···
11
+
inherit (builtins) readFile;
12
+
inherit (lib.modules) mkRemovedOptionModule mkRenamedOptionModule mkIf;
13
+
inherit (lib.options)
33
+
inherit (lib.lists) optional optionals;
34
+
inherit (lib.strings) hasSuffix optionalString;
35
+
inherit (lib.meta) getExe;
36
+
inherit (lib.attrsets) optionalAttrs;
37
+
inherit (lib.trivial) boolToString;
38
+
inherit (lib.teams.xen) members;
cfg = config.virtualisation.xen;
xenBootBuilder = pkgs.writeShellApplication {
···
25
-
++ lib.lists.optionals (cfg.efi.bootBuilderVerbosity == "info") (
54
+
++ optionals (cfg.efi.bootBuilderVerbosity == "info") (
···
# We disable SC2016 because we don't want to expand the regexes in the sed commands.
excludeShellChecks = [ "SC2016" ];
39
-
text = builtins.readFile ./xen-boot-builder.sh;
68
+
text = readFile ./xen-boot-builder.sh;
44
-
imports = with lib.modules; [
···
options.virtualisation.xen = {
126
-
enable = lib.options.mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";
155
+
enable = mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";
128
-
debug = lib.options.mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";
157
+
debug = mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";
130
-
trace = lib.options.mkOption {
131
-
type = lib.types.bool;
133
-
defaultText = lib.options.literalExpression "false";
162
+
defaultText = literalExpression "false";
description = "Whether to enable Xen debug tracing and logging for Domain 0.";
138
-
package = lib.options.mkOption {
139
-
type = lib.types.package;
140
-
default = pkgs.xen;
141
-
defaultText = lib.options.literalExpression "pkgs.xen";
142
-
example = lib.options.literalExpression "pkgs.xen-slim";
144
-
The package used for Xen Project Hypervisor.
146
-
relatedPackages = [
167
+
package = mkPackageOption pkgs "Xen Hypervisor" { default = [ "xen" ]; };
153
-
package = lib.options.mkOption {
154
-
type = lib.types.package;
155
-
default = pkgs.xen;
156
-
defaultText = lib.options.literalExpression "pkgs.xen";
157
-
example = lib.options.literalExpression "pkgs.qemu_xen";
159
-
The package with QEMU binaries that runs in Domain 0
160
-
and virtualises the unprivileged domains.
162
-
relatedPackages = [
166
-
comment = "For use with `pkgs.xen-slim`.";
170
+
package = mkPackageOption pkgs "QEMU (with Xen Hypervisor support)" {
171
+
default = [ "qemu_xen" ];
170
-
pidFile = lib.options.mkOption {
171
-
type = lib.types.path;
173
+
pidFile = mkOption {
default = "/run/xen/qemu-dom0.pid";
example = "/var/run/xen/qemu-dom0.pid";
description = "Path to the QEMU PID file.";
178
-
bootParams = lib.options.mkOption {
181
+
bootParams = mkOption {
···
187
-
type = lib.types.listOf lib.types.str;
Xen Command Line parameters passed to Domain 0 at boot time.
Note: these are different from `boot.kernelParams`. See
···
196
-
bootBuilderVerbosity = lib.options.mkOption {
197
-
type = lib.types.enum [
199
+
bootBuilderVerbosity = mkOption {
···
221
-
path = lib.options.mkOption {
222
-
type = lib.types.path;
default = "${cfg.package.boot}/${cfg.package.efi}";
224
-
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";
225
-
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";
227
+
defaultText = literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";
228
+
example = literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";
Path to xen.efi. `pkgs.xen` is patched to install the xen.efi file
on `$boot/boot/xen.efi`, but an unpatched Xen build may install it
···
237
-
maxVCPUs = lib.options.mkOption {
240
+
maxVCPUs = mkOption {
240
-
type = lib.types.ints.unsigned;
243
+
type = ints.unsigned;
Amount of virtual CPU cores allocated to Domain 0 on boot.
If set to 0, all cores are assigned to Domain 0, and
···
248
-
memory = lib.options.mkOption {
251
+
memory = mkOption {
251
-
type = lib.types.ints.unsigned;
254
+
type = ints.unsigned;
Amount of memory (in MiB) allocated to Domain 0 on boot.
