Merge master into staging-next
This commit is contained in:
commit
d89952163a
@ -1078,6 +1078,40 @@ Superuser created successfully.
|
|||||||
<literal>linuxPackages_latest</literal>) remain untouched.
|
<literal>linuxPackages_latest</literal>) remain untouched.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
In NixOS virtual machines (QEMU), the
|
||||||
|
<literal>virtualisation</literal> module has been updated with
|
||||||
|
new options to configure:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
IPv4 port forwarding
|
||||||
|
(<link xlink:href="options.html#opt-virtualisation.forwardPorts"><literal>virtualisation.forwardPorts</literal></link>),
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
shared host directories
|
||||||
|
(<link xlink:href="options.html#opt-virtualisation.sharedDirectories"><literal>virtualisation.sharedDirectories</literal></link>),
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
screen resolution
|
||||||
|
(<link xlink:href="options.html#opt-virtualisation.resolution"><literal>virtualisation.resolution</literal></link>).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<para>
|
||||||
|
In addition, the default
|
||||||
|
<link xlink:href="options.html#opt-virtualisation.msize"><literal>msize</literal></link>
|
||||||
|
parameter in 9P filesystems (including /nix/store and all
|
||||||
|
shared directories) has been increased to 16K for improved
|
||||||
|
performance.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The setting
|
The setting
|
||||||
|
@ -333,9 +333,17 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||||||
|
|
||||||
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
||||||
|
|
||||||
|
|
||||||
- The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set.
|
- The linux kernel package infrastructure was moved out of `all-packages.nix`, and restructured. Linux related functions and attributes now live under the `pkgs.linuxKernel` attribute set.
|
||||||
In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched.
|
In particular the versioned `linuxPackages_*` package sets (such as `linuxPackages_5_4`) and kernels from `pkgs` were moved there and now live under `pkgs.linuxKernel.packages.*`. The unversioned ones (such as `linuxPackages_latest`) remain untouched.
|
||||||
|
|
||||||
|
- In NixOS virtual machines (QEMU), the `virtualisation` module has been updated with new options to configure:
|
||||||
|
- IPv4 port forwarding ([`virtualisation.forwardPorts`](options.html#opt-virtualisation.forwardPorts)),
|
||||||
|
- shared host directories ([`virtualisation.sharedDirectories`](options.html#opt-virtualisation.sharedDirectories)),
|
||||||
|
- screen resolution ([`virtualisation.resolution`](options.html#opt-virtualisation.resolution)).
|
||||||
|
|
||||||
|
In addition, the default [`msize`](options.html#opt-virtualisation.msize) parameter in 9P filesystems (including /nix/store and all shared directories) has been increased to 16K for improved performance.
|
||||||
|
|
||||||
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
||||||
|
|
||||||
However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs.
|
However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs.
|
||||||
|
@ -4,15 +4,14 @@
|
|||||||
, # Ignored
|
, # Ignored
|
||||||
config ? null
|
config ? null
|
||||||
, # Nixpkgs, for qemu, lib and more
|
, # Nixpkgs, for qemu, lib and more
|
||||||
pkgs
|
pkgs, lib
|
||||||
, # !!! See comment about args in lib/modules.nix
|
, # !!! See comment about args in lib/modules.nix
|
||||||
specialArgs ? {}
|
specialArgs ? {}
|
||||||
, # NixOS configuration to add to the VMs
|
, # NixOS configuration to add to the VMs
|
||||||
extraConfigurations ? []
|
extraConfigurations ? []
|
||||||
}:
|
}:
|
||||||
|
|
||||||
with pkgs.lib;
|
with lib;
|
||||||
with import ../lib/qemu-flags.nix { inherit pkgs; };
|
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
|
|
||||||
@ -93,8 +92,9 @@ rec {
|
|||||||
"${config.networking.hostName}\n"));
|
"${config.networking.hostName}\n"));
|
||||||
|
|
||||||
virtualisation.qemu.options =
|
virtualisation.qemu.options =
|
||||||
forEach interfacesNumbered
|
let qemu-common = import ../lib/qemu-common.nix { inherit lib pkgs; };
|
||||||
({ fst, snd }: qemuNICFlags snd fst m.snd);
|
in flip concatMap interfacesNumbered
|
||||||
|
({ fst, snd }: qemu-common.qemuNICFlags snd fst m.snd);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
# QEMU flags shared between various Nix expressions.
|
# QEMU-related utilities shared between various Nix expressions.
|
||||||
{ pkgs }:
|
{ lib, pkgs }:
|
||||||
|
|
||||||
let
|
let
|
||||||
zeroPad = n:
|
zeroPad = n:
|
||||||
pkgs.lib.optionalString (n < 16) "0" +
|
lib.optionalString (n < 16) "0" +
|
||||||
(if n > 255
|
(if n > 255
|
||||||
then throw "Can't have more than 255 nets or nodes!"
|
then throw "Can't have more than 255 nets or nodes!"
