From 7c10e3a6a6438d7317afd49eefd2abade8165603 Mon Sep 17 00:00:00 2001 From: Manuel Bluhm Date: Wed, 9 Oct 2024 19:35:50 +0400 Subject: [PATCH] Switch vm boot to systemd in initrd - enable systemd boot in initrd by default - add systemd verbosity flag - add device path in storagevm to allow impermanence to mount fs Signed-off-by: Manuel Bluhm --- modules/common/systemd/base.nix | 28 +++++++++++++++++++ modules/common/systemd/boot.nix | 24 +++++++++++----- .../virtualization/microvm/audiovm.nix | 2 ++ .../microvm/common/storagevm.nix | 3 +- .../virtualization/microvm/microvm-host.nix | 2 +- 5 files changed, 50 insertions(+), 9 deletions(-) diff --git a/modules/common/systemd/base.nix b/modules/common/systemd/base.nix index 3f1d4a6cf..786542ca4 100644 --- a/modules/common/systemd/base.nix +++ b/modules/common/systemd/base.nix @@ -16,6 +16,7 @@ let mkIf mkForce types + optionalAttrs ; # Override minimal systemd package configuration @@ -150,6 +151,12 @@ let "systemd-networkd.service" "systemd-networkd.socket" ]) + ++ (lib.optionals (!cfg.withAudio) [ + "sound.target" + ]) + ++ (lib.optionals (!cfg.withBluetooth) [ + "bluetooth.target" + ]) ++ (lib.optionals (!cfg.withDebug) [ ## Units kept with debug "kbrequest.target" @@ -307,11 +314,29 @@ in default = false; }; + withAudio = mkOption { + description = "Enable audio functionality."; + type = types.bool; + default = false; + }; + + withBluetooth = mkOption { + description = "Enable bluetooth functionality."; + type = types.bool; + default = false; + }; + withDebug = mkOption { description = "Enable systemd debug functionality."; type = types.bool; default = false; }; + + verboseLogs = mkOption { + description = "Increase systemd log verbosity."; + type = types.bool; + default = false; + }; }; config = mkIf cfg.enable { @@ -324,6 +349,9 @@ in # Misc. configurations enableEmergencyMode = cfg.withDebug; coredump.enable = cfg.withDebug || cfg.withMachines; + managerEnvironment = optionalAttrs cfg.verboseLogs { + SYSTEMD_LOG_LEVEL = "debug"; + }; # Service startup optimization services.systemd-networkd-wait-online.enable = mkForce false; diff --git a/modules/common/systemd/boot.nix b/modules/common/systemd/boot.nix index 41b2c72f2..4fe51bec1 100644 --- a/modules/common/systemd/boot.nix +++ b/modules/common/systemd/boot.nix @@ -11,7 +11,12 @@ let cfg = config.ghaf.systemd.boot; cfgBase = config.ghaf.systemd; - inherit (lib) mkEnableOption mkIf optionals; + inherit (lib) + mkIf + optionals + mkOption + optionalAttrs + ; # Package configuration package = pkgs.systemdMinimal.override ( @@ -33,8 +38,7 @@ let # Suppressed initrd systemd units suppressedUnits = - [ "multi-user.target" ] - ++ (lib.optionals ((!cfgBase.withDebug) && (!cfgBase.withJournal)) [ + (lib.optionals ((!cfgBase.withDebug) && (!cfgBase.withJournal)) [ "systemd-journald.service" "systemd-journald.socket" "systemd-journald-dev-log.socket" @@ -54,23 +58,29 @@ let in { options.ghaf.systemd.boot = { - enable = mkEnableOption "Enable systemd in stage 1 of the boot (initrd)."; + enable = mkOption { + default = config.ghaf.systemd.enable; + description = "Enable systemd in stage 1 of the boot (initrd)."; + }; }; config = mkIf cfg.enable { boot.initrd = { - verbose = config.ghaf.profiles.debug.enable; + verbose = cfgBase.verboseLogs; services.lvm.enable = true; systemd = { enable = true; inherit package; inherit suppressedUnits; - emergencyAccess = config.ghaf.profiles.debug.enable; + emergencyAccess = cfgBase.withDebug; tpm2.enable = cfgBase.withTpm2Tss; - initrdBin = optionals config.ghaf.profiles.debug.enable [ + initrdBin = optionals cfgBase.withDebug [ pkgs.lvm2 pkgs.util-linux ]; + managerEnvironment = optionalAttrs cfgBase.verboseLogs { + SYSTEMD_LOG_LEVEL = "debug"; + }; }; }; }; diff --git a/modules/microvm/virtualization/microvm/audiovm.nix b/modules/microvm/virtualization/microvm/audiovm.nix index 64c47cab1..8918fd6b6 100644 --- a/modules/microvm/virtualization/microvm/audiovm.nix +++ b/modules/microvm/virtualization/microvm/audiovm.nix @@ -52,6 +52,8 @@ let enable = true; withName = "audiovm-systemd"; withAudit = configHost.ghaf.profiles.debug.enable; + withAudio = true; + withBluetooth = true; withNss = true; withResolved = true; withTimesyncd = true; diff --git a/modules/microvm/virtualization/microvm/common/storagevm.nix b/modules/microvm/virtualization/microvm/common/storagevm.nix index 3cb4621b3..15e3b84e0 100644 --- a/modules/microvm/virtualization/microvm/common/storagevm.nix +++ b/modules/microvm/virtualization/microvm/common/storagevm.nix @@ -63,13 +63,14 @@ in config = lib.mkIf cfg.enable { fileSystems.${mountPath} = { neededForBoot = true; - options = lib.mkForce [ + options = [ "rw" "nodev" "nosuid" "noexec" ]; }; + virtualisation.fileSystems.${mountPath}.device = "/dev/vda"; microvm.shares = [ { diff --git a/modules/microvm/virtualization/microvm/microvm-host.nix b/modules/microvm/virtualization/microvm/microvm-host.nix index f049cdc80..e0a129a43 100644 --- a/modules/microvm/virtualization/microvm/microvm-host.nix +++ b/modules/microvm/virtualization/microvm/microvm-host.nix @@ -44,10 +44,10 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { microvm.host.enable = true; + microvm.host.useNotifySockets = true; ghaf.systemd = { withName = "host-systemd"; enable = true; - boot.enable = true; withAudit = config.ghaf.profiles.debug.enable; withPolkit = true; withTpm2Tss = pkgs.stdenv.hostPlatform.isx86;