If set to 0, all memory is assigned to Domain 0, and
···
259
-
maxMemory = lib.options.mkOption {
262
+
maxMemory = mkOption {
default = cfg.dom0Resources.memory;
261
-
defaultText = lib.options.literalExpression "config.virtualisation.xen.dom0Resources.memory";
264
+
defaultText = literalExpression "config.virtualisation.xen.dom0Resources.memory";
263
-
type = lib.types.ints.unsigned;
266
+
type = ints.unsigned;
Maximum amount of memory (in MiB) that Domain 0 can
dynamically allocate to itself. Does nothing if set
···
274
-
extraConfig = lib.options.mkOption {
275
-
type = lib.types.lines;
277
+
extraConfig = mkOption {
XENDOMAINS_SAVE=/persist/xen/save
···
291
-
path = lib.options.mkOption {
292
-
type = lib.types.path;
default = "${cfg.package}/bin/oxenstored";
294
-
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";
295
-
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";
297
+
defaultText = literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";
298
+
example = literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";
Path to the Xen Store Daemon. This option is useful to
switch between the legacy C-based Xen Store Daemon, and
the newer OCaml-based Xen Store Daemon, `oxenstored`.
302
-
type = lib.options.mkOption {
303
-
type = lib.types.enum [
307
-
default = if (lib.strings.hasSuffix "oxenstored" cfg.store.path) then "ocaml" else "c";
310
+
default = if (hasSuffix "oxenstored" cfg.store.path) then "ocaml" else "c";
description = "Helper internal option that determines the type of the Xen Store Daemon based on cfg.store.path.";
312
-
settings = lib.options.mkOption {
315
+
settings = mkOption {
···
The OCaml-based Xen Store Daemon configuration. This
option does nothing with the C-based `xenstored`.
327
-
type = lib.types.submodule {
329
-
pidFile = lib.options.mkOption {
332
+
pidFile = mkOption {
default = "/run/xen/xenstored.pid";
example = "/var/run/xen/xenstored.pid";
332
-
type = lib.types.path;
description = "Path to the Xen Store Daemon PID file.";
335
-
testEAGAIN = lib.options.mkOption {
338
+
testEAGAIN = mkOption {
337
-
defaultText = lib.options.literalExpression "config.virtualisation.xen.debug";
340
+
defaultText = literalExpression "config.virtualisation.xen.debug";
339
-
type = lib.types.bool;
description = "Randomly fail a transaction with EAGAIN. This option is used for debugging purposes only.";
343
-
enableMerge = lib.options.mkOption {
346
+
enableMerge = mkOption {
346
-
type = lib.types.bool;
description = "Whether to enable transaction merge support.";
350
-
burstLimit = lib.options.mkOption {
353
+
burstLimit = mkOption {
353
-
type = lib.types.addCheck (
name = "nonnegativeFloat";
description = "nonnegative floating point number, meaning >=0";
···
domain's requests are ignored.
372
-
maxHistorySeconds = lib.options.mkOption {
375
+
maxHistorySeconds = mkOption {
375
-
type = lib.types.addCheck (
376
-
lib.types.float // { description = "nonnegative floating point number, meaning >=0"; }
378
+
type = addCheck (float // { description = "nonnegative floating point number, meaning >=0"; }) (
Limits applied to domains whose writes cause other domains' transaction
commits to fail. Must include decimal point.
···
is the minimum pause-time during which a domain will be ignored.
387
-
rateLimitIsAggregate = lib.options.mkOption {
390
+
rateLimitIsAggregate = mkOption {
390
-
type = lib.types.bool;
If the conflict.rateLimitIsAggregate option is `true`, then after each
tick one point of conflict-credit is given to just one domain: the
···
411
-
enable = lib.options.mkOption {
414
+
enable = mkOption {
414
-
type = lib.types.bool;
description = "Whether to enable the node permission system.";
417
-
enableWatch = lib.options.mkOption {
420
+
enableWatch = mkOption {
420
-
type = lib.types.bool;
Whether to enable the watch permission system.
