Add comments
This commit is contained in:
parent
b53ab2fae4
commit
3c402009ba
|
|
@ -2,6 +2,7 @@
|
|||
let
|
||||
packageName = "custom-nixos-vm";
|
||||
|
||||
# Determine `system.build` configuration without this file's influence
|
||||
mergedBuildOption =
|
||||
with options.system;
|
||||
lib.mergeDefinitions
|
||||
|
|
@ -15,10 +16,12 @@ let
|
|||
build.definitionsWithLocations)
|
||||
(item: { inherit (item) file value; }));
|
||||
|
||||
# Get vanilla `config.system.build.vm`
|
||||
vanillaVM = mergedBuildOption.mergedValue.vm;
|
||||
in {
|
||||
options =
|
||||
let
|
||||
# Add new options to `config.virtualisation.vmVariant` and `config.virtualisation.vmVariantWithBootLoader`
|
||||
vmVariantOptions = {
|
||||
virtualisation = {
|
||||
runAsRoot = lib.mkOption {
|
||||
|
|
@ -70,11 +73,14 @@ in {
|
|||
let
|
||||
extendVMConfig =
|
||||
vmVariant: {
|
||||
# Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader`
|
||||
boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot";
|
||||
|
||||
virtualisation = {
|
||||
# Enable root permissions to get access to the `/etc/ssh` directory
|
||||
runAsRoot = lib.mkIf vmVariant.virtualisation.sharedHostKeys true;
|
||||
|
||||
# Enable spice and run QEMU in background to let `remote-viewer` take over
|
||||
qemu = {
|
||||
spice.enable = lib.mkIf vmVariant.virtualisation.virt-viewer true;
|
||||
runInBackground = lib.mkIf vmVariant.virtualisation.virt-viewer true;
|
||||
|
|
@ -93,6 +99,7 @@ in {
|
|||
])));
|
||||
};
|
||||
|
||||
# Map SSH keys into the vm if necessary
|
||||
sharedDirectories = lib.optionalAttrs (vmVariant.virtualisation.sharedHostKeys) {
|
||||
hostKeys =
|
||||
let
|
||||
|
|
@ -111,7 +118,6 @@ in {
|
|||
vmVariantWithBootLoader = extendVMConfig virtualisation.vmVariantWithBootLoader;
|
||||
};
|
||||
|
||||
# Replace native `qemu` with `remote-viewer`
|
||||
system.build =
|
||||
{
|
||||
vm = lib.mkForce (
|
||||
|
|
@ -124,6 +130,7 @@ in {
|
|||
let
|
||||
originalCommand = "${vm}/bin/run-${config.system.name}-vm";
|
||||
|
||||
# Have the command run in background if requested
|
||||
suffix =
|
||||
lib.concatStringsSep " " (
|
||||
lib.optional config.virtualisation.qemu.runInBackground "&");
|
||||
|
|
@ -135,18 +142,21 @@ in {
|
|||
"${originalCommand} ${suffix}"
|
||||
] ++ (
|
||||
let
|
||||
spice = config.virtualisation.qemu.spice;
|
||||
# Run `remote-viewer` as normal user to limit access
|
||||
viewerPrefix = "sudo -Eu\"#$SUDO_UID\" ";
|
||||
spice = config.virtualisation.qemu.spice;
|
||||
in
|
||||
(
|
||||
lib.optionals
|
||||
config.virtualisation.virt-viewer
|
||||
[
|
||||
"${viewerPrefix}${pkgs.virt-viewer}/bin/remote-viewer spice://${lib.escapeShellArg spice.bindAddress}:${toString spice.port}"
|
||||
# Kill QEMU after `remote-viewer` finished running
|
||||
"kill %1"
|
||||
])));
|
||||
};
|
||||
|
||||
# Run VM as root if requested
|
||||
wrapped =
|
||||
if !config.virtualisation.runAsRoot
|
||||
then
|
||||
|
|
|
|||
Loading…
Reference in a new issue