1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 22:20:51 +00:00
Commit graph

893 commits

Author SHA1 Message Date
worldofpeace 3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
Peter Hoeg 67cca52fd9
Merge pull request #53204 from peterhoeg/m/libvirt
libvirt: support proper networking in user session
2019-06-27 11:39:48 +08:00
Eelco Dolstra aef7f1b31a
Typo 2019-06-25 14:46:04 +02:00
Peter Hoeg 28563ef5cb libvirtd (nixos): support bridging for user sessions 2019-06-21 11:11:48 +08:00
Jörg Thalheim 55e2c850a3
nixos/kvmgt: fix starting condition (#62096)
nixos/kvmgt: fix starting condition
2019-06-17 16:32:54 +01:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Danylo Hlynskyi e718eb6243
Merge pull request #62712 from danbst/module-conflict-naming
NixOS module system: improve one of error messages
2019-06-13 11:59:54 +03:00
Graham Christensen b2fbbad107
nixos containers: restart containers with autoStart = true when their conf changes 2019-06-06 11:57:08 -04:00
Graham Christensen e7872cda4b
nixos containers: don't shadow config, rename to containerConfig 2019-06-06 11:57:05 -04:00
danbst f7940bb95d nixos/containers: give a name to an anonymous container module
See https://github.com/NixOS/nixpkgs/issues/15747. Previously this module was called `<unknown-file>`
in error messages, now it is called a bit more close to real:
```
module at /home/danbst/dev/nixpkgs/nixos/modules/virtualisation/containers.nix:470
```
2019-06-05 03:11:09 +03:00
Ding Xiang Fei 359fd5b729 nixos/modules/virtualisation/google-compute-config.nix: pin filesystem type to ext4 for now
Fix #61859.
Assertion fails when a Google Compute Engine image is built, because
now choices of filesystem types are restricted to `f2fs` and `ext` family if
auto-resizing is enabled.
This change will pin the filesystem used on such an image to be `ext4` for now.
2019-05-27 14:15:02 +08:00
gnidorah eac62f61d1 nixos/kvmgt: fix starting condition 2019-05-26 22:02:43 +03:00
Ambroz Bizjak 370d3af0c4 nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
A new internal option `hardware.opengl.setLdLibraryPath` is added which controls if `LD_LIBRARY_PATH` should be set to `/run/opengl-driver(-32)/lib`. It is false by default and is meant to be set to true by any driver which requires it. If this option is false, then `opengl.nix` and `xserver.nix` will not set `LD_LIBRARY_PATH`.

Currently Mesa and NVidia drivers don't set `setLdLibraryPath` because they work with libglvnd and do not override libraries, while `amdgpu-pro`, `ati` and `parallels-guest` set it to true (the former two really need it, the last one doesn't build so is presumed to).

Additionally, the `libPath` attribute within entries of `services.xserver.drivers` is removed. This made `xserver.nix` add the driver path directly to the `LD_LIBRARY_PATH` for the display manager (including X server). Not only is it redundant when the driver is added to `hardware.opengl.package` (assuming that `hardware.opengl.enable` is true), in fact all current drivers except `ati` set it incorrectly to the package path instead of package/lib.

This removal of `LD_LIBRARY_PATH` could break certain packages using CUDA, but only those that themselves load `libcuda` or other NVidia driver libraries using `dlopen` (not if they just use `cudatoolkit`). A few have already been fixed but it is practically impossible to test all because most packages using CUDA are libraries/frameworks without a simple way to test.

Fixes #11434 if only Mesa or NVidia graphics drivers are used.
2019-05-26 10:23:46 +02:00
mkenigs 42232ebea4
docker: fix typo 2019-05-22 08:40:01 -07:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Eelco Dolstra de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
Ambroz Bizjak 5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Samuel Dionne-Riel 429e554714 nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer dbc4543812 nixos/virtualbox: add swap file
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.

Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
AmineChikhaoui 548932640b
ec2-amis.nix: add 19.03 amis 2019-04-18 23:07:14 -04:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
aszlig 68efd790b8
nixos: Don't enable Docker by default
Regression introduced by c94005358c.

The commit introduced declarative docker containers and subsequently
enables docker whenever any declarative docker containers are defined.

