From c1fd51f490c418203087239eac1d69b04cf4ec3e Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:45:04 +0200 Subject: nixos/qemu: fix several shellcheck issues - Fix shell quoting issues - Fix unsafe cd in run-machine-vm script --- nixos/lib/qemu-flags.nix | 2 +- nixos/modules/virtualisation/qemu-vm.nix | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-flags.nix index f786745ba32..5f96391d2af 100644 --- a/nixos/lib/qemu-flags.nix +++ b/nixos/lib/qemu-flags.nix @@ -14,7 +14,7 @@ rec { qemuNICFlags = nic: net: machine: [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" - "-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}" + ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' ]; qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index b51c29f83d6..4bd7403ed3c 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -108,7 +108,7 @@ let '' #! ${pkgs.runtimeShell} - NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) + NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}") if ! test -e "$NIX_DISK_IMAGE"; then ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ @@ -121,14 +121,14 @@ let fi # Create a directory for exchanging data with the VM. - mkdir -p $TMPDIR/xchg + mkdir -p "$TMPDIR/xchg" ${if cfg.useBootLoader then '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. - ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1 + ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 - NIX_EFI_VARS=$(readlink -f ''${NIX_EFI_VARS:-${cfg.efiVars}}) + NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") ${if cfg.useEFIBoot then '' # VM needs writable EFI vars @@ -139,7 +139,8 @@ let '' else ""} '' else ""} - cd $TMPDIR + cd "$TMPDIR" || exit 1 + idx=0 ${flip concatMapStrings cfg.emptyDiskImages (size: '' if ! test -e "empty$idx.qcow2"; then @@ -646,7 +647,7 @@ in virtualisation.qemu.drives = mkMerge [ [{ name = "root"; - file = "$NIX_DISK_IMAGE"; + file = ''"$NIX_DISK_IMAGE"''; driveExtraOpts.cache = "writeback"; driveExtraOpts.werror = "report"; }] @@ -655,7 +656,7 @@ in # note [Disk layout with `useBootLoader`]. { name = "boot"; - file = "$TMPDIR/disk.img"; + file = ''"$TMPDIR"/disk.img''; driveExtraOpts.media = "disk"; deviceExtraOpts.bootindex = "1"; } -- cgit 1.4.1 From 65e83389efd983bbfc9b0408c4502d4b48a4b4c6 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:48:52 +0200 Subject: nixos/qemu: fix deprecation warning --- nixos/modules/virtualisation/qemu-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4bd7403ed3c..3802543bdf5 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -126,7 +126,7 @@ let ${if cfg.useBootLoader then '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. - ${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 + ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") -- cgit 1.4.1 From 2af5413cc6cd7d2384854185848765ac1a0e21f9 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:55:53 +0200 Subject: nixos/qemu: set a reasonable msize by default --- nixos/modules/virtualisation/qemu-vm.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 3802543bdf5..447bd29e49a 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -280,11 +280,11 @@ in virtualisation.msize = mkOption { - default = null; - type = types.nullOr types.ints.unsigned; + type = types.ints.positive; + default = 16384; description = '' - msize (maximum packet size) option passed to 9p file systems, in + The msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage. ''; -- cgit 1.4.1 From f1f434c4f777c7c7202965e1c3b82724fdce5787 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 16:58:33 +0200 Subject: nixos/qemu: cleaner formatting of the run-machine-vm script --- nixos/modules/virtualisation/qemu-vm.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 447bd29e49a..255e23204dc 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -75,7 +75,7 @@ let in "-drive ${driveOpts} ${device}"; - drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives); + drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives); # Creates a device name from a 1-based a numerical index, e.g. @@ -123,25 +123,27 @@ let # Create a directory for exchanging data with the VM. mkdir -p "$TMPDIR/xchg" - ${if cfg.useBootLoader then '' + ${lib.optionalString cfg.useBootLoader + '' # Create a writable copy/snapshot of the boot disk. # A writable boot disk can be booted from automatically. ${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1 NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}") - ${if cfg.useEFIBoot then '' + ${lib.optionalString cfg.useEFIBoot + '' # VM needs writable EFI vars if ! test -e "$NIX_EFI_VARS"; then cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1 chmod 0644 "$NIX_EFI_VARS" || exit 1 fi - '' else ""} - '' else ""} + ''} + ''} cd "$TMPDIR" || exit 1 - idx=0 + ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} ${flip concatMapStrings cfg.emptyDiskImages (size: '' if ! test -e "empty$idx.qcow2"; then ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" @@ -160,7 +162,7 @@ let -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ ${drivesCmdLine config.virtualisation.qemu.drives} \ - ${toString config.virtualisation.qemu.options} \ + ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ $QEMU_OPTS \ "$@" ''; @@ -456,7 +458,7 @@ in type = types.listOf types.str; description = '' Networking-related command-line options that should be passed to qemu. - The default is to use userspace networking (slirp). + The default is to use userspace networking (SLiRP). If you override this option, be advised to keep ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) -- cgit 1.4.1 From 30f0faac22b6d8a6c6b308a0aa44ee672f2827eb Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:09:18 +0200 Subject: nixos/qemu: add types to all options --- nixos/lib/build-vms.nix | 2 +- nixos/modules/virtualisation/qemu-vm.nix | 30 +++++++++++++++++++++--------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index f0a58628c68..b009108e43f 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -93,7 +93,7 @@ rec { "${config.networking.hostName}\n")); virtualisation.qemu.options = - forEach interfacesNumbered + flip concatMap interfacesNumbered ({ fst, snd }: qemuNICFlags snd fst m.snd); }; } diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 255e23204dc..503c146dbbd 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -273,10 +273,11 @@ in virtualisation.memorySize = mkOption { + type = types.ints.positive; default = 384; description = '' - Memory size (M) of virtual machine. + The memory size in megabytes of the virtual machine. ''; }; @@ -294,15 +295,17 @@ in virtualisation.diskSize = mkOption { + type = types.nullOr types.ints.positive; default = 512; description = '' - Disk size (M) of virtual machine. + The disk size in megabytes of the virtual machine. ''; }; virtualisation.diskImage = mkOption { + type = types.str; default = "./${config.system.name}.qcow2"; description = '' @@ -314,7 +317,7 @@ in virtualisation.bootDevice = mkOption { - type = types.str; + type = types.path; example = "/dev/vda"; description = '' @@ -324,8 +327,8 @@ in virtualisation.emptyDiskImages = mkOption { + type = types.listOf types.ints.positive; default = []; - type = types.listOf types.int; description = '' Additional disk images to provide to the VM. The value is @@ -336,6 +339,7 @@ in virtualisation.graphics = mkOption { + type = types.bool; default = true; description = '' @@ -347,8 +351,8 @@ in virtualisation.cores = mkOption { + type = types.ints.positive; default = 1; - type = types.int; description = '' Specify the number of cores the guest is permitted to use. @@ -359,6 +363,7 @@ in virtualisation.pathsInNixDB = mkOption { + type = types.listOf types.path; default = []; description = '' @@ -372,6 +377,7 @@ in virtualisation.vlans = mkOption { + type = types.listOf types.ints.unsigned; default = [ 1 ]; example = [ 1 2 ]; description = @@ -389,6 +395,7 @@ in virtualisation.writableStore = mkOption { + type = types.bool; default = true; # FIXME description = '' @@ -400,6 +407,7 @@ in virtualisation.writableStoreUseTmpfs = mkOption { + type = types.bool; default = true; description = '' @@ -410,6 +418,7 @@ in networking.primaryIPAddress = mkOption { + type = types.str; default = ""; internal = true; description = "Primary IP address used in /etc/hosts."; @@ -426,7 +435,7 @@ in options = mkOption { - type = types.listOf types.unspecified; + type = types.listOf types.str; default = []; example = [ "-vga std" ]; description = "Options passed to QEMU."; @@ -475,16 +484,16 @@ in diskInterface = mkOption { + type = types.enum [ "virtio" "scsi" "ide" ]; default = "virtio"; example = "scsi"; - type = types.enum [ "virtio" "scsi" "ide" ]; description = "The interface used for the virtual hard disks."; }; guestAgent.enable = mkOption { - default = true; type = types.bool; + default = true; description = '' Enable the Qemu guest agent. ''; @@ -493,6 +502,7 @@ in virtualisation.useBootLoader = mkOption { + type = types.bool; default = false; description = '' @@ -507,6 +517,7 @@ in virtualisation.useEFIBoot = mkOption { + type = types.bool; default = false; description = '' @@ -518,6 +529,7 @@ in virtualisation.efiVars = mkOption { + type = types.str; default = "./${config.system.name}-efi-vars.fd"; description = '' @@ -528,8 +540,8 @@ in virtualisation.bios = mkOption { - default = null; type = types.nullOr types.package; + default = null; description = '' An alternate BIOS (such as qboot) with which to start the VM. -- cgit 1.4.1 From ec6c604b6ece1e43d98ae9df161980259f08acf1 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:17:15 +0200 Subject: nixos/qemu: make shared directories configurable --- nixos/modules/virtualisation/qemu-vm.nix | 89 +++++++++++++++++++++----------- 1 file changed, 60 insertions(+), 29 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 503c146dbbd..481c4f974cc 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -158,9 +158,10 @@ let -smp ${toString config.virtualisation.cores} \ -device virtio-rng-pci \ ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ - -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ - -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ - -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${concatStringsSep " \\\n " + (mapAttrsToList + (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}") + config.virtualisation.sharedDirectories)} \ ${drivesCmdLine config.virtualisation.qemu.drives} \ ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ $QEMU_OPTS \ @@ -361,6 +362,31 @@ in ''; }; + virtualisation.sharedDirectories = + mkOption { + type = types.attrsOf + (types.submodule { + options.source = mkOption { + type = types.str; + description = "The path of the directory to share, can be a shell variable"; + }; + options.target = mkOption { + type = types.path; + description = "The mount point of the directory inside the virtual machine"; + }; + }); + default = { }; + example = { + my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; }; + }; + description = + '' + An attributes set of directories that will be shared with the + virtual machine using VirtFS (9P filesystem over VirtIO). + The attribute name will be used as the 9P mount tag. + ''; + }; + virtualisation.pathsInNixDB = mkOption { type = types.listOf types.path; @@ -633,6 +659,12 @@ in virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; + virtualisation.sharedDirectories = { + nix-store = { source = "/nix/store"; target = "/nix/store"; }; + xchg = { source = ''"$TMPDIR"/xchg''; target = "/tmp/xchg"; }; + shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; + }; + # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ @@ -687,15 +719,26 @@ in # configuration, where the regular value for the `fileSystems' # attribute should be disregarded for the purpose of building a VM # test image (since those filesystems don't exist in the VM). - fileSystems = mkVMOverride ( - cfg.fileSystems // - { "/".device = cfg.bootDevice; - ${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} = - { device = "store"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; + fileSystems = + let + mkSharedDir = tag: share: + { + name = + if tag == "nix-store" && cfg.writableStore + then "/nix/.ro-store" + else share.target; + value.device = tag; + value.fsType = "9p"; + value.neededForBoot = true; + value.options = + [ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ] + ++ lib.optional (tag == "nix-store") "cache=loose"; + }; + in + mkVMOverride (cfg.fileSystems // + { + "/".device = cfg.bootDevice; + "/tmp" = mkIf config.boot.tmpOnTmpfs { device = "tmpfs"; fsType = "tmpfs"; @@ -703,32 +746,20 @@ in # Sync with systemd's tmp.mount; options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; }; - "/tmp/xchg" = - { device = "xchg"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - "/tmp/shared" = - { device = "shared"; - fsType = "9p"; - options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}"; - neededForBoot = true; - }; - } // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs) - { "/nix/.rw-store" = + + "/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) { fsType = "tmpfs"; options = [ "mode=0755" ]; neededForBoot = true; }; - } // optionalAttrs cfg.useBootLoader - { "/boot" = + + "/boot" = mkIf cfg.useBootLoader # see note [Disk layout with `useBootLoader`] { device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` fsType = "vfat"; noCheck = true; # fsck fails on a r/o filesystem }; - }); + } // lib.mapAttrs' mkSharedDir cfg.sharedDirectories); swapDevices = mkVMOverride [ ]; boot.initrd.luks.devices = mkVMOverride {}; -- cgit 1.4.1 From 44d95b773b0998d5db577c7a856b4d8af2aeec19 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:18:21 +0200 Subject: nixos/qemu: make display resolution configurable --- nixos/modules/virtualisation/qemu-vm.