|
||||||
else pkgs.lib.toHexString n);
|
else lib.toHexString n);
|
||||||
in
|
in
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
@ -14,7 +14,7 @@ rec {
|
|||||||
|
|
||||||
qemuNICFlags = nic: net: machine:
|
qemuNICFlags = nic: net: machine:
|
||||||
[ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}"
|
[ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}"
|
||||||
"-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}"
|
''-netdev vde,id=vlan${toString nic},sock="$QEMU_VDE_SOCKET_${toString net}"''
|
||||||
];
|
];
|
||||||
|
|
||||||
qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0"
|
qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0"
|
@ -217,7 +217,7 @@ rec {
|
|||||||
nodes = qemu_pkg:
|
nodes = qemu_pkg:
|
||||||
let
|
let
|
||||||
build-vms = import ./build-vms.nix {
|
build-vms = import ./build-vms.nix {
|
||||||
inherit system pkgs minimal specialArgs;
|
inherit system lib pkgs minimal specialArgs;
|
||||||
extraConfigurations = extraConfigurations ++ [(
|
extraConfigurations = extraConfigurations ++ [(
|
||||||
{
|
{
|
||||||
virtualisation.qemu.package = qemu_pkg;
|
virtualisation.qemu.package = qemu_pkg;
|
||||||
@ -257,7 +257,6 @@ rec {
|
|||||||
inherit test driver driverInteractive nodes;
|
inherit test driver driverInteractive nodes;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
abortForFunction = functionName: abort ''The ${functionName} function was
|
abortForFunction = functionName: abort ''The ${functionName} function was
|
||||||
removed because it is not an essential part of the NixOS testing
|
removed because it is not an essential part of the NixOS testing
|
||||||
infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated
|
infrastructure. It had no usage in NixOS or Nixpkgs and it had no designated
|
||||||
|
@ -6,7 +6,11 @@ let
|
|||||||
|
|
||||||
cfg = config.documentation;
|
cfg = config.documentation;
|
||||||
|
|
||||||
manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules);
|
manualModules =
|
||||||
|
baseModules
|
||||||
|
# Modules for which to show options even when not imported
|
||||||
|
++ [ ../virtualisation/qemu-vm.nix ]
|
||||||
|
++ optionals cfg.nixos.includeAllModules (extraModules ++ modules);
|
||||||
|
|
||||||
/* For the purpose of generating docs, evaluate options with each derivation
|
/* For the purpose of generating docs, evaluate options with each derivation
|
||||||
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
|
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
|
||||||
|
@ -4,7 +4,10 @@
|
|||||||
{ options, config, lib, pkgs, ... }:
|
{ options, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|
||||||
|
let
|
||||||
|
qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
|
||||||
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -12,8 +15,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|||||||
|
|
||||||
systemd.services.backdoor =
|
systemd.services.backdoor =
|
||||||
{ wantedBy = [ "multi-user.target" ];
|
{ wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ];
|
requires = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ];
|
||||||
after = [ "dev-hvc0.device" "dev-${qemuSerialDevice}.device" ];
|
after = [ "dev-hvc0.device" "dev-${qemu-common.qemuSerialDevice}.device" ];
|
||||||
script =
|
script =
|
||||||
''
|
''
|
||||||
export USER=root
|
export USER=root
|
||||||
@ -30,7 +33,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|||||||
|
|
||||||
cd /tmp
|
cd /tmp
|
||||||
exec < /dev/hvc0 > /dev/hvc0
|
exec < /dev/hvc0 > /dev/hvc0
|
||||||
while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done
|
while ! exec 2> /dev/${qemu-common.qemuSerialDevice}; do sleep 0.1; done
|
||||||
echo "connecting to host..." >&2
|
echo "connecting to host..." >&2
|
||||||
stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion
|
stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion
|
||||||
echo
|
echo
|
||||||
@ -42,7 +45,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|||||||
# Prevent agetty from being instantiated on the serial device, since it
|
# Prevent agetty from being instantiated on the serial device, since it
|
||||||
# interferes with the backdoor (writes to it will randomly fail
|
# interferes with the backdoor (writes to it will randomly fail
|
||||||
# with EIO). Likewise for hvc0.
|
# with EIO). Likewise for hvc0.
|
||||||
systemd.services."serial-getty@${qemuSerialDevice}".enable = false;
|
systemd.services."serial-getty@${qemu-common.qemuSerialDevice}".enable = false;
|
||||||
systemd.services."serial-getty@hvc0".enable = false;
|
systemd.services."serial-getty@hvc0".enable = false;
|
||||||
|
|
||||||
# Only set these settings when the options exist. Some tests (e.g. those
|
# Only set these settings when the options exist. Some tests (e.g. those
|
||||||
@ -57,7 +60,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|||||||
# we avoid defining consoles if not possible.
|
# we avoid defining consoles if not possible.
|
||||||
# TODO: refactor such that test-instrumentation can import qemu-vm
|
# TODO: refactor such that test-instrumentation can import qemu-vm
|
||||||
# or declare virtualisation.qemu.console option in a module that's always imported
|
# or declare virtualisation.qemu.console option in a module that's always imported
|
||||||
consoles = [ qemuSerialDevice ];
|
consoles = [ qemu-common.qemuSerialDevice ];
|
||||||
package = lib.mkDefault pkgs.qemu_test;
|
package = lib.mkDefault pkgs.qemu_test;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -88,7 +91,7 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|||||||
# Panic if an error occurs in stage 1 (rather than waiting for
|
# Panic if an error occurs in stage 1 (rather than waiting for
|
||||||
# user intervention).
|
# user intervention).
|
||||||
boot.kernelParams =
|
boot.kernelParams =
|
||||||
[ "console=${qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ];
|
[ "console=${qemu-common.qemuSerialDevice}" "panic=1" "boot.panic_on_fail" ];
|
||||||
|
|
||||||
# `xwininfo' is used by the test driver to query open windows.
|
# `xwininfo' is used by the test driver to query open windows.
|
||||||
environment.systemPackages = [ pkgs.xorg.xwininfo ];
|
environment.systemPackages = [ pkgs.xorg.xwininfo ];
|
||||||
|
@ -10,10 +10,10 @@
|
|||||||
{ config, lib, pkgs, options, ... }:
|
{ config, lib, pkgs, options, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
|
qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
|
||||||
|
|
||||||
cfg = config.virtualisation;
|
cfg = config.virtualisation;
|
||||||
|
|
||||||
@ -75,7 +75,7 @@ let
|
|||||||
in
|
in
|
||||||
"-drive ${driveOpts} ${device}";
|
"-drive ${driveOpts} ${device}";
|
||||||
|
|
||||||
drivesCmdLine = drives: concatStringsSep " " (imap1 driveCmdline drives);
|
drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives);
|
||||||
|
|
||||||
|
|
||||||
# Creates a device name from a 1-based a numerical index, e.g.
|
# Creates a device name from a 1-based a numerical index, e.g.
|
||||||
@ -108,7 +108,7 @@ let
|
|||||||
''
|
''
|
||||||
#! ${pkgs.runtimeShell}
|
#! ${pkgs.runtimeShell}
|
||||||
|
|
||||||
NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
|
NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}")
|
||||||
|
|
||||||
if ! test -e "$NIX_DISK_IMAGE"; then
|
if ! test -e "$NIX_DISK_IMAGE"; then
|
||||||
${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
|
${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
|
||||||
@ -121,26 +121,29 @@ let
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Create a directory for exchanging data with the VM.