This is done via an option with type "attrsOf somesubmodule" and a check
on whether the attribute set is empty.

Unfortunately, the check was whether a *list* is empty rather than
wether an attribute set is empty, so "mkIf (cfg != [])" *always*
evaluates to true and thus subsequently enables docker by default:

$ nix-instantiate --eval nixos --arg configuration {} \
    -A config.virtualisation.docker.enable
true

Fixing this is simply done by changing the check to "mkIf (cfg != {})".

Tested this by running the "docker-containers" NixOS test and it still
passes.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @benley, @danbst, @Infinisil, @nlewo
2019-03-26 07:10:18 +01:00
Samuel Dionne-Riel 60847311e6 nixos/virtualbox-image: set the root fsType to reenable root FS resizing
This otherwise does not eval `:tested` any more, which means no nixos
channel updates.

Regression comes from 0eb6d0735f (#57751)
which added an assertion stopping the use of `autoResize` when the
filesystem cannot be resized automatically.
2019-03-24 22:41:26 -04:00
Benjamin Staffin c94005358c NixOS: Run Docker containers as declarative systemd services (#55179)
* WIP: Run Docker containers as declarative systemd services

* PR feedback round 1

* docker-containers: add environment, ports, user, workdir options

* docker-containers: log-driver, string->str, line wrapping

* ExecStart instead of script wrapper, %n for container name

* PR feedback: better description and example formatting

* Fix docbook formatting (oops)

* Use a list of strings for ports, expand documentation

* docker-continers: add a simple nixos test

* waitUntilSucceeds to avoid potential weird async issues

* Don't enable docker daemon unless we actually need it

* PR feedback: leave ExecReload undefined
2019-03-25 00:59:09 +02:00
Bob van der Linden d8dc1226f4
nixos/openvswitch: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden 8c1e00095a
nixos/docker: /var/run -> /run 2019-03-24 21:15:34 +01:00
Andreas Rammhold af27dbf1d1
Merge pull request #57897 from rnhmjoj/fix-ipv6
nixos/containers: create veths if only IPv6 is configured
2019-03-24 18:17:06 +01:00
Gabriel Ebner 03f7c82e62
Merge pull request #57826 from gebner/anbox
anbox: init at 2019-03-07
2019-03-22 19:19:47 +01:00
Antoine Eiche f116d046f6 openstackImage: set the / fsType to reenable root FS resizing
Since 34234dcb51, the reisizefs tool is
embeded only if the `fsType` starts with `ext`. The default `fsType`
value is `auto`.
2019-03-21 10:04:07 +01:00
rnhmjoj 552e583ef0
nixos/containers: create veths if only IPv6 is configured
This fixes the failing nixos.tests.containers-ipv6 test. Thanks to andir.
2019-03-20 04:38:10 +01:00
Edward Tjörnhammar 0f03f28b75 nixos/anbox: init module
Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
2019-03-18 09:28:02 +01:00
talyz 261372b69c amazon-image.nix: Resolve failure to include resize2fs
Since 34234dcb51, for resize2fs to be automatically included in
initrd, a filesystem needed for boot must be explicitly defined as an
ext* type filesystem.
2019-03-15 17:33:45 +01:00
Aristid Breitkreuz 3671047632 virtualbox-host module: fix warnings syntax 2019-03-09 11:39:22 +01:00
Silvan Mosberger 70ed39d899
Merge pull request #56322 from bendlas/warn-virtualbox-config
virtualbox: add warning for ineffective nixpkgs config
2019-03-08 21:06:50 +01:00
Herwig Hochleitner 8b6a38ce7e nixos/virtualbox: add warning when for ineffective nixpkgs config
nixpkgs.config.virtualbox.enableExtensionPack doesn't do anything, but
used to. Add a warning for the unsuspecting.
2019-03-06 17:31:54 +01:00
Averell Dalton 7f7209ef9a nixos/docker: add enableNvidia option 2019-02-27 09:56:03 +01:00
Ryan Mulligan d14f102334
Merge pull request #44573 from vincentbernat/feature/cloudstack
nixos/cloudstack-image: initial import
2019-02-24 08:28:42 -08:00
Peter Hoeg ecb3c507f5
Merge pull request #54917 from peterhoeg/f/vmware
vmware: move from services to virtualisation and add support for paravirtual controller
2019-02-20 14:34:25 +08:00
Jean-Philippe Braun 376b2ef2b8 nixos/qemu-vm: declarative drives
Adds `virtualisation.qemu.drives` option to specify drives to be used by
qemu.

