Compare commits
20 Commits
| Author | SHA1 | Date |
|---|---|---|
Jonas Heinrich
|
17f17be784 | |
Mikhail Klementev
|
467f74f19a | |
|
Mikhail Klementev
|
ce92ddf1b9 | |
|
Mikhail Klementev
|
d698f058ff | |
|
Mikhail Klementev
|
84374314a2 | |
|
Mikhail Klementev
|
a3bd38c243 | |
ilian
|
5753321877 | |
|
ilian
|
c6159a7925 | |
|
ilian
|
2560e852df | |
|
ilian
|
f063f2a90c | |
|
Mikhail Klementev
|
33facb2321 | |
|
Mikhail Klementev
|
9142fe53c6 | |
Vladimir Serov
|
c2413d0208 | |
|
Vladimir Serov
|
d9c651987b | |
|
Vladimir Serov
|
3483763938 | |
|
Vladimir Serov
|
bfc28be996 | |
|
Vladimir Serov
|
6321004848 | |
|
Vladimir Serov
|
5376e7a56f | |
|
Vladimir Serov
|
77eada72c3 | |
|
Vladimir Serov
|
9a602a2231 |
|
|
@ -1,25 +0,0 @@
|
|||
name: donate
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened, closed]
|
||||
schedule:
|
||||
- cron: '35 * * * *' # for updating balance
|
||||
|
||||
jobs:
|
||||
comment:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- env:
|
||||
# https://github.com/jollheef/donate/blob/master/dashboard/whitelist.go
|
||||
DASHBOARD_ACCESS_TOKEN: ${{ secrets.DONATE_DASHBOARD_ACCESS_TOKEN }}
|
||||
# the scope is current repository only
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
TOOL: "https://github.com/jollheef/donate/archive/master.tar.gz"
|
||||
run: |
|
||||
curl -L https://nixos.org/nix/install | sh
|
||||
. ~/.nix-profile/etc/profile.d/nix.sh
|
||||
# Use latest stable nixpkgs channel
|
||||
nix-channel --add https://nixos.org/channels/nixos-20.03 nixpkgs
|
||||
nix-channel --update
|
||||
nix run -f $TOOL -c donate-ci
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
[](https://appvm.readthedocs.io/en/latest/?badge=latest)
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=R8W2UQPZ5X5JE&source=url)
|
||||
[](https://blockchair.com/bitcoin/address/bc1q23fyuq7kmngrgqgp6yq9hk8a5q460f39m8nv87)
|
||||
|
||||
# Nix application VMs: security through virtualization
|
||||
|
||||
|
|
|
|||
24
appvm.go
24
appvm.go
|
|
@ -31,13 +31,12 @@ import (
|
|||
kingpin "gopkg.in/alecthomas/kingpin.v2"
|
||||
)
|
||||
|
||||
|
||||
type networkModel int
|
||||
|
||||
const (
|
||||
networkOffline networkModel = iota
|
||||
networkQemu networkModel = iota
|
||||
networkLibvirt networkModel = iota
|
||||
networkOffline networkModel = iota
|
||||
networkQemu networkModel = iota
|
||||
networkLibvirt networkModel = iota
|
||||
)
|
||||
|
||||
func list(l *libvirt.Libvirt) {
|
||||
|
|
@ -162,13 +161,9 @@ func generateVM(path, name string, verbose bool) (realpath, reginfo, qcow2 strin
|
|||
|
||||
syscall.Unlink("result")
|
||||
|
||||
qcow2 = os.Getenv("HOME") + "/appvm/.fake.qcow2"
|
||||
if _, err = os.Stat(qcow2); os.IsNotExist(err) {
|
||||
system.System("qemu-img", "create", "-f", "qcow2", qcow2, "512M")
|
||||
err = os.Chmod(qcow2, 0400) // qemu run with -snapshot, we only need it for create /dev/vda
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
qcow2 = os.Getenv("HOME") + "/appvm/." + name + ".fake.qcow2"
|
||||
if _, e := os.Stat(qcow2); os.IsNotExist(e) {
|
||||
system.System("qemu-img", "create", "-f", "qcow2", qcow2, "40M")
|
||||