|
# Create a directory for exchanging data with the VM.
|
||||||
mkdir -p $TMPDIR/xchg
|
mkdir -p "$TMPDIR/xchg"
|
||||||
|
|
||||||
${if cfg.useBootLoader then ''
|
${lib.optionalString cfg.useBootLoader
|
||||||
|
''
|
||||||
# Create a writable copy/snapshot of the boot disk.
|
# Create a writable copy/snapshot of the boot disk.
|
||||||
# A writable boot disk can be booted from automatically.
|
# A writable boot disk can be booted from automatically.
|
||||||
${qemu}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1
|
${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img" || exit 1
|
||||||
|
|
||||||
NIX_EFI_VARS=$(readlink -f ''${NIX_EFI_VARS:-${cfg.efiVars}})
|
NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}")
|
||||||
|
|
||||||
${if cfg.useEFIBoot then ''
|
${lib.optionalString cfg.useEFIBoot
|
||||||
|
''
|
||||||
# VM needs writable EFI vars
|
# VM needs writable EFI vars
|
||||||
if ! test -e "$NIX_EFI_VARS"; then
|
if ! test -e "$NIX_EFI_VARS"; then
|
||||||
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1
|
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1
|
||||||
chmod 0644 "$NIX_EFI_VARS" || exit 1
|
chmod 0644 "$NIX_EFI_VARS" || exit 1
|
||||||
fi
|
fi
|
||||||
'' else ""}
|
''}
|
||||||
'' else ""}
|
''}
|
||||||
|
|
||||||
cd $TMPDIR
|
cd "$TMPDIR" || exit 1
|
||||||
idx=0
|
|
||||||
|
${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"}
|
||||||
${flip concatMapStrings cfg.emptyDiskImages (size: ''
|
${flip concatMapStrings cfg.emptyDiskImages (size: ''
|
||||||
if ! test -e "empty$idx.qcow2"; then
|
if ! test -e "empty$idx.qcow2"; then
|
||||||
${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
|
${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
|
||||||
@ -149,17 +152,18 @@ let
|
|||||||
'')}
|
'')}
|
||||||
|
|
||||||
# Start QEMU.
|
# Start QEMU.
|
||||||
exec ${qemuBinary qemu} \
|
exec ${qemu-common.qemuBinary qemu} \
|
||||||
-name ${config.system.name} \
|
-name ${config.system.name} \
|
||||||
-m ${toString config.virtualisation.memorySize} \
|
-m ${toString config.virtualisation.memorySize} \
|
||||||
-smp ${toString config.virtualisation.cores} \
|
-smp ${toString config.virtualisation.cores} \
|
||||||
-device virtio-rng-pci \
|
-device virtio-rng-pci \
|
||||||
${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
|
${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
|
||||||
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
|
${concatStringsSep " \\\n "
|
||||||
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
|
(mapAttrsToList
|
||||||
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
|
(tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}")
|
||||||
|
config.virtualisation.sharedDirectories)} \
|
||||||
${drivesCmdLine config.virtualisation.qemu.drives} \
|
${drivesCmdLine config.virtualisation.qemu.drives} \
|
||||||
${toString config.virtualisation.qemu.options} \
|
${concatStringsSep " \\\n " config.virtualisation.qemu.options} \
|
||||||
$QEMU_OPTS \
|
$QEMU_OPTS \
|
||||||
"$@"
|
"$@"
|
||||||
'';
|
'';
|
||||||
@ -270,20 +274,21 @@ in
|
|||||||
|
|
||||||
virtualisation.memorySize =
|
virtualisation.memorySize =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.ints.positive;
|
||||||
default = 384;
|
default = 384;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
Memory size (M) of virtual machine.
|
The memory size in megabytes of the virtual machine.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.msize =
|
virtualisation.msize =
|
||||||
mkOption {
|
mkOption {
|
||||||
default = null;
|
type = types.ints.positive;
|
||||||
type = types.nullOr types.ints.unsigned;
|
default = 16384;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
msize (maximum packet size) option passed to 9p file systems, in
|
The msize (maximum packet size) option passed to 9p file systems, in
|
||||||
bytes. Increasing this should increase performance significantly,
|
bytes. Increasing this should increase performance significantly,
|
||||||
at the cost of higher RAM usage.
|
at the cost of higher RAM usage.
|
||||||
'';
|
'';
|
||||||
@ -291,15 +296,17 @@ in
|
|||||||
|
|
||||||
virtualisation.diskSize =
|
virtualisation.diskSize =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.nullOr types.ints.positive;
|
||||||
default = 512;
|
default = 512;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
Disk size (M) of virtual machine.
|
The disk size in megabytes of the virtual machine.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.diskImage =
|
virtualisation.diskImage =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "./${config.system.name}.qcow2";
|
default = "./${config.system.name}.qcow2";
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -311,7 +318,7 @@ in
|
|||||||
|
|
||||||
virtualisation.bootDevice =
|
virtualisation.bootDevice =
|
||||||
mkOption {
|
mkOption {
|
||||||
type = types.str;
|
type = types.path;
|
||||||
example = "/dev/vda";
|
example = "/dev/vda";
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -321,8 +328,8 @@ in
|
|||||||
|
|
||||||
virtualisation.emptyDiskImages =
|
virtualisation.emptyDiskImages =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.listOf types.ints.positive;
|
||||||
default = [];
|
default = [];
|
||||||
type = types.listOf types.int;
|
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
Additional disk images to provide to the VM. The value is
|
Additional disk images to provide to the VM. The value is
|
||||||
@ -333,6 +340,7 @@ in
|
|||||||
|
|
||||||
virtualisation.graphics =
|
virtualisation.graphics =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -342,10 +350,20 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.resolution =
|
||||||
|
mkOption {
|
||||||
|
type = options.services.xserver.resolutions.type.nestedTypes.elemType;
|
||||||
|
default = { x = 1024; y = 768; };
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
The resolution of the virtual machine display.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.cores =
|
virtualisation.cores =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.ints.positive;
|
||||||
default = 1;
|
default = 1;
|
||||||
type = types.int;
|
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
Specify the number of cores the guest is permitted to use.
|
Specify the number of cores the guest is permitted to use.
|
||||||
@ -354,8 +372,34 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.sharedDirectories =
|
||||||
|
mkOption {
|
||||||
|
type = types.attrsOf
|
||||||
|
(types.submodule {
|
||||||
|
options.source = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The path of the directory to share, can be a shell variable";
|
||||||
|
};
|
||||||
|
options.target = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "The mount point of the directory inside the virtual machine";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
default = { };
|
||||||
|
example = {
|
||||||
|
my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; };
|
||||||
|
};
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
An attributes set of directories that will be shared with the
|
||||||
|
virtual machine using VirtFS (9P filesystem over VirtIO).