Also fix boot when `virtualisation.useBootLoader` is set to true. Since
the boot disk is second qemu doesn't boot on it. Added `bootindex=1` to
the boot disk device.
2019-02-12 16:55:02 +01:00
lewo b2f3738336
Merge pull request #55589 from johanot/docker-preloader-mkif-guard
nixos/dockerPreloader: guard the entire implemetation with mkIf on image list
2019-02-12 10:16:21 +01:00
Johan Thomsen 302c4df41d nixos/dockerPreloader: guard the entire implemetation with mkIf on image list 2019-02-11 23:35:25 +01:00
Florian Klink e6df4dfe59
Merge pull request #54800 from nlewo/nova
Remove cloud-init from the Openstack image configuration
2019-02-11 22:23:32 +01:00
Antoine Eiche 933da6de91 nixos: Add ec2-metadata-fetcher.nix file
To share the metadata fetcher script between ec2 and Openstack images.
2019-02-11 20:58:45 +01:00
Antoine Eiche 78acac050f nixos/openstackImage: default hostname is empty string
This is to let the `ec2-data.nix` module sets the hostname from the
metadata API value.
2019-02-11 20:58:45 +01:00
Antoine Eiche d190b204f0 Rename novaImage to openstackImage
People don't necessary know `nova` is related to Openstack (it is a
component of Openstack). So, it is more explicit to call it
`openstackImage`.
2019-02-11 20:58:44 +01:00
Antoine Eiche 849460f878 nova-image: add amazon-init module to the nova image
This allows the VM to provide a `configuration.nix` file to the VM.

The test doesn't work in sandbox because it needs Internet (however it
works interactively).
2019-01-28 14:44:41 +01:00
Florian Klink 38be383a6f
Merge pull request #53419 from uvNikita/containers/fix-bridge
nixos/containers: add bridge without address specified
2019-01-28 12:39:13 +01:00
Antoine Eiche 2858b35100 nova-image: use wget instead of cloud-init (via EC2 API)
The Openstack metadata service exposes the EC2 API. We use the
existing `ec2.nix` module to configure the hostname and ssh keys of an
Openstack Instance.

A test checks the ssh server is well configured.

This is mainly to reduce the size of the image (700MB). Also,
declarative features provided by cloud-init are not really useful
since we would prefer to use our `configuration.nix` file instead.
2019-01-28 11:59:18 +01:00
Franz Pletz ca0639837c
Merge pull request #53871 from elseym/fix-container-extraveths
nixos/containers: explicitly set link up on host for extraVeths
2019-01-14 03:59:19 +00:00
Profpatsch c8c53fcb11 modules/profiles/minimal: sound is disabled by default
The option is `false` by default since
e349ccc77f, so we don’t need to mention
it explicitely in these minimal configs.
2019-01-13 13:47:36 +01:00
elseym 8a8bf886b5
nixos/containers: explicitly set link up on host for extraVeths 2019-01-13 11:27:39 +01:00
Nikita Uvarov 53013ead39
nixos/containers: add bridge without address specified
According to systemd-nspawn(1), --network-bridge implies --network-veth,
and --port option is supported only when private networking is enabled.
Fixes #52417.
2019-01-07 14:21:17 +01:00
Florian Klink 706efadcb6 nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon
Use googleOsLogin for login instead.
This allows setting users.mutableUsers back to false, and to strip the
security.sudo.extraConfig.

security.sudo.enable is default anyhow, so we can remove that as well.
2018-12-21 17:52:37 +01:00
Florian Klink 0834e98ece
Merge pull request #51393 from arianvp/container-names
nixos/containers: Add assertion for container name length
2018-12-05 01:25:16 +01:00
Jörg Thalheim 958d8e625e
Merge pull request #49392 from uvNikita/nixos/containers/veths
nixos/containers: don't create veths if not configured
2018-12-03 23:44:50 +00:00
Arian van Putten bf102825ef nixos/containers: Add assertion for container name length
When privateNetwork is enabled, currently the container's interface name
is derived from the container name. However, there's a hard limit
on the size of interface names. To avoid conflicts and other issues,
we set a limit on the container name when privateNetwork is enabled.