}
|
||||
|
||||
return
|
||||
|
|
@ -182,7 +177,7 @@ func isRunning(l *libvirt.Libvirt, name string) bool {
|
|||
|
||||
func generateAppVM(l *libvirt.Libvirt,
|
||||
nixName, vmName, appvmPath, sharedDir string,
|
||||
verbose bool, network networkModel, gui bool) (err error) {
|
||||
verbose bool, network networkModel, gui bool) (qcow2 string, err error) {
|
||||
|
||||
realpath, reginfo, qcow2, err := generateVM(appvmPath, nixName, verbose)
|
||||
if err != nil {
|
||||
|
|
@ -275,8 +270,9 @@ func start(l *libvirt.Libvirt, name string, verbose bool, network networkModel,
|
|||
go stupidProgressBar()
|
||||
}
|
||||
|
||||
err := generateAppVM(l, name, vmName, appvmPath, sharedDir,
|
||||
qcow2, err := generateAppVM(l, name, vmName, appvmPath, sharedDir,
|
||||
verbose, network, gui)
|
||||
defer os.Remove(qcow2)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
|
@ -437,7 +433,7 @@ func parseNetworkModel(flagOffline bool, flagNetworking string) networkModel {
|
|||
if flagNetworking == "qemu" {
|
||||
return networkQemu
|
||||
}
|
||||
return networkQemu // qemu is the default network model
|
||||
return networkQemu // qemu is the default network model
|
||||
}
|
||||
|
||||
var configDir = os.Getenv("HOME") + "/.config/appvm/"
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ var base_nix = `
|
|||
services.xserver = {
|
||||
enable = true;
|
||||
desktopManager.xterm.enable = false;
|
||||
displayManager.lightdm = {
|
||||
enable = true;
|
||||
displayManager = {
|
||||
lightdm.enable = true;
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "user";
|
||||
|
|
@ -51,8 +51,7 @@ startup = do
|
|||
systemd.services.home-user-build-xmonad = {
|
||||
description = "Link xmonad configuration";
|
||||
serviceConfig = {
|
||||
ConditionFileNotEmpty = "!/home/user/.xmonad/xmonad.hs";
|
||||
ExecStart = "/bin/sh -c 'mkdir -p /home/user/.xmonad && ln -s /etc/xmonad.hs /home/user/.xmonad/xmonad.hs'";
|
||||
ExecStart = "/bin/sh -c 'mkdir -p /home/user/.xmonad && ln -sf /etc/xmonad.hs /home/user/.xmonad/xmonad.hs && /run/current-system/sw/bin/xmonad --recompile'";
|
||||
RemainAfterExit = "yes";
|
||||
User = "user";
|
||||
Restart = "on-failure";
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs ? import <nixpkgs> {}, ... }:
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
virt-manager-without-menu = pkgs.virt-viewer.overrideAttrs(x: {
|
||||
patches = [
|
||||
./patches/0001-Remove-menu-bar.patch
|
||||
|
|
@ -16,12 +16,9 @@ buildGoModule rec {
|
|||
|
||||
buildInputs = [ makeWrapper ];
|
||||
|
||||
goPackagePath = "code.dumpstack.io/tools/${pname}";
|
||||
|
||||
src = ./.;
|
||||
|
||||
vendorSha256 = "1aimli23jdqv8rifsn22qfbj2c0nc0s5czsd8qprhnr4hcsbdnkf";
|
||||
modSha256 = "${vendorSha256}"; # backward compatibility
|
||||
vendorSha256 = "sha256-8eU+Mf5dxL/bAMMShXvj8I1Kdd4ysBTWvgYIXwLStPI=";
|
||||
|
||||
postFixup = ''
|
||||
wrapProgram $out/bin/appvm \
|
||||
|
|
@ -31,7 +28,7 @@ buildGoModule rec {
|
|||
meta = {
|
||||
description = "Nix-based app VMs";
|
||||
homepage = "https://code.dumpstack.io/tools/${pname}";
|
||||
maintainers = [ lib.maintainers.dump_stack ];