|
||||||
|
The attribute name will be used as the 9P mount tag.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.pathsInNixDB =
|
virtualisation.pathsInNixDB =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.listOf types.path;
|
||||||
default = [];
|
default = [];
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -367,8 +411,78 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.forwardPorts = mkOption {
|
||||||
|
type = types.listOf
|
||||||
|
(types.submodule {
|
||||||
|
options.from = mkOption {
|
||||||
|
type = types.enum [ "host" "guest" ];
|
||||||
|
default = "host";
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
Controls the direction in which the ports are mapped:
|
||||||
|
|
||||||
|
- <literal>"host"</literal> means traffic from the host ports
|
||||||
|
is forwarded to the given guest port.
|
||||||
|
|
||||||
|
- <literal>"guest"</literal> means traffic from the guest ports
|
||||||
|
is forwarded to the given host port.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
options.proto = mkOption {
|
||||||
|
type = types.enum [ "tcp" "udp" ];
|
||||||
|
default = "tcp";
|
||||||
|
description = "The protocol to forward.";
|
||||||
|
};
|
||||||
|
options.host.address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = "The IPv4 address of the host.";
|
||||||
|
};
|
||||||
|
options.host.port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
description = "The host port to be mapped.";
|
||||||
|
};
|
||||||
|
options.guest.address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = "The IPv4 address on the guest VLAN.";
|
||||||
|
};
|
||||||
|
options.guest.port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
description = "The guest port to be mapped.";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
default = [];
|
||||||
|
example = lib.literalExample
|
||||||
|
''
|
||||||
|
[ # forward local port 2222 -> 22, to ssh into the VM
|
||||||
|
{ from = "host"; host.port = 2222; guest.port = 22; }
|
||||||
|
|
||||||
|
# forward local port 80 -> 10.0.2.10:80 in the VLAN
|
||||||
|
{ from = "guest";
|
||||||
|
guest.address = "10.0.2.10"; guest.port = 80;
|
||||||
|
host.address = "127.0.0.1"; host.port = 80;
|
||||||
|
}
|
||||||
|
]
|
||||||
|
'';
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
When using the SLiRP user networking (default), this option allows to
|
||||||
|
forward ports to/from the host/guest.
|
||||||
|
|
||||||
|
<warning><para>
|
||||||
|
If the NixOS firewall on the virtual machine is enabled, you also
|
||||||
|
have to open the guest ports to enable the traffic between host and
|
||||||
|
guest.
|
||||||
|
</para></warning>
|
||||||
|
|
||||||
|
<note><para>Currently QEMU supports only IPv4 forwarding.</para></note>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.vlans =
|
virtualisation.vlans =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.listOf types.ints.unsigned;
|
||||||
default = [ 1 ];
|
default = [ 1 ];
|
||||||
example = [ 1 2 ];
|
example = [ 1 2 ];
|
||||||
description =
|
description =
|
||||||
@ -386,6 +500,7 @@ in
|
|||||||
|
|
||||||
virtualisation.writableStore =
|
virtualisation.writableStore =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = true; # FIXME
|
default = true; # FIXME
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -397,6 +512,7 @@ in
|
|||||||
|
|
||||||
virtualisation.writableStoreUseTmpfs =
|
virtualisation.writableStoreUseTmpfs =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -407,6 +523,7 @@ in
|
|||||||
|
|
||||||
networking.primaryIPAddress =
|
networking.primaryIPAddress =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
internal = true;
|
internal = true;
|
||||||
description = "Primary IP address used in /etc/hosts.";
|
description = "Primary IP address used in /etc/hosts.";
|
||||||
@ -423,7 +540,7 @@ in
|
|||||||
|
|
||||||
options =
|
options =
|
||||||
mkOption {
|
mkOption {
|
||||||
type = types.listOf types.unspecified;
|
type = types.listOf types.str;
|
||||||
default = [];
|
default = [];
|
||||||
example = [ "-vga std" ];
|
example = [ "-vga std" ];
|
||||||
description = "Options passed to QEMU.";
|
description = "Options passed to QEMU.";
|
||||||
@ -432,7 +549,7 @@ in
|
|||||||
consoles = mkOption {
|
consoles = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = let
|
default = let
|
||||||
consoles = [ "${qemuSerialDevice},115200n8" "tty0" ];
|
consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ];
|
||||||
in if cfg.graphics then consoles else reverseList consoles;
|
in if cfg.graphics then consoles else reverseList consoles;
|
||||||
example = [ "console=tty1" ];
|
example = [ "console=tty1" ];
|
||||||
description = ''
|
description = ''
|
||||||
@ -448,17 +565,18 @@ in
|
|||||||
|
|
||||||
networkingOptions =
|
networkingOptions =
|
||||||
mkOption {
|
mkOption {
|
||||||
default = [
|
|
||||||
"-net nic,netdev=user.0,model=virtio"
|
|
||||||
"-netdev user,id=user.0\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
|
|
||||||
];
|
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
|
default = [ ];
|
||||||
|
example = [
|
||||||
|
"-net nic,netdev=user.0,model=virtio"
|
||||||
|
"-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
|
||||||
|
];
|
||||||
description = ''
|
description = ''
|
||||||
Networking-related command-line options that should be passed to qemu.
|
Networking-related command-line options that should be passed to qemu.
|
||||||
The default is to use userspace networking (slirp).
|
The default is to use userspace networking (SLiRP).
|
||||||
|
|
||||||
If you override this option, be advised to keep
|
If you override this option, be advised to keep
|
||||||
''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default)
|
''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example)
|
||||||
to keep the default runtime behaviour.
|
to keep the default runtime behaviour.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -472,16 +590,16 @@ in
|
|||||||
|
|
||||||
diskInterface =
|
diskInterface =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.enum [ "virtio" "scsi" "ide" ];
|
||||||
default = "virtio";
|
default = "virtio";
|
||||||
example = "scsi";
|
example = "scsi";
|
||||||
type = types.enum [ "virtio" "scsi" "ide" ];
|
|
||||||
description = "The interface used for the virtual hard disks.";
|
description = "The interface used for the virtual hard disks.";
|
||||||
};
|
};
|
||||||
|
|
||||||
guestAgent.enable =
|
guestAgent.enable =
|
||||||
mkOption {
|
mkOption {
|
||||||
default = true;
|
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
description = ''
|
description = ''
|
||||||
Enable the Qemu guest agent.
|
Enable the Qemu guest agent.