Fixes #38509
2018-12-02 15:26:39 +01:00
Erik Arvstedt c64a9718ce nixos/containers: simplify env var definition
Also clear up the misleading comment: This env var isn't
root-specific, it's needed for all users.
2018-11-26 23:06:56 +01:00
Ding Xiang Fei 88570538b3 google-compute-image: make it a module and the size tuneable (#49854)
* move GCE system configuration to `google-compute-config.nix`
* remove `fetch-ssh-keys` service (disabled in comment)
2018-11-26 14:51:00 +00:00
Ding Xiang Fei b011049cf6 Merge branch 'master' of https://github.com/nixos/nixpkgs into tarball-closureinfo 2018-11-26 12:04:07 +08:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 (#50934)
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
Jörg Thalheim 50daffc4b8
nixos/docker-image: add example usage 2018-11-23 15:40:10 +00:00
Vincent Bernat 15f98b7192 nixos/cloudstack-image: initial import
Cloudstack images are simply using cloud-init. They are not headless
as a user usually have access to a console. Otherwise, the difference
with Openstack are mostly handled by cloud-init.

This is still some minor issues. Notably, there is no non-root user.
Other cloud images usually come with a user named after the
distribution and with sudo. Would it make sense for NixOS?

Cloudstack gives the user the ability to change the password.
Cloud-init support for this is imperfect and the set-passwords module
should be declared as `- [set-passwords, always]` for this to work. I
don't know if there is an easy way to "patch" default cloud-init
configuration. However, without a non-root user, this is of no use.

Similarly, hostname is usually set through cloud-init using
`set_hostname` and `update_hostname` modules. While the patch to
declare nixos to cloud-init contains some code to set hostname, the
previously mentioned modules are not enabled.
2018-11-17 20:40:11 +01:00
Rob Vermaas 02b60418b1 Update GCE image for 18.09
(cherry picked from commit e0eb712136)
2018-11-16 11:43:42 +01:00
Matthew Bauer 2b604c2836
Merge pull request #49670 from matthewbauer/pkgs-i686-remove
Fix pkgsi686Linux assertion
2018-11-04 12:49:09 -06:00
Sarah Brofeldt 99c052bac4 nixos/google-network-daemon: systemd job type simple instead of oneshot (#49692) 2018-11-03 16:16:17 +01:00
Florian Klink 4d51002216
Merge pull request #49650 from srghma/srghma-patch-1
amazon-image: fix typo in comment
2018-11-03 16:04:47 +01:00
Matthew Bauer 4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00
lewo 3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
Jörg Thalheim 553e0d81ee
Merge pull request #48771 from arianvp/container-tweaks
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
2018-10-31 16:08:16 +00:00
Lizard a937dbedea nixos/libvirtd: utilize onShutdown option (#49480)
`services.virtualisation.libvirtd.onShutdown` was previously unused.
While suspending a domain on host shutdown is the default, this commit
makes it so domains can be shut down, also.
2018-10-31 00:01:00 +01:00
Alyssa Ross c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Nikita Uvarov 6d4b02df3f
nixos/containers: don't create veths if not configured
Previously, setting "privateNetwork = true" without specifying host and
local addresses would create unconfigured interfaces: ve-$INSTANCE on the host
and eth0 inside the container.