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 481c4f974cc..bf65c7f3d89 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -350,6 +350,16 @@ in ''; }; + virtualisation.resolution = + mkOption { + type = options.services.xserver.resolutions.type.nestedTypes.elemType; + default = { x = 1024; y = 768; }; + description = + '' + The resolution of the virtual machine display. + ''; + }; + virtualisation.cores = mkOption { type = types.ints.positive; @@ -601,6 +611,7 @@ in then driveDeviceName 2 # second disk else cfg.bootDevice ); + boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}"; boot.initrd.extraUtilsCommands = '' @@ -780,7 +791,7 @@ in # video driver the host uses. services.xserver.videoDrivers = mkVMOverride [ "modesetting" ]; services.xserver.defaultDepth = mkVMOverride 0; - services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ]; + services.xserver.resolutions = mkVMOverride [ cfg.resolution ]; services.xserver.monitorSection = '' # Set a higher refresh rate so that resolutions > 800x600 work. -- cgit 1.4.1 From b8bfc81d5b2d88b734a311f712fc0ba2b267f9e0 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:24:29 +0200 Subject: nixos/qemu: add option to forward ports --- nixos/modules/virtualisation/qemu-vm.nix | 115 +++++++++++++++++++++++++++++-- 1 file changed, 110 insertions(+), 5 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index bf65c7f3d89..9a26e328e4d 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -411,6 +411,75 @@ in ''; }; + virtualisation.forwardPorts = mkOption { + type = types.listOf + (types.submodule { + options.from = mkOption { + type = types.enum [ "host" "guest" ]; + default = "host"; + description = + '' + Controls the direction in which the ports are mapped: + + - "host" means traffic from the host ports + is forwarded to the given guest port. + + - "guest" means traffic from the guest ports + is forwarded to the given host port. + ''; + }; + options.proto = mkOption { + type = types.enum [ "tcp" "udp" ]; + default = "tcp"; + description = "The protocol to forward."; + }; + options.host.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address of the host."; + }; + options.host.port = mkOption { + type = types.port; + description = "The host port to be mapped."; + }; + options.guest.address = mkOption { + type = types.str; + default = ""; + description = "The IPv4 address on the guest VLAN."; + }; + options.guest.port = mkOption { + type = types.port; + description = "The guest port to be mapped."; + }; + }); + default = []; + example = lib.literalExample + '' + [ # forward local port 2222 -> 22, to ssh into the VM + { from = "host"; host.port = 2222; guest.port = 22; } + + # forward local port 80 -> 10.0.2.10:80 in the VLAN + { from = "guest"; + guest.address = "10.0.2.10"; guest.port = 80; + host.address = "127.0.0.1"; host.port = 80; + } + ] + ''; + description = + '' + When using the SLiRP user networking (default), this option allows to + forward ports to/from the host/guest. + + + If the NixOS firewall on the virtual machine is enabled, you also + have to open the guest ports to enable the traffic between host and + guest. + + + Currently QEMU supports only IPv4 forwarding. + ''; + }; + virtualisation.vlans = mkOption { type = types.listOf types.ints.unsigned; @@ -480,7 +549,7 @@ in consoles = mkOption { type = types.listOf types.str; default = let - consoles = [ "${qemuSerialDevice},115200n8" "tty0" ]; + consoles = [ "${qemu-flags.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; description = '' @@ -496,17 +565,18 @@ in networkingOptions = mkOption { - default = [ + type = types.listOf types.str; + default = [ ]; + example = [ "-net nic,netdev=user.0,model=virtio" - "-netdev user,id=user.0\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" + "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" ]; - type = types.listOf types.str; description = '' Networking-related command-line options that should be passed to qemu. The default is to use userspace networking (SLiRP). If you override this option, be advised to keep - ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default) + ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example) to keep the default runtime behaviour. ''; }; @@ -590,6 +660,25 @@ in config = { + assertions = + lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule: + [ + { assertion = rule.from == "guest" -> rule.proto == "tcp"; + message = + '' + Invalid virtualisation.forwardPorts..proto: + Guest forwarding supports only TCP connections. + ''; + } + { assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address; + message = + '' + Invalid