|
||||||
'';
|
'';
|
||||||
@ -490,6 +608,7 @@ in
|
|||||||
|
|
||||||
virtualisation.useBootLoader =
|
virtualisation.useBootLoader =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -504,6 +623,7 @@ in
|
|||||||
|
|
||||||
virtualisation.useEFIBoot =
|
virtualisation.useEFIBoot =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -515,6 +635,7 @@ in
|
|||||||
|
|
||||||
virtualisation.efiVars =
|
virtualisation.efiVars =
|
||||||
mkOption {
|
mkOption {
|
||||||
|
type = types.str;
|
||||||
default = "./${config.system.name}-efi-vars.fd";
|
default = "./${config.system.name}-efi-vars.fd";
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
@ -525,8 +646,8 @@ in
|
|||||||
|
|
||||||
virtualisation.bios =
|
virtualisation.bios =
|
||||||
mkOption {
|
mkOption {
|
||||||
default = null;
|
|
||||||
type = types.nullOr types.package;
|
type = types.nullOr types.package;
|
||||||
|
default = null;
|
||||||
description =
|
description =
|
||||||
''
|
''
|
||||||
An alternate BIOS (such as <package>qboot</package>) with which to start the VM.
|
An alternate BIOS (such as <package>qboot</package>) with which to start the VM.
|
||||||
@ -539,6 +660,25 @@ in
|
|||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
|
assertions =
|
||||||
|
lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule:
|
||||||
|
[
|
||||||
|
{ assertion = rule.from == "guest" -> rule.proto == "tcp";
|
||||||
|
message =
|
||||||
|
''
|
||||||
|
Invalid virtualisation.forwardPorts.<entry ${toString i}>.proto:
|
||||||
|
Guest forwarding supports only TCP connections.
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
{ assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address;
|
||||||
|
message =
|
||||||
|
''
|
||||||
|
Invalid virtualisation.forwardPorts.<entry ${toString i}>.guest.address:
|
||||||
|
The address must be in the default VLAN (10.0.2.0/24).
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
]));
|
||||||
|
|
||||||
# Note [Disk layout with `useBootLoader`]
|
# Note [Disk layout with `useBootLoader`]
|
||||||
#
|
#
|
||||||
# If `useBootLoader = true`, we configure 2 drives:
|
# If `useBootLoader = true`, we configure 2 drives:
|
||||||
@ -560,6 +700,7 @@ in
|
|||||||
then driveDeviceName 2 # second disk
|
then driveDeviceName 2 # second disk
|
||||||
else cfg.bootDevice
|
else cfg.bootDevice
|
||||||
);
|
);
|
||||||
|
boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}";
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands =
|
boot.initrd.extraUtilsCommands =
|
||||||
''
|
''
|
||||||
@ -618,6 +759,28 @@ in
|
|||||||
|
|
||||||
virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
|
virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
|
||||||
|
|
||||||
|
virtualisation.sharedDirectories = {
|
||||||
|
nix-store = { source = "/nix/store"; target = "/nix/store"; };
|
||||||
|
xchg = { source = ''"$TMPDIR"/xchg''; target = "/tmp/xchg"; };
|
||||||
|
shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; };
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.qemu.networkingOptions =
|
||||||
|
let
|
||||||
|
forwardingOptions = flip concatMapStrings cfg.forwardPorts
|
||||||
|
({ proto, from, host, guest }:
|
||||||
|
if from == "host"
|
||||||
|
then "hostfwd=${proto}:${host.address}:${toString host.port}-" +
|
||||||
|
"${guest.address}:${toString guest.port},"
|
||||||
|
else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" +
|
||||||
|
"cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}',"
|
||||||
|
);
|
||||||
|
in
|
||||||
|
[
|
||||||
|
"-net nic,netdev=user.0,model=virtio"
|
||||||
|
"-netdev user,id=user.0,${forwardingOptions}\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
|
||||||
|
];
|
||||||
|
|
||||||
# FIXME: Consolidate this one day.
|
# FIXME: Consolidate this one day.
|
||||||
virtualisation.qemu.options = mkMerge [
|
virtualisation.qemu.options = mkMerge [
|
||||||
(mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
|
(mkIf (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
|
||||||
@ -646,7 +809,7 @@ in
|
|||||||
virtualisation.qemu.drives = mkMerge [
|
virtualisation.qemu.drives = mkMerge [
|
||||||
[{
|
[{
|
||||||
name = "root";
|
name = "root";
|
||||||
file = "$NIX_DISK_IMAGE";
|
file = ''"$NIX_DISK_IMAGE"'';
|
||||||
driveExtraOpts.cache = "writeback";
|
driveExtraOpts.cache = "writeback";
|
||||||
driveExtraOpts.werror = "report";
|
driveExtraOpts.werror = "report";
|
||||||
}]
|
}]
|
||||||
@ -655,7 +818,7 @@ in
|
|||||||
# note [Disk layout with `useBootLoader`].
|
# note [Disk layout with `useBootLoader`].
|
||||||
{
|
{
|
||||||
name = "boot";
|
name = "boot";
|
||||||
file = "$TMPDIR/disk.img";
|
file = ''"$TMPDIR"/disk.img'';
|
||||||
driveExtraOpts.media = "disk";
|
driveExtraOpts.media = "disk";
|
||||||
deviceExtraOpts.bootindex = "1";
|
deviceExtraOpts.bootindex = "1";
