diff --git a/outputs.nix b/outputs.nix index 4e20afa..a168398 100644 --- a/outputs.nix +++ b/outputs.nix @@ -20,13 +20,19 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems mem = pkgs.lib.mkForce 4096; hypervisor = pkgs.lib.mkForce "qemu"; socket = pkgs.lib.mkForce null; - shares = pkgs.lib.mkForce [ + shares = pkgs.lib.mkForce ([ { tag = "ro-store"; source = "/nix/store"; mountPoint = "/nix/.ro-store"; } - ]; + ] ++ pkgs.lib.optionals (options.varPath != "") [ + { + source = "${options.varPath}"; + mountPoint = "/var/lib"; + tag = "varlib"; + } + ]); interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{ type = "user"; id = "eth0"; @@ -34,9 +40,16 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems }]); }; + fileSystems = { + "/".fsType = pkgs.lib.mkForce "tmpfs"; + "/var/lib" = pkgs.lib.mkIf (options.varPath != "") { + depends = [ "/var" ]; + }; + }; + boot.isContainer = pkgs.lib.mkForce false; + services.timesyncd.enable = false; users.users.root.password = ""; - fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs"; services.getty.helpLine = '' Log in as "root" with an empty password. Use "reboot" to shut qemu down. @@ -69,9 +82,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems }]; }; - buildVM = host: networking: sopsDummy: disableDisko: (self.nixosConfigurations.${host}.extendModules { + buildVM = host: networking: sopsDummy: disableDisko: varPath: (self.nixosConfigurations.${host}.extendModules { modules = [ - (vmMicroVMOverwrites { withNetworking = networking; }) + (vmMicroVMOverwrites { withNetworking = networking; varPath = "${varPath}"; }) (if sopsDummy then (vmSopsOverwrites host) else {}) (if disableDisko then vmDiskoOverwrites else {}) ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [ @@ -138,8 +151,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems echo "Usage: run-vm [--networking] [--dummy-secrets] [--no-disko]" echo "ATTENTION: This script must be run from the flakes root directory" echo "--networking setup interfaces. requires root and hostbridge enabled on the host" - echo "--dummy-secrets deploy dummy sops secrets" - echo "--no-disko disable disko and initrd secrets. needed for actual hosts like fanny" + echo "--dummy-secrets run vm with dummy sops secrets" + echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny" + echo "--varlib path to directory that should be shared as /var/lib. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" exit 1 } @@ -154,6 +168,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems NETWORK=false DUMMY_SECRETS=false NO_DISKO=false + VAR_PATH="" # check argws shift @@ -162,6 +177,15 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems --networking) NETWORK=true ;; --dummy-secrets) DUMMY_SECRETS=true ;; --no-disko) NO_DISKO=true ;; + --varlib) + if [[ -n "$2" && ! "$2" =~ ^- ]]; then + VAR_PATH="$2" + shift + else + echo "Error: --var requires a non-empty string argument." + usage + fi + ;; *) echo "Unknown argument: $1"; usage ;; esac shift @@ -170,8 +194,11 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems echo "enable networking: $NETWORK" echo "deploy dummy secrets: $DUMMY_SECRETS" echo "disable disko and initrd secrets: $NO_DISKO" + if [ -n "$VAR_PATH" ]; then + echo "sharing var directory: $VAR_PATH" + fi - ${pkgs.nix}/bin/nix run --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO)" + ${pkgs.nix}/bin/nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\")" ''; }; @@ -185,7 +212,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems run-vm = { type = "app"; - program = self.packages.${system}.run-vm; + program = "${self.packages.${system}.run-vm}/bin/run-vm"; }; };