests need to have the serial console as primary console.

So in order to support both, I added a new virtualisation.qemu.consoles
option, which allows to specify those options using the module system.

The default of this option is to use the changes that were introduced
and in test-instrumentation.nix we use only the serial console the same
way as before.

For test-instrumentation.nix I didn't add a baudrate to the serial
console because I can't find a reason on top of my head why it should
need it. There also wasn't a reason stated when that was introduced in
7499e4a5b9.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @dezgeg, @edolstra
2018-05-10 08:21:20 +02:00
xeji
3d6f752c51
Merge pull request #39099 from teto/qemu_agent
qemu-guest-agent: init module
2018-05-10 01:22:52 +02:00
Florian Klink
7499e4a5b9 modules/virtualisation/qemu-vm: set console baudrate to 115200 2018-05-07 19:23:47 +03:00