|
||||||
}
|
}
|
||||||
@ -672,15 +835,26 @@ in
|
|||||||
# configuration, where the regular value for the `fileSystems'
|
# configuration, where the regular value for the `fileSystems'
|
||||||
# attribute should be disregarded for the purpose of building a VM
|
# attribute should be disregarded for the purpose of building a VM
|
||||||
# test image (since those filesystems don't exist in the VM).
|
# test image (since those filesystems don't exist in the VM).
|
||||||
fileSystems = mkVMOverride (
|
fileSystems =
|
||||||
cfg.fileSystems //
|
let
|
||||||
{ "/".device = cfg.bootDevice;
|
mkSharedDir = tag: share:
|
||||||
${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} =
|
{
|
||||||
{ device = "store";
|
name =
|
||||||
fsType = "9p";
|
if tag == "nix-store" && cfg.writableStore
|
||||||
options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}";
|
then "/nix/.ro-store"
|
||||||
neededForBoot = true;
|
else share.target;
|
||||||
};
|
value.device = tag;
|
||||||
|
value.fsType = "9p";
|
||||||
|
value.neededForBoot = true;
|
||||||
|
value.options =
|
||||||
|
[ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ]
|
||||||
|
++ lib.optional (tag == "nix-store") "cache=loose";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
mkVMOverride (cfg.fileSystems //
|
||||||
|
{
|
||||||
|
"/".device = cfg.bootDevice;
|
||||||
|
|
||||||
"/tmp" = mkIf config.boot.tmpOnTmpfs
|
"/tmp" = mkIf config.boot.tmpOnTmpfs
|
||||||
{ device = "tmpfs";
|
{ device = "tmpfs";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
@ -688,32 +862,20 @@ in
|
|||||||
# Sync with systemd's tmp.mount;
|
# Sync with systemd's tmp.mount;
|
||||||
options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ];
|
options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ];
|
||||||
};
|
};
|
||||||
"/tmp/xchg" =
|
|
||||||
{ device = "xchg";
|
"/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs)
|
||||||
fsType = "9p";
|
|
||||||
options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}";
|
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
"/tmp/shared" =
|
|
||||||
{ device = "shared";
|
|
||||||
fsType = "9p";
|
|
||||||
options = [ "trans=virtio" "version=9p2000.L" ] ++ lib.optional (cfg.msize != null) "msize=${toString cfg.msize}";
|
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
} // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs)
|
|
||||||
{ "/nix/.rw-store" =
|
|
||||||
{ fsType = "tmpfs";
|
{ fsType = "tmpfs";
|
||||||
options = [ "mode=0755" ];
|
options = [ "mode=0755" ];
|
||||||
neededForBoot = true;
|
neededForBoot = true;
|
||||||
};
|
};
|
||||||
} // optionalAttrs cfg.useBootLoader
|
|
||||||
{ "/boot" =
|
"/boot" = mkIf cfg.useBootLoader
|
||||||
# see note [Disk layout with `useBootLoader`]
|
# see note [Disk layout with `useBootLoader`]
|
||||||
{ device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk`
|
{ device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk`
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
noCheck = true; # fsck fails on a r/o filesystem
|
noCheck = true; # fsck fails on a r/o filesystem
|
||||||
};
|
};
|
||||||
});
|
} // lib.mapAttrs' mkSharedDir cfg.sharedDirectories);
|
||||||
|
|
||||||
swapDevices = mkVMOverride [ ];
|
swapDevices = mkVMOverride [ ];
|
||||||
boot.initrd.luks.devices = mkVMOverride {};
|
boot.initrd.luks.devices = mkVMOverride {};
|
||||||
@ -734,7 +896,7 @@ in
|
|||||||
# video driver the host uses.
|
# video driver the host uses.
|
||||||
services.xserver.videoDrivers = mkVMOverride [ "modesetting" ];
|
services.xserver.videoDrivers = mkVMOverride [ "modesetting" ];
|
||||||
services.xserver.defaultDepth = mkVMOverride 0;
|
services.xserver.defaultDepth = mkVMOverride 0;
|
||||||
services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ];
|
services.xserver.resolutions = mkVMOverride [ cfg.resolution ];
|
||||||
services.xserver.monitorSection =
|
services.xserver.monitorSection =
|
||||||
''
|
''
|
||||||
# Set a higher refresh rate so that resolutions > 800x600 work.
|
# Set a higher refresh rate so that resolutions > 800x600 work.
|
||||||
|
@ -8,7 +8,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; };
|
|||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
qemu-flags = import ../lib/qemu-flags.nix { inherit pkgs; };
|
qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; };
|
||||||
|
|
||||||
router = { config, pkgs, lib, ... }:
|
router = { config, pkgs, lib, ... }:
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
@ -42,7 +42,7 @@ let
|
|||||||
machines = flip map vlanIfs (vlan:
|
machines = flip map vlanIfs (vlan:
|
||||||
{
|
{
|
||||||
hostName = "client${toString vlan}";
|
hostName = "client${toString vlan}";
|
||||||
ethernetAddress = qemu-flags.qemuNicMac vlan 1;
|
ethernetAddress = qemu-common.qemuNicMac vlan 1;
|
||||||
ipAddress = "192.168.${toString vlan}.2";
|
ipAddress = "192.168.${toString vlan}.2";
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -92,11 +92,11 @@ in
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "brave";
|
pname = "brave";
|
||||||
version = "1.29.77";
|
version = "1.29.79";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
|
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
|
||||||
sha256 = "LJykdig44ACpvlaGogbwrbY9hCJT3CB4ZKDZ/IzaBOU=";
|
sha256 = "7GJfnq2PWO4Bks4jb3DOQhKShrALP2hdMl5up4FYsnU=";
|
||||||
};
|
};
|
||||||
|
|
||||||
dontConfigure = true;
|
dontConfigure = true;
|
||||||
|
@ -38,13 +38,13 @@ let
|
|||||||
in
|
in
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "crun";
|
pname = "crun";
|
||||||
version = "1.0";
|
version = "1.1";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "containers";
|
owner = "containers";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "sha256-xpNwhNAbcTKkXl5i4L8aayMAx8O8SWdFlgHguHNiqqw=";
|
sha256 = "sha256-0UyxQ0eOsU3hIh7B56ClynjLFBIsBF+WTqOw4mSqulQ=";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -9,9 +9,9 @@
|
|||||||
}:
|
}:
|
||||||
|
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with import ../../../nixos/lib/qemu-flags.nix { inherit pkgs; };
|
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
|
qemu-common = import ../../../nixos/lib/qemu-common.nix { inherit lib pkgs; };
|
||||||
|
|
||||||
qemu = buildPackages.qemu_kvm;
|
qemu = buildPackages.qemu_kvm;
|
||||||
|
|
||||||
@ -192,13 +192,13 @@ rec {
|
|||||||
export PATH=/bin:/usr/bin:${coreutils}/bin
|
export PATH=/bin:/usr/bin:${coreutils}/bin
|
||||||
echo "Starting interactive shell..."
|
echo "Starting interactive shell..."
