kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

[run-vm] allow sharing of /var/lib
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m3s
Details

Browse Source 
sharing /var somehow doesnt work. for example nginx fails because of
lacking permissions to access /var/log/nginx. this also happens when
run-vm is started as root. thats why only /var/lib is shared which still
allows application persistency between tests
This commit is contained in:
kalipso
2025-01-20 12:10:31 +01:00
parent 4d477ce648
commit 7fee35d3d7
1 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
outputs.nix
View File

@@ -20,13 +20,19 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
mem = pkgs.lib.mkForce 4096; mem = pkgs.lib.mkForce 4096;
hypervisor = pkgs.lib.mkForce "qemu"; hypervisor = pkgs.lib.mkForce "qemu";
socket = pkgs.lib.mkForce null; socket = pkgs.lib.mkForce null;
shares = pkgs.lib.mkForce [ shares = pkgs.lib.mkForce ([
{ {
tag = "ro-store"; tag = "ro-store";
source = "/nix/store"; source = "/nix/store";
mountPoint = "/nix/.ro-store"; mountPoint = "/nix/.ro-store";
} }
]; ] ++ pkgs.lib.optionals (options.varPath != "") [
{
source = "${options.varPath}";
mountPoint = "/var/lib";
tag = "varlib";
}
]);
interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{ interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
type = "user"; type = "user";
id = "eth0"; id = "eth0";
@@ -34,9 +40,16 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
}]); }]);
}; };
fileSystems = {
"/".fsType = pkgs.lib.mkForce "tmpfs";
"/var/lib" = pkgs.lib.mkIf (options.varPath != "") {
depends = [ "/var" ];
};
};
boot.isContainer = pkgs.lib.mkForce false; boot.isContainer = pkgs.lib.mkForce false;
services.timesyncd.enable = false;
users.users.root.password = ""; users.users.root.password = "";
fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
services.getty.helpLine = '' services.getty.helpLine = ''
Log in as "root" with an empty password. Log in as "root" with an empty password.
Use "reboot" to shut qemu down. Use "reboot" to shut qemu down.
@@ -69,9 +82,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
}]; }];
}; };
buildVM = host: networking: sopsDummy: disableDisko: (self.nixosConfigurations.${host}.extendModules { buildVM = host: networking: sopsDummy: disableDisko: varPath: (self.nixosConfigurations.${host}.extendModules {
modules = [ modules = [
(vmMicroVMOverwrites { withNetworking = networking; }) (vmMicroVMOverwrites { withNetworking = networking; varPath = "${varPath}"; })
(if sopsDummy then (vmSopsOverwrites host) else {}) (if sopsDummy then (vmSopsOverwrites host) else {})
(if disableDisko then vmDiskoOverwrites else {}) (if disableDisko then vmDiskoOverwrites else {})
] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [ ] ++ pkgs.lib.optionals (! self.nixosConfigurations.${host}.config ? microvm) [
@@ -138,8 +151,9 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
echo "Usage: run-vm <hostname> [--networking] [--dummy-secrets] [--no-disko]" echo "Usage: run-vm <hostname> [--networking] [--dummy-secrets] [--no-disko]"
echo "ATTENTION: This script must be run from the flakes root directory" echo "ATTENTION: This script must be run from the flakes root directory"
echo "--networking setup interfaces. requires root and hostbridge enabled on the host" echo "--networking setup interfaces. requires root and hostbridge enabled on the host"
echo "--dummy-secrets deploy dummy sops secrets" echo "--dummy-secrets run vm with dummy sops secrets"
echo "--no-disko disable disko and initrd secrets. needed for actual hosts like fanny" echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
echo "--varlib path to directory that should be shared as /var/lib. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
exit 1 exit 1
} }
@@ -154,6 +168,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
NETWORK=false NETWORK=false
DUMMY_SECRETS=false DUMMY_SECRETS=false
NO_DISKO=false NO_DISKO=false
VAR_PATH=""
# check argws # check argws
shift shift
@@ -162,6 +177,15 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
--networking) NETWORK=true ;; --networking) NETWORK=true ;;
--dummy-secrets) DUMMY_SECRETS=true ;; --dummy-secrets) DUMMY_SECRETS=true ;;
--no-disko) NO_DISKO=true ;; --no-disko) NO_DISKO=true ;;
--varlib)
if [[ -n "$2" && ! "$2" =~ ^- ]]; then
VAR_PATH="$2"
shift
else
echo "Error: --var requires a non-empty string argument."
usage
fi
;;
*) echo "Unknown argument: $1"; usage ;; *) echo "Unknown argument: $1"; usage ;;
esac esac
shift shift
@@ -170,8 +194,11 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
echo "enable networking: $NETWORK" echo "enable networking: $NETWORK"
echo "deploy dummy secrets: $DUMMY_SECRETS" echo "deploy dummy secrets: $DUMMY_SECRETS"
echo "disable disko and initrd secrets: $NO_DISKO" echo "disable disko and initrd secrets: $NO_DISKO"
if [ -n "$VAR_PATH" ]; then
echo "sharing var directory: $VAR_PATH"
fi
${pkgs.nix}/bin/nix run --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO)" ${pkgs.nix}/bin/nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\")"
''; '';
}; };
@@ -185,7 +212,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
run-vm = { run-vm = {
type = "app"; type = "app";
program = self.packages.${system}.run-vm; program = "${self.packages.${system}.run-vm}/bin/run-vm";
}; };
}; };