These changes is rebased part of the original PR #3021.
2018-10-29 14:02:50 +01:00
Renaud 7ab76cc5e8
nixos/virtualbox-image: increase disk to 50G
100GB breaks cptofs but 50GB is fine and benchmarks shows it takes the same time as building the demo VBox VM with a 10GB disk

+ enabled VM sound output by default
+ set USB controller in USB2.0 mode
+ add manifest file in the OVA as it allows integrity checking on imports
2018-10-28 00:53:54 +02:00
Arian van Putten 9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Jörg Thalheim e37892744f
Merge pull request #48640 from gnidorah/kvmgt
kvmgt module: add restart on failure
2018-10-19 10:45:04 +01:00
gnidorah a6603fd8a8 kvmgt module: add service restart on failure 2018-10-18 22:35:32 +03:00
Silvan Mosberger 8319ec35b2
Merge pull request #47975 from aneeshusa/make-container-journals-available-from-host
containers: Make systemd journals available from the host
2018-10-17 02:56:05 +02:00
Eelco Dolstra 0bdd0d8e04
amazon-image.nix: Disable udisks
This reduces the system closure by 89 MiB.
2018-10-15 21:54:28 +02:00
Eelco Dolstra 47dfe25e1b
ec2-amis.nix: Add 18.09 images 2018-10-15 21:43:16 +02:00
Aneesh Agrawal d85317c7b2 nixos/containers: Make systemd journals available from the host
This is set by default if using the upstream systemd-nspawn@ units.
2018-10-14 14:40:08 -07:00
volth 0d44d639f6 nixos/qemu-guest-agent: pkgs.{kvm -> qemu} (#48293)
there is no top-level pkgs.kvm
2018-10-13 00:41:46 +02:00
Silvan Mosberger c881a04a5d
Merge pull request #47902 from pvgoran/correct-mkEnableOption-uses
nixos: correct improper uses of mkEnableOption, clarify service descr…
2018-10-11 21:31:32 +02:00
Renaud d3b79965df
Revert "Increase Virtualbox disk image size" (#48151) 2018-10-10 12:53:48 +02:00
Samuel Dionne-Riel 7fb45271b2
Merge pull request #47917 from arianvp/fix-imperative-containers
Fix imperative containers
2018-10-08 16:55:38 -04:00
Matthew Bauer 751dc01977
Merge pull request #46649 from brainrape/patch-1
Increase Virtualbox disk image size
2018-10-05 22:42:06 -05:00
Arian van Putten 3624bb5362 nixos-container: Force container to talk to host nix-daemon
When logging into a container by using
  nixos-container root-login
all nix-related commands in the container would fail, as they
tried to modify the nix db and nix store, which are mounted
read-only in the container.  We want nixos-container to not
try to modify the nix store at all, but instead delegate
any build commands to the nix daemon of the host operating system.

This already works for non-root users inside a nixos-container,
as it doesn't 'own' the nix-store, and thus defaults
to talking to the daemon socket at /nix/var/nix/daemon-socket/,
which is bind-mounted to the host daemon-socket, causing all nix
commands to be delegated to the host.

However, when we are the root user inside the container, we have the
same uid as the nix store owner, eventhough it's not actually
the same root user (due to user namespaces). Nix gets confused,
and is convinced it's running in single-user mode, and tries
to modify the nix store directly instead.

By setting `NIX_REMOTE=daemon` in `/etc/profile`, we force nix
to operate in multi-user mode, so that it will talk to the host
daemon instead, which will modify the nix store for the container.

This fixes #40355
2018-10-05 18:36:47 +02:00
Pavel Goran 858b263bf0 nixos: correct improper uses of mkEnableOption, clarify service descriptions
Several service definitions used `mkEnableOption` with text starting
with "Whether to", which produced funny option descriptions like
"Whether to enable Whether to run the rspamd daemon..".