|
||||||
echo "(To run the original builder: \$origBuilder \$origArgs)"
|
echo "(To run the original builder: \$origBuilder \$origArgs)"
|
||||||
exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemuSerialDevice} &> /dev/${qemuSerialDevice}
|
exec ${busybox}/bin/setsid ${bashInteractive}/bin/bash < /dev/${qemu-common.qemuSerialDevice} &> /dev/${qemu-common.qemuSerialDevice}
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
qemuCommandLinux = ''
|
qemuCommandLinux = ''
|
||||||
${qemuBinary qemu} \
|
${qemu-common.qemuBinary qemu} \
|
||||||
-nographic -no-reboot \
|
-nographic -no-reboot \
|
||||||
-device virtio-rng-pci \
|
-device virtio-rng-pci \
|
||||||
-virtfs local,path=${storeDir},security_model=none,mount_tag=store \
|
-virtfs local,path=${storeDir},security_model=none,mount_tag=store \
|
||||||
@ -206,7 +206,7 @@ rec {
|
|||||||
''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \
|
''${diskImage:+-drive file=$diskImage,if=virtio,cache=unsafe,werror=report} \
|
||||||
-kernel ${kernel}/${img} \
|
-kernel ${kernel}/${img} \
|
||||||
-initrd ${initrd}/initrd \
|
-initrd ${initrd}/initrd \
|
||||||
-append "console=${qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \
|
-append "console=${qemu-common.qemuSerialDevice} panic=1 command=${stage2Init} out=$out mountDisk=$mountDisk loglevel=4" \
|
||||||
$QEMU_OPTS
|
$QEMU_OPTS
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
{ lib
|
{ lib
|
||||||
, stdenv
|
, stdenv
|
||||||
, fetchFromGitHub
|
, fetchFromGitHub
|
||||||
, fetchpatch
|
|
||||||
, substituteAll
|
, substituteAll
|
||||||
, binutils
|
, binutils
|
||||||
, asciidoctor
|
, asciidoctor
|
||||||
@ -15,25 +14,18 @@
|
|||||||
|
|
||||||
let ccache = stdenv.mkDerivation rec {
|
let ccache = stdenv.mkDerivation rec {
|
||||||
pname = "ccache";
|
pname = "ccache";
|
||||||
version = "4.4.1";
|
version = "4.4.2";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = pname;
|
owner = pname;
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
hash = "sha256-zsJoaaxYVV78vsxq2nbOh9ZAU1giKp8Kh6qJFL120CQ=";
|
hash = "sha256-VtwykRX5so6LqyC0En/Jx7anXD7qW47zqq3awCY0lJE=";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "man" ];
|
outputs = [ "out" "man" ];
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
# Use the shell builtin pwd for the basedir test
|
|
||||||
# See https://github.com/ccache/ccache/pull/933
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/ccache/ccache/commit/58fd1fbe75a1b5dc3f9151947ace15164fdef91c.patch";
|
|
||||||
sha256 = "BoBn4YSDy8pQxJ+fQHSsrUZDBVeLFWXIQ6CunDwMO7o=";
|
|
||||||
})
|
|
||||||
|
|
||||||
# When building for Darwin, test/run uses dwarfdump, whereas on
|
# When building for Darwin, test/run uses dwarfdump, whereas on
|
||||||
# Linux it uses objdump. We don't have dwarfdump packaged for
|
# Linux it uses objdump. We don't have dwarfdump packaged for
|
||||||
# Darwin, so this patch updates the test to also use objdump on
|
# Darwin, so this patch updates the test to also use objdump on
|
||||||
|
@ -8,13 +8,13 @@
|
|||||||
|
|
||||||
buildPythonApplication rec {
|
buildPythonApplication rec {
|
||||||
pname = "dnsviz";
|
pname = "dnsviz";
|
||||||
version = "0.9.3";
|
version = "0.9.4";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "dnsviz";
|
owner = "dnsviz";
|
||||||
repo = "dnsviz";
|
repo = "dnsviz";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-QsTYpNaAJiIRUrr2JYjXWOKFihENhAccvmB/DRhX1PA=";
|
sha256 = "sha256-x6LdPVQFfsJIuKde1+LbFKz5bBEi+Mri9sVH0nGsbCU=";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
|
@ -1,88 +1,67 @@
|
|||||||
{ lib, fetchFromGitHub, python3Packages, docutils }:
|
{ lib
|
||||||
|
, fetchFromGitHub
|
||||||
|
, installShellFiles
|
||||||
|
, python3Packages
|
||||||
|
, pandoc
|
||||||
|
}:
|
||||||
|
|
||||||
python3Packages.buildPythonApplication rec {
|
python3Packages.buildPythonApplication rec {
|
||||||
pname = "httpie";
|
pname = "httpie";
|
||||||
version = "2.4.0";
|
version = "2.5.0";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "httpie";
|
owner = "httpie";
|
||||||
repo = "httpie";
|
repo = "httpie";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "00lafjqg9nfnak0nhcr2l2hzzkwn2y6qv0wdkm6r6f69snizy3hf";
|
sha256 = "sha256-GwwZLXf9CH024gKfWsYPnr/oqQcxR/lQIToFRh59B+E=";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
nativeBuildInputs = [
|
||||||
./strip-venv.patch
|
installShellFiles
|
||||||
|
pandoc
|
||||||
];
|
];
|
||||||
|
|
||||||
outputs = [ "out" "doc" "man" ];
|
propagatedBuildInputs = with python3Packages; [
|
||||||
|
defusedxml
|
||||||
nativeBuildInputs = [ docutils ];
|
pygments
|
||||||
|
requests
|
||||||
propagatedBuildInputs = with python3Packages; [ pygments requests requests-toolbelt setuptools ];
|
requests-toolbelt
|
||||||
|
setuptools
|
||||||
|
];
|
||||||
|
|
||||||
checkInputs = with python3Packages; [
|
checkInputs = with python3Packages; [
|
||||||
mock
|
mock
|
||||||
pytest
|
pytest
|
||||||
pytest-httpbin
|
pytest-httpbin
|
||||||
pytestCheckHook
|
pytestCheckHook
|
||||||
|
responses
|
||||||
];
|
];
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
# install completions
|
# install completions
|
||||||
install -Dm555 \
|
installShellCompletion --bash \
|
||||||
extras/httpie-completion.bash \
|
--name http.bash extras/httpie-completion.bash
|
||||||
$out/share/bash-completion/completions/http.bash