|
||||
maintainers = [ lib.maintainers.dump_stack lib.maintainers.cab404 ];
|
||||
license = lib.licenses.gpl3;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,22 +4,20 @@ Installation
|
|||
NixOS
|
||||
-----
|
||||
|
||||
First, clone this repo. Then do this:
|
||||
|
||||
/etc/nixos/configuration.nix::
|
||||
|
||||
virtualisation.libvirtd = {
|
||||
imports = [
|
||||
/path/to/repo/nixos
|
||||
];
|
||||
|
||||
virtualisation.appvm = {
|
||||
enable = true;
|
||||
qemuVerbatimConfig = ''
|
||||
namespaces = []
|
||||
user = "${username}"
|
||||
group = "users"
|
||||
'';
|
||||
user = "${username}";
|
||||
};
|
||||
|
||||
users.users."${username}".extraGroups = [ ... "libvirtd" ];
|
||||
|
||||
shell::
|
||||
|
||||
nix run -f https://code.dumpstack.io/tools/appvm/archive/master.tar.gz -c appvm
|
||||
This is a temporary solution until appvm is upstreamed to nixpkgs or Nix flakes are released.
|
||||
|
||||
Ubuntu 20.04
|
||||
------
|
||||
|
|
|
|||
12
go.mod
12
go.mod
|
|
@ -1,14 +1,14 @@
|
|||
module code.dumpstack.io/tools/appvm
|
||||
|
||||
go 1.14
|
||||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
|
||||
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20190715144809-7b622097a793
|
||||
github.com/go-cmd/cmd v1.1.0
|
||||
github.com/hanwen/go-fuse/v2 v2.0.3
|
||||
github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a // indirect
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20210723161134-761cfeeb5968
|
||||
github.com/go-cmd/cmd v1.3.1
|
||||
github.com/hanwen/go-fuse/v2 v2.1.0
|
||||
github.com/jollheef/go-system v0.0.0-20160710075518-6ed6b1d2b8db
|
||||
github.com/olekukonko/tablewriter v0.0.4
|
||||
github.com/olekukonko/tablewriter v0.0.5
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6
|
||||
)
|
||||
|
|
|
|||
62
go.sum
62
go.sum
|
|
@ -1,36 +1,62 @@
|
|||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
|
||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
|
||||
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
|
||||
github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a h1:E/8AP5dFtMhl5KPJz66Kt9G0n+7Sn41Fy1wv9/jHOrc=
|
||||
github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20190715144809-7b622097a793 h1:+ItaX1GKKT70bYwazNtWeYz8QBfirNC85J70psPGgN0=
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20190715144809-7b622097a793/go.mod h1:PRcPVAAma6zcLpFd4GZrjR/MRpood3TamjKI2m/z/Uw=
|
||||
github.com/go-cmd/cmd v1.1.0 h1:LxXflJCRKNZgoKl/0TJdzIDSGFdik3zxaeyL1yXCTsI=
|
||||
github.com/go-cmd/cmd v1.1.0/go.mod h1:bkfdaV0aMvVwTINGdkU5jlQEd9gF0z4irQutl37pOd8=
|
||||
github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
|
||||
github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20210723161134-761cfeeb5968 h1:ZdYBqLPrXioo+1Z97PWaTK4+jRcS45BI6JlepKtkPKI=
|
||||
github.com/digitalocean/go-libvirt v0.0.0-20210723161134-761cfeeb5968/go.mod h1:o129ljs6alsIQTc8d6eweihqpmmrbxZ2g1jhgjhPykI=
|
||||
github.com/go-cmd/cmd v1.3.1 h1:Scpez/YLL7xBmc1KRxDtHNXnamzQWqF4Sqy9SHnIMfE=
|
||||
github.com/go-cmd/cmd v1.3.1/go.mod h1:VZqpYlBauogsSkJrj8NzQM6r/tztSewD/PfHCVjTdnA=
|
||||
github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