This commit corrects this, and adds short descriptions of services
to affected service definitions.
2018-10-05 13:14:45 +07:00
Peter Hoeg 6e3e136f77 nixos on hyperv: hot-add CPU 2018-09-28 22:28:26 +08:00
Peter Hoeg 3a76bc7a79 nixos on hyperv: load modules and set video mode 2018-09-28 22:28:17 +08:00
zimbatm 9fb79868ab google-compute-engine: 20180510 -> 20180905
The list of corresponding NixOS services are also updated
2018-09-26 11:48:16 +02:00
Sarah Brofeldt ded8f28c3a Revert "virtualization/qemu-vm: fix and improve virtio/scsi switching"
This reverts commit f777d2b719.
cc #34409
This breaks evaluation of the tested job:
attribute 'diskInterface' missing, at /nix/store/5k9kk52bv6zsvsyyvpxhm8xmwyn2yjvx-source/pkgs/build-support/vm/default.nix:316:24
2018-09-25 11:10:10 +02:00
Stefan Junker f777d2b719 virtualization/qemu-vm: fix and improve virtio/scsi switching 2018-09-22 23:29:19 +02:00
Márton Boros f96dde6fd7
Increase Virtualbox disk image size
10G is not enough for a desktop installation, and resizing a Virtualbox disk image is a pain. 
Let's increase the default disk size to 100G. It does not require more storage space, since the empty bits are left out.
2018-09-13 23:15:41 +02:00
John Ericson 2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Sarah Brofeldt 78fb4bd644 nixos/qemu-vm: Don't explicitly mknod /dev/vda*
And don't need to source the uevent files anymore either since $MAJOR
or $MINOR aren't used elsewhere.

[dezgeg: The reason these are no longer needed is that 0d27df280f
switched /tmp to a devtmpfs which automatically creates such device
nodes]
2018-08-16 14:19:41 +03:00
(cdep)illabout e04e92d38b
Merge remote-tracking branch 'origin/master' into vbox-extpack 2018-08-16 00:40:09 +09:00
zimbatm 1e65420eb3
virtualbox module: allow to pass the package (#44907) 2018-08-11 19:40:00 +01:00
(cdep)illabout 56ad359d93
virtualization: update the virtualbox-host module to use the extension pack if enabled. 2018-08-11 02:48:29 +09:00
xeji 980505dc3b nixos/libvirtd: add option to run qemu as non-root
New option virtualisation.libvirtd.qemuRunAsRoot (default: true).
If false, qemu is run as non-privileged user qemu-libvirtd,
reducing security risk
2018-08-10 13:59:58 +02:00
Tuomas Tynkkynen 96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00
Eelco Dolstra c9ea04b57f EC2 AMIs: 18.03.131792.becbe4dbe16 -> 18.03.132946.1caae7247b8 2018-07-24 21:19:14 +02:00
volth 92b3e8f147 fix build with allowAliases=false 2018-07-23 00:12:23 +00:00
volth 2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth 87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Dave Laing 4d5371f373 nixos/virtualbox: Adds more options to virtualbox-image.nix (#42699)
* nixos/virtualbox: Adds more options to virtualbox-image.nix

Previously you could only set the size of the disk.

This change adds the ability to change the amount of memory
that the image gets, along with the name / derivation name /
file name for the VM.

* Incorporates some review feedback
2018-07-11 19:45:10 +02:00
Florian Klink fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Cole Mickens a44a9fdad6 azure: stop carrying qemu-220 patch 2018-06-12 02:06:03 -07:00
Rob Vermaas 19332e4d52
Merge pull request #41311 from AmineChikhaoui/fix-gce-fetch-ssh
GCE image: properly remove the temporary ssh host keys files/directory
2018-06-04 11:38:07 +02:00
AmineChikhaoui 1398d0c312
avoid redundant rm calls 2018-06-04 10:23:40 +01:00
Sergei Khoma c4cad45082
fix typo
based on https://www.ec2instances.info/
2018-06-03 20:03:34 +03:00
Matthew Justin Bauer 0135f04d77
Merge pull request #40242 from gnidorah/gvt
linux: enable support for iGVT-g VGPU
2018-06-01 23:14:35 -04:00
AmineChikhaoui 95c05343ce
revert 4a86f8c9ab and properly remove
the temporary ssh host keys file/directory.
2018-05-31 12:49:15 +01:00
Rob Vermaas a8ed1fc4ed Update GCE image for 18.03
(cherry picked from commit 8aa385069f)
2018-05-30 19:36:39 +02:00
gnidorah a3e239ac62 nixos/kvmgt: init 2018-05-29 19:29:23 +03:00
Peter Hoeg d5d3184e24 vmware: move from servers to virtualisation where it belongs 2018-05-28 15:24:29 +08:00
Jan Malakhovski 095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Ihor Antonov 08ebd830a5 Fix kernel crash caused by absent root device 2018-05-12 02:55:33 +03:00
aszlig fb9f5e4a03
nixos/testing: Fix output of systemd messages
Regression introduced by d4468bedb5.

