summary refs log tree commit diff
path: root/nixos/modules/virtualisation
diff options
context:
space:
mode:
author(cdep)illabout <cdep.illabout@gmail.com>2018-08-16 00:40:09 +0900
committer(cdep)illabout <cdep.illabout@gmail.com>2018-08-16 00:40:09 +0900
commite04e92d38b944dd5729ed023f9f5e131acf0e95a (patch)
tree1ab8445be47e294d02184c80820a2791d54ccf02 /nixos/modules/virtualisation
parent2ae9907cc495e1f900ae76e5e42bfbffb91766d6 (diff)
parent44a4370b1f3aa2b1b2416d8c09b8df6900f5c449 (diff)
downloadnixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar.gz
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar.bz2
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar.lz
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar.xz
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.tar.zst
nixpkgs-e04e92d38b944dd5729ed023f9f5e131acf0e95a.zip
Merge remote-tracking branch 'origin/master' into vbox-extpack
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r--nixos/modules/virtualisation/libvirtd.nix24


-rw-r--r--nixos/modules/virtualisation/virtualbox-host.nix11


2 files changed, 34 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
index 3d002bc2232..3e38662f5b0 100644
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -17,6 +17,10 @@ let
     ${optionalString cfg.qemuOvmf ''
       nvram = ["/run/libvirt/nix-ovmf/OVMF_CODE.fd:/run/libvirt/nix-ovmf/OVMF_VARS.fd"]
     ''}
+    ${optionalString (!cfg.qemuRunAsRoot) ''
+      user = "qemu-libvirtd"
+      group = "qemu-libvirtd"
+    ''}
     ${cfg.qemuVerbatimConfig}
   '';
 
@@ -56,6 +60,18 @@ in {
       '';
     };
 
+    virtualisation.libvirtd.qemuRunAsRoot = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        If true,  libvirtd runs qemu as root.
+        If false, libvirtd runs qemu as unprivileged user qemu-libvirtd.
+        Changing this option to false may cause file permission issues
+        for existing guests. To fix these, manually change ownership
+        of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
+      '';
+    };
+
     virtualisation.libvirtd.qemuVerbatimConfig = mkOption {
       type = types.lines;
       default = ''
@@ -110,6 +126,14 @@ in {
 
     users.groups.libvirtd.gid = config.ids.gids.libvirtd;
 
+    # libvirtd runs qemu as this user and group by default
+    users.extraGroups.qemu-libvirtd.gid = config.ids.gids.qemu-libvirtd;
+    users.extraUsers.qemu-libvirtd = {
+      uid = config.ids.uids.qemu-libvirtd;
+      isNormalUser = false;
+      group = "qemu-libvirtd";
+    };
+
     systemd.packages = [ pkgs.libvirt ];
 
     systemd.services.libvirtd = {
diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix
index af0a27b0ad8..60779579402 100644
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@@ -5,7 +5,7 @@ with lib;
 let
   cfg = config.virtualisation.virtualbox.host;
 
-  virtualbox = pkgs.virtualbox.override {
+  virtualbox = cfg.package.override {
     inherit (cfg) enableHardening headless;
     extensionPack = if cfg.enableExtensionPack then pkgs.virtualboxExtpack else null;
   };
@@ -40,6 +40,15 @@ in
       '';
     };
 
+    package = mkOption {
+      type = types.package;
+      default = pkgs.virtualbox;
+      defaultText = "pkgs.virtualbox";
+      description = ''
+        Which VirtualBox package to use.
+      '';
+    };
+
     addNetworkInterface = mkOption {
       type = types.bool;
       default = true;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-31 10:49:29 +0000