virtualisation.forwardPorts..guest.address: + The address must be in the default VLAN (10.0.2.0/24). + ''; + } + ])); + # Note [Disk layout with `useBootLoader`] # # If `useBootLoader = true`, we configure 2 drives: @@ -676,6 +765,22 @@ in shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; }; }; + virtualisation.qemu.networkingOptions = + let + forwardingOptions = flip concatMapStrings cfg.forwardPorts + ({ proto, from, host, guest }: + if from == "host" + then "hostfwd=${proto}:${host.address}:${toString host.port}-" + + "${guest.address}:${toString guest.port}," + else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" + + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," + ); + in + [ + "-net nic,netdev=user.0,model=virtio" + "-netdev user,id=user.0,${forwardingOptions}\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" + ]; + # FIXME: Consolidate this one day. virtualisation.qemu.options = mkMerge [ (mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [ -- cgit 1.4.1 From b29c2f97c37f7cb4a1b3411ff9888a49873597d2 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Jun 2021 17:46:46 +0200 Subject: nixos/lib/qemu-flags: rename to qemu-common The current name is misleading: it doesn't contain cli arguments, but several constants and utility functions related to qemu. This commit also removes the use of `with import ...` for clarity. --- nixos/lib/build-vms.nix | 10 ++++---- nixos/lib/qemu-common.nix | 32 ++++++++++++++++++++++++++ nixos/lib/qemu-flags.nix | 32 -------------------------- nixos/lib/testing-python.nix | 3 +-- nixos/modules/testing/test-instrumentation.nix | 17 ++++++++------ nixos/modules/virtualisation/qemu-vm.nix | 6 ++--- nixos/tests/networking.nix | 4 ++-- pkgs/build-support/vm/default.nix | 8 +++---- 8 files changed, 57 insertions(+), 55 deletions(-) create mode 100644 nixos/lib/qemu-common.nix delete mode 100644 nixos/lib/qemu-flags.nix diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index b009108e43f..0f0bdb4a86c 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -4,15 +4,14 @@ , # Ignored config ? null , # Nixpkgs, for qemu, lib and more - pkgs + pkgs, lib , # !!! See comment about args in lib/modules.nix specialArgs ? {} , # NixOS configuration to add to the VMs extraConfigurations ? [] }: -with pkgs.lib; -with import ../lib/qemu-flags.nix { inherit pkgs; }; +with lib; rec { @@ -93,8 +92,9 @@ rec { "${config.networking.hostName}\n")); virtualisation.qemu.options = - flip concatMap interfacesNumbered - ({ fst, snd }: qemuNICFlags snd fst m.snd); + let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; }; + in flip concatMap interfacesNumbered + ({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd); }; } ) diff --git a/nixos/lib/qemu-common.nix b/nixos/lib/qemu-common.nix new file mode 100644 index 00000000000..84f9060acd6 --- /dev/null +++ b/nixos/lib/qemu-common.nix @@ -0,0 +1,32 @@ +# QEMU-related utilities shared between various Nix expressions. +{ lib, pkgs }: + +let + zeroPad = n: + lib.optionalString (n < 16) "0" + + (if n > 255 + then throw "Can't have more than 255 nets or nodes!" + else lib.toHexString n); +in + +rec { + qemuNicMac = net: machine: "52:54:00:12:${zeroPad net}:${zeroPad machine}"; + + qemuNICFlags = nic: net: machine: + [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" + ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' + ]; + + qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" + else if (with pkgs.stdenv.hostPlatform; isAarch32 || isAarch64 || isPower) then "ttyAMA0" + else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; + + qemuBinary = qemuPkg: { + x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu max"; + armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; + aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; + powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; + powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; + x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu max"; + }.