|
||||
github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
|
||||
github.com/hanwen/go-fuse v1.0.0 h1:GxS9Zrn6c35/BnfiVsZVWmsG803xwE7eVRDvcf/BEVc=
|
||||
github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok=
|
||||
github.com/hanwen/go-fuse/v2 v2.0.3 h1:kpV28BKeSyVgZREItBLnaVBvOEwv2PuhNdKetwnvNHo=
|
||||
github.com/hanwen/go-fuse/v2 v2.0.3/go.mod h1:0EQM6aH2ctVpvZ6a+onrQ/vaykxh2GH7hy3e13vzTUY=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.0 h1:+32ffteETaLYClUj0a3aHjZ1hOPxxaNEHiZiujuDaek=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.0/go.mod h1:oRyA5eK+pvJyv5otpO/DgccS8y/RvYMaO00GgRLGryc=
|
||||
github.com/jollheef/go-system v0.0.0-20160710075518-6ed6b1d2b8db h1:HGcWru24Gt24VFEsX7mxKtO+/NnKCuQ0LYtardulWMc=
|
||||
github.com/jollheef/go-system v0.0.0-20160710075518-6ed6b1d2b8db/go.mod h1:Cj2JA+Wov6pwK3QTq2PuRXkZ5UM+DT3apJtBDUS8zKE=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54=
|
||||
github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
|
||||
github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
|
||||
github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
|
||||
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
|
||||
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
|
||||
github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
|
||||
github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522 h1:Ve1ORMCxvRmSXBwJK+t3Oy+V2vRW2OetUQBq4rJIkZE=
|
||||
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
params@{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.virtualisation.appvm;
|
||||
appvm = import ../. params;
|
||||
in with lib; {
|
||||
|
||||
options = {
|
||||
virtualisation.appvm = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
This enables AppVMs and related virtualisation settings.
|
||||
'';
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
AppVM user login. Currenly only AppVMs are supported for a single user only.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
virtualisation.libvirtd = {
|
||||
enable = true;
|
||||
qemuVerbatimConfig = ''
|
||||
namespaces = []
|
||||
user = "${cfg.user}"
|
||||
group = "users"
|
||||
remember_owner = 0
|
||||
'';
|
||||
};
|
||||
|
||||
users.users."${cfg.user}" = {
|
||||
packages = [ appvm ];
|
||||
extraGroups = [ "libvirtd" ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
4
xml.go
4
xml.go
|
|
@ -35,7 +35,7 @@ var qemuParamsDefault = `
|
|||
var qemuParamsWithNetwork = `
|
||||
<qemu:commandline>
|
||||
<qemu:arg value='-device'/>
|
||||
<qemu:arg value='e1000,netdev=net0'/>
|
||||
<qemu:arg value='e1000,netdev=net0,bus=pci.0,addr=0x10'/>
|
||||
<qemu:arg value='-netdev'/>
|
||||
<qemu:arg value='user,id=net0'/>
|
||||
<qemu:arg value='-snapshot'/>
|
||||
|
|
@ -93,7 +93,7 @@ var xmlTmpl = `
|
|||
<!-- filesystems -->
|
||||
<filesystem type='mount' accessmode='passthrough'>
|
||||
<source dir='/nix/store'/>
|
||||
<target dir='store'/>
|
||||
<target dir='nix-store'/>
|
||||
<readonly/>
|
||||
</filesystem>
|
||||
<filesystem type='mount' accessmode='mapped'>
|
||||
|
|
|
|||
Loading…
Reference in New Issue