No systemd messages are shown anymore during VM test runs, which is not
very helpful if you want to find out about failures.

There is a bit of a conflict between testing and the change that
introduced the regression. While the mentioned commit makes sure that
the primary console is tty0 for virtualisation.graphics = false, our VM
tests need to have the serial console as primary console.

So in order to support both, I added a new virtualisation.qemu.consoles
option, which allows to specify those options using the module system.

The default of this option is to use the changes that were introduced
and in test-instrumentation.nix we use only the serial console the same
way as before.

For test-instrumentation.nix I didn't add a baudrate to the serial
console because I can't find a reason on top of my head why it should
need it. There also wasn't a reason stated when that was introduced in
7499e4a5b9.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @dezgeg, @edolstra
2018-05-10 08:21:20 +02:00
xeji 3d6f752c51
Merge pull request #39099 from teto/qemu_agent
qemu-guest-agent: init module
2018-05-10 01:22:52 +02:00
Florian Klink 7499e4a5b9 modules/virtualisation/qemu-vm: set console baudrate to 115200 2018-05-07 19:23:47 +03:00
Florian Klink d4468bedb5 modules/virtualisation/qemu-vm: always enable serial console
Always enable both tty and serial console, but set preferred console
depending on cfg.graphical.
Even in qemu graphical mode, you can switch to the serial console via
Ctrl+Alt+3.

With that being done, you also don't need to specify
`systemd.services."serial-getty@ttyS0".enable = true;` either as described in
https://nixos.wiki/wiki/Cheatsheet#Building_a_service_as_a_VM_.28for_testing.29,
as systemd automatically spawns a getty on consoles passwd via cmdline.

This also means, vms built by 'nixos-rebuild build-vm' can simply be run
properly in nographic mode by appending `-nographic` to `result/bin/run-*-vm`,
without the need to explicitly add platform-specific QEMU_KERNEL_PARAMS.
2018-05-07 19:23:47 +03:00
Florian Klink 36f4b7f6ba virtualisation/qemu-vm.nix: remove ttys
unused.
2018-05-07 19:23:47 +03:00
Florian Klink 046e374c99 virtualisation/qemu-vm.nix: use lib.optionalString 2018-05-07 19:23:47 +03:00
Rob Vermaas 41512bfdae
Merge pull request #39654 from AmineChikhaoui/issue-38623
GCE: pull the ssh host keys from the metadata service as expected by NixOps.
2018-05-03 17:16:26 +02:00
Florian Klink d3527d947f virtualisation.virtualbox.host: migrate from mkOption to mkEnableOption 2018-05-01 22:47:54 +02:00
Florian Klink 92e559212a virtualisation.virtualbox.host: introduce enableExtensionPack 2018-05-01 22:47:46 +02:00
aszlig f148c5c4a1
nixos/tests: Fix QEMU flags for SCSI disks
The ability to specify "-drive if=scsi" has been removed in QEMU version
2.12 (introduced in 3e3b39f173).

Quote from https://wiki.qemu.org/ChangeLog/2.12#Incompatible_changes:

> The deprecated way of configuring SCSI devices with "-drive if=scsi"
> on x86 has been removed. Use an appropriate SCSI controller together
> "-device scsi-hd" or "-device scsi-cd" and a corresponding "-blockdev"
> parameter instead.

So whenever the diskInterface is "scsi" we use the new way to specify
the drive and fall back to the deprecated way for the time being. The
reason why I'm not using the new way for "virtio" and "ide" as well is
because there is no simple generic way anymore to specify these.

This also turns the type of the virtualisation.qemu.diskInterface option
to be an enum, so the user knows which values are allowed but we can
also make sure the right value is provided to prevent typos.

I've tested this against a few non-disk-related NixOS VM tests but also
the installer.grub1 test (because it uses "ide" as its drive interface),
the installer.simple test (just to be sure it still works with
"virtio") and all the tests in nixos/tests/boot.nix.

In order to be able to run the grub1 test I had to go back to
8b1cf100cd (which is a known commit where
that test still works) and apply the QEMU update and this very commit,
because right now the test is broken.