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm"; +} diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-flags.nix deleted file mode 100644 index 5f96391d2af..00000000000 --- a/nixos/lib/qemu-flags.nix +++ /dev/null @@ -1,32 +0,0 @@ -# QEMU flags shared between various Nix expressions. -{ pkgs }: - -let - zeroPad = n: - pkgs.lib.optionalString (n < 16) "0" + - (if n > 255 - then throw "Can't have more than 255 nets or nodes!" - else pkgs.lib.toHexString n); -in - -rec { - qemuNicMac = net: machine: "52:54:00:12:${zeroPad net}:${zeroPad machine}"; - - qemuNICFlags = nic: net: machine: - [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}" - ''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"'' - ]; - - qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" - else if (with pkgs.stdenv.hostPlatform; isAarch32 || isAarch64 || isPower) then "ttyAMA0" - else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; - - qemuBinary = qemuPkg: { - x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu max"; - armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; - aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; - powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; - powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; - x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu max"; - }.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm"; -} diff --git a/nixos/lib/testing-python.nix b/nixos/lib/testing-python.nix index 7c8c64211f1..a1c3624d149 100644 --- a/nixos/lib/testing-python.nix +++ b/nixos/lib/testing-python.nix @@ -217,7 +217,7 @@ rec { nodes = qemu_pkg: let build-vms = import ./build-vms.nix { - inherit system pkgs minimal specialArgs; + inherit system lib pkgs minimal specialArgs; extraConfigurations = extraConfigurations ++ [( { virtualisation.qemu.package = qemu_pkg; @@ -257,7 +257,6 @@ rec { inherit test driver driverInteractive nodes; }; - abortForFunction = functionName: abort ''The ${functionName} function was removed because it is not an essential part of the NixOS testing infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index be5fa88b8ad..a7011be7e04 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -4,7 +4,10 @@ { options, config, lib, pkgs, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; + +let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; +in { @@ -12,8 +15,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; systemd.services.backdoor = { wantedBy = [ "multi-user.target" ]; - requires = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; - after = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ]; + requires = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; + after = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ]; script = '' export USER=root @@ -30,7 +33,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; cd /tmp exec < /dev/hvc0 > /dev/hvc0 - while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done + while ! exec 2> /dev/${qemu-common.qemuSerialDevice}; do sleep 0.1; done echo "connecting to host..." >&2 stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion echo @@ -42,7 +45,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Prevent agetty from being instantiated on the serial device, since it # interferes with the backdoor (writes to it will randomly fail # with EIO). Likewise for hvc0. - systemd.services."serial-getty@${qemuSerialDevice}".enable = false; + systemd.services."serial-getty@${qemu-common.qemuSerialDevice}".enable = false; systemd.services."serial-getty@hvc0".enable = false; # Only set these settings when the options exist. Some tests (e.g. those @@ -57,7 +60,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # we avoid defining consoles if not possible. # TODO: refactor such that test-instrumentation can import qemu-vm # or declare virtualisation.qemu.console option in a module that's always imported - consoles = [ qemuSerialDevice ]; + consoles = [ qemu-common.qemuSerialDevice ]; package = lib.mkDefault pkgs.qemu_test; }; }; @@ -88,7 +91,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; # Panic if an error occurs in stage 1 (rather than waiting for # user intervention). boot.kernelParams = - [ "console=${qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; + [ "console=${qemu-common.qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ]; # `xwininfo' is used by the test driver to query open windows. environment.systemPackages = [ pkgs.xorg.xwininfo ]; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 9a26e328e4d..f7b6b4eac39 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -10,10 +10,10 @@ { config, lib, pkgs, options, ... }: with lib; -with import ../../lib/qemu-flags.nix { inherit pkgs; }; let + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; cfg = config.virtualisation; @@ -152,7 +152,7 @@ let '')} # Start QEMU. - exec ${qemuBinary qemu} \ + exec ${qemu-common.qemuBinary qemu} \ -name ${config.system.name} \ -m ${toString config.virtualisation.memorySize} \ -smp ${toString config.virtualisation.cores} \ @@ -549,7 +549,7 @@ in consoles = mkOption { type = types.listOf types.str; default = let - consoles = [ "${qemu-flags.qemuSerialDevice},115200n8" "tty0" ]; + consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; description = '' diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 22f7ca5a9b8..8b947ddf0cf 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -8,7 +8,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let - qemu-flags = import ../lib/qemu-flags.nix { inherit pkgs; }; + qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; router = { config, pkgs, lib, ... }: with pkgs.lib; @@ -42,7 +42,7 @@ let machines = flip map vlanIfs (vlan: { hostName = "client${toString vlan}"; - ethernetAddress = qemu-flags.qemuNicMac vlan 1; + ethernetAddress = qemu-common.qemuNicMac vlan 1; ipAddress = "192.168.