···
cfg = config.virtualisation.xen;
xenBootBuilder = pkgs.writeShellApplication {
···
-
++ lib.lists.optionals (cfg.efi.bootBuilderVerbosity == "info") (
···
# We disable SC2016 because we don't want to expand the regexes in the sed commands.
excludeShellChecks = [ "SC2016" ];
-
text = builtins.readFile ./xen-boot-builder.sh;
-
imports = with lib.modules; [
···
options.virtualisation.xen = {
-
enable = lib.options.mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";
-
debug = lib.options.mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";
-
trace = lib.options.mkOption {
-
defaultText = lib.options.literalExpression "false";
description = "Whether to enable Xen debug tracing and logging for Domain 0.";
-
package = lib.options.mkOption {
-
type = lib.types.package;
-
defaultText = lib.options.literalExpression "pkgs.xen";
-
example = lib.options.literalExpression "pkgs.xen-slim";
-
The package used for Xen Project Hypervisor.
-
package = lib.options.mkOption {
-
type = lib.types.package;
-
defaultText = lib.options.literalExpression "pkgs.xen";
-
example = lib.options.literalExpression "pkgs.qemu_xen";
-
The package with QEMU binaries that runs in Domain 0
-
and virtualises the unprivileged domains.
-
comment = "For use with `pkgs.xen-slim`.";
-
pidFile = lib.options.mkOption {
default = "/run/xen/qemu-dom0.pid";
example = "/var/run/xen/qemu-dom0.pid";
description = "Path to the QEMU PID file.";
-
bootParams = lib.options.mkOption {
···
-
type = lib.types.listOf lib.types.str;
Xen Command Line parameters passed to Domain 0 at boot time.
Note: these are different from `boot.kernelParams`. See
···
-
bootBuilderVerbosity = lib.options.mkOption {
-
type = lib.types.enum [
···
-
path = lib.options.mkOption {
default = "${cfg.package.boot}/${cfg.package.efi}";
-
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";
-
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";
Path to xen.efi. `pkgs.xen` is patched to install the xen.efi file
on `$boot/boot/xen.efi`, but an unpatched Xen build may install it
···
-
maxVCPUs = lib.options.mkOption {
-
type = lib.types.ints.unsigned;
Amount of virtual CPU cores allocated to Domain 0 on boot.
If set to 0, all cores are assigned to Domain 0, and
···
-
memory = lib.options.mkOption {
-
type = lib.types.ints.unsigned;
Amount of memory (in MiB) allocated to Domain 0 on boot.
If set to 0, all memory is assigned to Domain 0, and
···
-
maxMemory = lib.options.mkOption {
default = cfg.dom0Resources.memory;
-
defaultText = lib.options.literalExpression "config.virtualisation.xen.dom0Resources.memory";
-
type = lib.types.ints.unsigned;
Maximum amount of memory (in MiB) that Domain 0 can
dynamically allocate to itself. Does nothing if set
···
-
extraConfig = lib.options.mkOption {
-
type = lib.types.lines;
XENDOMAINS_SAVE=/persist/xen/save
···
-
path = lib.options.mkOption {
default = "${cfg.package}/bin/oxenstored";
-
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";
-
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";
Path to the Xen Store Daemon. This option is useful to
switch between the legacy C-based Xen Store Daemon, and
the newer OCaml-based Xen Store Daemon, `oxenstored`.
-
type = lib.options.mkOption {
-
type = lib.types.enum [
-
default = if (lib.strings.hasSuffix "oxenstored" cfg.store.path) then "ocaml" else "c";
description = "Helper internal option that determines the type of the Xen Store Daemon based on cfg.store.path.";
-
settings = lib.options.mkOption {
···
The OCaml-based Xen Store Daemon configuration. This
option does nothing with the C-based `xenstored`.
-
type = lib.types.submodule {
-
pidFile = lib.options.mkOption {
default = "/run/xen/xenstored.pid";
example = "/var/run/xen/xenstored.pid";
description = "Path to the Xen Store Daemon PID file.";
-
testEAGAIN = lib.options.mkOption {
-
defaultText = lib.options.literalExpression "config.virtualisation.xen.debug";
description = "Randomly fail a transaction with EAGAIN. This option is used for debugging purposes only.";
-
enableMerge = lib.options.mkOption {
description = "Whether to enable transaction merge support.";
-
burstLimit = lib.options.mkOption {
-
type = lib.types.addCheck (
name = "nonnegativeFloat";
description = "nonnegative floating point number, meaning >=0";
···
domain's requests are ignored.
-
maxHistorySeconds = lib.options.mkOption {
-
type = lib.types.addCheck (
-
lib.types.float // { description = "nonnegative floating point number, meaning >=0"; }
Limits applied to domains whose writes cause other domains' transaction
commits to fail. Must include decimal point.
···
is the minimum pause-time during which a domain will be ignored.
-
rateLimitIsAggregate = lib.options.mkOption {
If the conflict.rateLimitIsAggregate option is `true`, then after each
tick one point of conflict-credit is given to just one domain: the
···
-
enable = lib.options.mkOption {
description = "Whether to enable the node permission system.";
-
enableWatch = lib.options.mkOption {
Whether to enable the watch permission system.