Apart from the tests here in nixpkgs, I also ran another[1] test in
another repository which uses the "scsi" disk interface as well (in
comparison to most of the installer tests, this one actually failed
prior to this commit).

All of them now succeed.

[1]: 9b5a119972/tests/system/kernel/bfq.nix

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edostra, @grahamc, @dezgeg, @abbradar, @ts468
2018-04-30 03:02:59 +02:00
AmineChikhaoui f514a68969
barf if pulling the ssh host keys fails 2018-04-28 17:07:54 +01:00
AmineChikhaoui 4a86f8c9ab
remove the entire temporary directory 2018-04-28 17:06:25 +01:00
AmineChikhaoui 3b8c7424d1
pull the ssh host keys from the metadata service as expected by NixOps.
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
2018-04-28 16:52:46 +01:00
Tuomas Tynkkynen dda74d9e50 nixos/qemu-vm: Always add a virtio RNG device to the quest
mke2fs has this annoying property that it uses getrandom() to get random
numbers (for whatever purposes) which blocks until the kernel's secure
RNG has sufficient entropy, which it usually doesn't in the early boot
(except if your CPU supports RDRAND) where we may need to create the
root disk.

So let's give the VM a virtio RNG to avoid the boot getting stuck at
mke2fs.
2018-04-28 12:48:06 +03:00
Matthieu Coudron ca0604190e qemu-guest-agent: init module
Allow out of band communication between qemu VMs and the host.
Useful to retrieve IPs of VMs from the host (for instance when libvirt can't analyze
DHCP requests because VMs are configured with static addresses or when
there is connectivity default).
2018-04-27 18:32:15 +09:00
John Ericson ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Jörg Thalheim 862f5b0b34
Merge pull request #35541 from xeji/containers-extraflags
nixos/containers: add extraFlags option
2018-04-21 14:16:49 +01:00
John Ericson 53686e8995
Merge pull request #38485 from obsidiansystems/nixos-nixpkgs-options
nixpkgs module: Clean up platform options
2018-04-19 14:59:58 -04:00
Jean-Baptiste Giraudeau 28e352cff8
azure-agent: add bash to service path.
as is often required by linux extensions.
2018-04-17 16:26:04 +02:00
Jean-Baptiste Giraudeau 1d971b7a9f
azure-agent: add option to control auto mount
of resource disk.
2018-04-17 16:04:04 +02:00
Jörg Thalheim 7663de114a lxd: 2.16 -> 3.0.0 2018-04-14 11:02:24 +01:00
xeji a82aae3084 nixos/containers: add extraFlags option
to pass extra flags to systemd-nspawn
2018-04-12 23:29:20 +02:00
Frederik Rietdijk 595a72589f Merge master into staging 2018-04-08 10:54:17 +02:00
Wout Mertens fc6ab8dfa7
google-compute-image: provide correct MTU 2018-04-08 08:46:42 +02:00
John Ericson c6f7d43678 nixpkgs module: Clean up platform options
- `localSystem` is added, it strictly supercedes system

 - `crossSystem`'s description mentions `localSystem` (and vice versa).

 - No more weird special casing I don't even understand

TEMP
2018-04-06 12:41:44 -04:00
Rob Vermaas b894dd8b82
Update create-gce.sh script. Set default option for GCE images to disable host key replacement by service.
(cherry picked from commit 748d96ffa3)
2018-04-06 10:57:31 +02:00
Frederik Rietdijk a9f37d1c25 Merge master into staging 2018-04-05 19:25:05 +02:00
Rob Vermaas ced3a201e3
gce: needs bigger diskSize
(cherry picked from commit ac3437aa06)
2018-04-05 12:19:05 +02:00
Rob Vermaas 0164c94a51
ec2-amis.nix: add 18.03 images
(cherry picked from commit e5a4fb31bd)
2018-04-05 11:58:53 +02:00
Nikolay Amiantov 220d0decaf qemu-vm service: quote arguments in qemu runner 2018-03-26 14:01:49 +03:00
Jörg Thalheim 86dd3f854b
Merge pull request #35687 from volth/libvirt-4.1.0
libvirt: 3.10.0 -> 4.1.0
2018-03-19 11:42:06 +00:00