${toString vlan}.2"; } ); diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 3a52d756571..350f8780b52 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -9,9 +9,9 @@ }: with pkgs; -with import ../../../nixos/lib/qemu-flags.nix { inherit pkgs; }; rec { + qemu-common = import ../../../nixos/lib/qemu-common.nix { inherit lib pkgs; }; qemu = pkgs.qemu_kvm; @@ -192,13 +192,13 @@ rec { export PATH=/bin:/usr/bin:${coreutils}/bin echo "Starting interactive shell..." echo "(To run the original builder: \$origBuilder \$origArgs)" - exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemuSerialDevice} &> /dev/${qemuSerialDevice} + exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemu-common.qemuSerialDevice} &> /dev/${qemu-common.qemuSerialDevice} fi ''; qemuCommandLinux = '' - ${qemuBinary qemu} \ + ${qemu-common.qemuBinary qemu} \ -nographic -no-reboot \ -device virtio-rng-pci \ -virtfs local,path=${storeDir},security_model=none,mount_tag=store \ @@ -206,7 +206,7 @@ rec { ''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \ -kernel ${kernel}/${img} \ -initrd ${initrd}/initrd \ - -append "console=${qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \ + -append "console=${qemu-common.qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \ $QEMU_OPTS ''; -- cgit 1.4.1 From e4e5d4d8995a44514f5a279984f52259790886b7 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 15 Sep 2021 02:20:55 +0200 Subject: nixos/documentation: always show qemu-vm options --- nixos/modules/misc/documentation.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index 1d23b9b7244..ec6b2ad3b88 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -6,7 +6,11 @@ let cfg = config.documentation; - manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); + manualModules = + baseModules + # Modules for which to show options even when not imported + ++ [ ../virtualisation/qemu-vm.nix ] + ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); /* For the purpose of generating docs, evaluate options with each derivation in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". -- cgit 1.4.1 From bd3cb03c6f7993050fe21b787e6f6a8595204be2 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 15 Sep 2021 02:21:53 +0200 Subject: nixos/docs: document new qemu-vm features --- .../from_md/release-notes/rl-2111.section.xml | 34 ++++++++++++++++++++++ nixos/doc/manual/release-notes/rl-2111.section.md | 8 +++++ 2 files changed, 42 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 165c83148e6..19f852a6e37 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1020,6 +1020,40 @@ Superuser created successfully. linuxPackages_latest) remain untouched. + + + In NixOS virtual machines (QEMU), the + virtualisation module has been updated with + new options to configure: + + + + + IPv4 port forwarding + (virtualisation.forwardPorts), + + + + + shared host directories + (virtualisation.sharedDirectories), + + + + + screen resolution + (virtualisation.resolution). + + + + + In addition, the default + msize + parameter in 9P filesystems (including /nix/store and all + shared directories) has been increased to 16K for improved + performance. + + The setting diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 8e7bdbb8744..5661d8cab31 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -310,9 +310,17 @@ To be able to access the web UI this port needs to be opened in the firewall. ## Other Notable Changes {#sec-release-21.11-notable-changes} + - The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set. In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched. +- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure: + - IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)), + - shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)), + - screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)). + + In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance. + - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs. -- cgit 1.4.1