|
installShellCompletion --fish \
|
||||||
install -Dm555 \
|
--name http.fish extras/httpie-completion.fish
|
||||||
extras/httpie-completion.fish \
|
|
||||||
$out/share/fish/vendor_completions.d/http.fish
|
|
||||||
|
|
||||||
mkdir -p $man/share/man/man1
|
# convert the docs/README.md file
|
||||||
|
pandoc --standalone -f markdown -t man docs/README.md -o docs/http.1
|
||||||
docdir=$doc/share/doc/httpie
|
installManPage docs/http.1
|
||||||
mkdir -p $docdir/html
|
|
||||||
|
|
||||||
cp AUTHORS.rst CHANGELOG.rst CONTRIBUTING.rst $docdir
|
|
||||||
|
|
||||||
# helpfully, the readme has a `no-web` class to exclude
|
|
||||||
# the parts that are not relevant for offline docs
|
|
||||||
|
|
||||||
# this one build link was not marked however
|
|
||||||
sed -e 's/^|build|//g' -i README.rst
|
|
||||||
|
|
||||||
toHtml() {
|
|
||||||
rst2html5 \
|
|
||||||
--strip-elements-with-class=no-web \
|
|
||||||
--title=http \
|
|
||||||
--no-generator \
|
|
||||||
--no-datestamp \
|
|
||||||
--no-source-link \
|
|
||||||
"$1" \
|
|
||||||
"$2"
|
|
||||||
}
|
|
||||||
|
|
||||||
toHtml README.rst $docdir/html/index.html
|
|
||||||
toHtml CHANGELOG.rst $docdir/html/CHANGELOG.html
|
|
||||||
toHtml CONTRIBUTING.rst $docdir/html/CONTRIBUTING.html
|
|
||||||
|
|
||||||
rst2man \
|
|
||||||
--strip-elements-with-class=no-web \
|
|
||||||
--title=http \
|
|
||||||
--no-generator \
|
|
||||||
--no-datestamp \
|
|
||||||
--no-source-link \
|
|
||||||
README.rst \
|
|
||||||
$man/share/man/man1/http.1
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# the tests call rst2pseudoxml.py from docutils
|
pytestFlagsArray = [
|
||||||
preCheck = ''
|
"httpie"
|
||||||
export PATH=${docutils}/bin:$PATH
|
"tests"
|
||||||
'';
|
];
|
||||||
|
|
||||||
checkPhase = ''
|
disabledTests = [
|
||||||
py.test ./httpie ./tests --doctest-modules --verbose ./httpie ./tests -k 'not test_chunked and not test_verbose_chunked and not test_multipart_chunked and not test_request_body_from_file_by_path_chunked'
|
"test_chunked"
|
||||||
'';
|
"test_verbose_chunked"
|
||||||
|
"test_multipart_chunked"
|
||||||
|
"test_request_body_from_file_by_path_chunked"
|
||||||
|
];
|
||||||
|
|
||||||
|
pythonImportsCheck = [ "httpie" ];
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "A command line HTTP client whose goal is to make CLI human-friendly";
|
description = "A command line HTTP client whose goal is to make CLI human-friendly";
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
, nixosTests
|
, nixosTests
|
||||||
, fetchurl, autoreconfHook
|
, fetchurl, autoreconfHook
|
||||||
, zlib, pcre, w3m, man
|
, zlib, pcre, w3m, man
|
||||||
, mbedtls, brotli
|
, openssl, brotli
|
||||||
}:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
@ -18,11 +18,11 @@ stdenv.mkDerivation rec {
|
|||||||
hardeningEnable = [ "pie" ];
|
hardeningEnable = [ "pie" ];
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook w3m man ];
|
nativeBuildInputs = [ autoreconfHook w3m man ];
|
||||||
buildInputs = [ zlib pcre mbedtls brotli ];
|
buildInputs = [ zlib pcre openssl brotli ];
|
||||||
|
|
||||||
makeFlags = [ "STRIP=" ];
|
makeFlags = [ "STRIP=" ];
|
||||||
configureFlags = [
|
configureFlags = [
|
||||||
"--with-mbedtls"
|
"--with-openssl"
|
||||||
"--with-brotli"
|
"--with-brotli"
|
||||||
"--enable-external-filters"
|
"--enable-external-filters"
|
||||||
"--enable-compression"
|
"--enable-compression"
|
||||||
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
|
|||||||
description = "Non-caching web proxy with advanced filtering capabilities";
|
description = "Non-caching web proxy with advanced filtering capabilities";
|
||||||
# When linked with mbedtls, the license becomes GPLv3 (or later), otherwise
|
# When linked with mbedtls, the license becomes GPLv3 (or later), otherwise
|
||||||
# GPLv2 (or later). See https://www.privoxy.org/user-manual/copyright.html
|
# GPLv2 (or later). See https://www.privoxy.org/user-manual/copyright.html
|
||||||
license = licenses.gpl3Plus;
|
license = licenses.gpl2Plus;
|
||||||
platforms = platforms.all;
|
platforms = platforms.all;
|
||||||
maintainers = [ maintainers.phreedom ];
|
maintainers = [ maintainers.phreedom ];
|
||||||
};
|
};
|
||||||
|
@ -2,13 +2,13 @@
|
|||||||
|
|
||||||
rustPlatform.buildRustPackage rec {
|
rustPlatform.buildRustPackage rec {
|
||||||
pname = "quill";
|
pname = "quill";
|
||||||
version = "0.2.5";
|
version = "0.2.7";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "dfinity";
|
owner = "dfinity";
|
||||||
repo = "quill";
|
repo = "quill";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-lvINDtOG2mmz0ESxL11DQVZh3IcEiZYYMu5oN5Q9WKA=";
|
sha256 = "sha256-3OlsCRpxRDKlfC0sa9MlFCupyRbDuqJQzDb9SQob1O0=";
|
||||||
};
|
};
|
||||||
|
|
||||||
ic = fetchFromGitHub {
|
ic = fetchFromGitHub {
|
||||||
@ -30,7 +30,7 @@ rustPlatform.buildRustPackage rec {
|
|||||||
export OPENSSL_LIB_DIR=${openssl.out}/lib
|
export OPENSSL_LIB_DIR=${openssl.out}/lib
|
||||||
'';
|
'';
|
||||||
|
|
||||||
cargoSha256 = "sha256-F2RMfHVFqCq9cb+9bjPWaRcQWKYIwwffWCssoQ6sSdU=";
|
cargoSha256 = "sha256-YxuBABGaZ+ti31seEYR6bB+OMgrSvl1lZyu4bqdxPIk=";
|
||||||
|
|
||||||
nativeBuildInputs = [ pkg-config protobuf ];
|
nativeBuildInputs = [ pkg-config protobuf ];
|
||||||
buildInputs = [ openssl ]
|
buildInputs = [ openssl ]
|
||||||
|
Loading…
Reference in New Issue
Block a user