···
-
enable = lib.options.mkOption {
description = "Whether to enable the quota system.";
-
maxEntity = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Entity limit for transactions.";
-
maxSize = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Size limit for transactions.";
-
maxWatch = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Maximum number of watches by the Xenstore Watchdog.";
-
transaction = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Maximum number of transactions.";
-
maxRequests = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Maximum number of requests per transaction.";
-
maxPath = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Path limit for the quota system.";
-
maxOutstanding = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Maximum outstanding requests, i.e. in-flight requests / domain.";
-
maxWatchEvents = lib.options.mkOption {
-
type = lib.types.ints.positive;
description = "Maximum number of outstanding watch events per watch.";
-
persistent = lib.options.mkOption {
description = "Whether to activate the filed base backend.";
-
file = lib.options.mkOption {
default = "/var/log/xen/xenstored.log";
description = "Path to the Xen Store log file.";
-
level = lib.options.mkOption {
default = if cfg.trace then "debug" else null;
-
defaultText = lib.options.literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";
-
type = lib.types.nullOr (
description = "Logging level for the Xen Store.";
# The hidden options below have no upstream documentation whatsoever.
# The nb* options appear to alter the log rotation behaviour, and
# the specialOps option appears to affect the Xenbus logging logic.
-
nbFiles = lib.options.mkOption {
description = "Set `xenstored-log-nb-files`.";
-
file = lib.options.mkOption {
default = "/var/log/xen/xenstored-access.log";
example = "/var/log/security/xenstored-access.log";
description = "Path to the Xen Store access log file.";
-
nbLines = lib.options.mkOption {
description = "Set `access-log-nb-lines`.";
-
nbChars = lib.options.mkOption {
description = "Set `acesss-log-nb-chars`.";
-
specialOps = lib.options.mkOption {
description = "Set `access-log-special-ops`.";
-
kva = lib.options.mkOption {
default = "/proc/xen/xsd_kva";
example = cfg.store.settings.xenstored.xenfs.kva;
Path to the Xen Store Daemon KVA location inside the XenFS pseudo-filesystem.
While it is possible to alter this value, some drivers may be hardcoded to follow the default paths.
-
port = lib.options.mkOption {
default = "/proc/xen/xsd_port";
example = cfg.store.settings.xenstored.xenfs.port;
Path to the Xen Store Daemon userspace port inside the XenFS pseudo-filesystem.
···
-
ringScanInterval = lib.options.mkOption {
-
type = lib.types.addCheck (
description = "nonzero signed integer, meaning !=0";
···
-
config = lib.modules.mkIf cfg.enable {
assertion = pkgs.stdenv.hostPlatform.isx86_64;
···
virtualisation.xen.bootParams =
-
lib.lists.optionals cfg.trace [
-
lib.lists.optional (cfg.dom0Resources.memory != 0)
"dom0_mem=${toString cfg.dom0Resources.memory}M${
-
lib.strings.optionalString (
cfg.dom0Resources.memory != cfg.dom0Resources.maxMemory
) ",max:${toString cfg.dom0Resources.maxMemory}M"
-
++ lib.lists.optional (
cfg.dom0Resources.maxVCPUs != 0
) "dom0_max_vcpus=${toString cfg.dom0Resources.maxVCPUs}";
···
# See the `xenBootBuilder` script in the main `let...in` statement of this file.
loader.systemd-boot.extraInstallCommands = ''
-
${lib.meta.getExe xenBootBuilder} ${cfg.efi.bootBuilderVerbosity}
···
XENSTORED="${cfg.store.path}"
QEMU_XEN="${cfg.qemu.package}/${cfg.qemu.package.qemu-system-i386}"
-
${lib.strings.optionalString cfg.trace ''
···
# The OCaml-based Xen Store Daemon requires /etc/xen/oxenstored.conf to start.
-
// lib.attrsets.optionalAttrs (cfg.store.type == "ocaml") {
"xen/oxenstored.conf".text = ''
pid-file = ${cfg.store.settings.pidFile}
-
test-eagain = ${lib.trivial.boolToString cfg.store.settings.testEAGAIN}
merge-activate = ${toString cfg.store.settings.enableMerge}
conflict-burst-limit = ${toString cfg.store.settings.conflict.burstLimit}
conflict-max-history-seconds = ${toString cfg.store.settings.conflict.maxHistorySeconds}
···
quota-path-max = ${toString cfg.store.settings.quota.maxPath}
quota-maxoutstanding = ${toString cfg.store.settings.quota.maxOutstanding}
quota-maxwatchevents = ${toString cfg.store.settings.quota.maxWatchEvents}
-
persistent = ${lib.trivial.boolToString cfg.store.settings.persistent}
xenstored-log-file = ${cfg.store.settings.xenstored.log.file}
if isNull cfg.store.settings.xenstored.log.level then
···
access-log-file = ${cfg.store.settings.xenstored.accessLog.file}
access-log-nb-lines = ${toString cfg.store.settings.xenstored.accessLog.nbLines}
acesss-log-nb-chars = ${toString cfg.store.settings.xenstored.accessLog.nbChars}
-
access-log-special-ops = ${lib.trivial.boolToString cfg.store.settings.xenstored.accessLog.specialOps}
ring-scan-interval = ${toString cfg.store.settings.ringScanInterval}
xenstored-kva = ${cfg.store.settings.xenstored.xenfs.kva}
xenstored-port = ${cfg.store.settings.xenstored.xenfs.port}
···
-
meta.maintainers = lib.teams.xen.members;
pyrox.dev