···
435
-
enable = lib.options.mkOption {
438
+
enable = mkOption {
438
-
type = lib.types.bool;
description = "Whether to enable the quota system.";
441
-
maxEntity = lib.options.mkOption {
444
+
maxEntity = mkOption {
444
-
type = lib.types.ints.positive;
447
+
type = ints.positive;
description = "Entity limit for transactions.";
447
-
maxSize = lib.options.mkOption {
450
+
maxSize = mkOption {
450
-
type = lib.types.ints.positive;
453
+
type = ints.positive;
description = "Size limit for transactions.";
453
-
maxWatch = lib.options.mkOption {
456
+
maxWatch = mkOption {
456
-
type = lib.types.ints.positive;
459
+
type = ints.positive;
description = "Maximum number of watches by the Xenstore Watchdog.";
459
-
transaction = lib.options.mkOption {
462
+
transaction = mkOption {
462
-
type = lib.types.ints.positive;
465
+
type = ints.positive;
description = "Maximum number of transactions.";
465
-
maxRequests = lib.options.mkOption {
468
+
maxRequests = mkOption {
468
-
type = lib.types.ints.positive;
471
+
type = ints.positive;
description = "Maximum number of requests per transaction.";
471
-
maxPath = lib.options.mkOption {
474
+
maxPath = mkOption {
474
-
type = lib.types.ints.positive;
477
+
type = ints.positive;
description = "Path limit for the quota system.";
477
-
maxOutstanding = lib.options.mkOption {
480
+
maxOutstanding = mkOption {
480
-
type = lib.types.ints.positive;
483
+
type = ints.positive;
description = "Maximum outstanding requests, i.e. in-flight requests / domain.";
483
-
maxWatchEvents = lib.options.mkOption {
486
+
maxWatchEvents = mkOption {
486
-
type = lib.types.ints.positive;
489
+
type = ints.positive;
description = "Maximum number of outstanding watch events per watch.";
490
-
persistent = lib.options.mkOption {
493
+
persistent = mkOption {
493
-
type = lib.types.bool;
description = "Whether to activate the filed base backend.";
498
-
file = lib.options.mkOption {
default = "/var/log/xen/xenstored.log";
501
-
type = lib.types.path;
description = "Path to the Xen Store log file.";
504
-
level = lib.options.mkOption {
default = if cfg.trace then "debug" else null;
506
-
defaultText = lib.options.literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";
509
+
defaultText = literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";
508
-
type = lib.types.nullOr (
511
+
type = nullOr (enum [
description = "Logging level for the Xen Store.";
# The hidden options below have no upstream documentation whatsoever.
# The nb* options appear to alter the log rotation behaviour, and
# the specialOps option appears to affect the Xenbus logging logic.
521
-
nbFiles = lib.options.mkOption {
522
+
nbFiles = mkOption {
524
-
type = lib.types.int;
description = "Set `xenstored-log-nb-files`.";
530
-
file = lib.options.mkOption {
default = "/var/log/xen/xenstored-access.log";
example = "/var/log/security/xenstored-access.log";
533
-
type = lib.types.path;
description = "Path to the Xen Store access log file.";
536
-
nbLines = lib.options.mkOption {
537
+
nbLines = mkOption {
539
-
type = lib.types.int;
description = "Set `access-log-nb-lines`.";
543
-
nbChars = lib.options.mkOption {
544
+
nbChars = mkOption {
546
-
type = lib.types.int;
description = "Set `acesss-log-nb-chars`.";
550
-
specialOps = lib.options.mkOption {
551
+
specialOps = mkOption {
553
-
type = lib.types.bool;
description = "Set `access-log-special-ops`.";
559
-
kva = lib.options.mkOption {
default = "/proc/xen/xsd_kva";
example = cfg.store.settings.xenstored.xenfs.kva;
562
-
type = lib.types.path;
Path to the Xen Store Daemon KVA location inside the XenFS pseudo-filesystem.
While it is possible to alter this value, some drivers may be hardcoded to follow the default paths.
569
-
port = lib.options.mkOption {
default = "/proc/xen/xsd_port";
example = cfg.store.settings.xenstored.xenfs.port;
572
-
type = lib.types.path;
Path to the Xen Store Daemon userspace port inside the XenFS pseudo-filesystem.
···
581
-
ringScanInterval = lib.options.mkOption {
582
+
ringScanInterval = mkOption {
584
-
type = lib.types.addCheck (
description = "nonzero signed integer, meaning !=0";
···
605
-
config = lib.modules.mkIf cfg.enable {
606
+
config = mkIf cfg.enable {
assertion = pkgs.stdenv.hostPlatform.isx86_64;
···
virtualisation.xen.bootParams =
642
-
lib.lists.optionals cfg.trace [
643
+
optionals cfg.trace [
647
-
lib.lists.optional (cfg.dom0Resources.memory != 0)
648
+
optional (cfg.dom0Resources.memory != 0)
"dom0_mem=${toString cfg.dom0Resources.memory}M${
649
-
lib.strings.optionalString (
cfg.dom0Resources.memory != cfg.dom0Resources.maxMemory
) ",max:${toString cfg.dom0Resources.maxMemory}M"
653
-
++ lib.lists.optional (
cfg.dom0Resources.maxVCPUs != 0
) "dom0_max_vcpus=${toString cfg.dom0Resources.maxVCPUs}";
···
# See the `xenBootBuilder` script in the main `let...in` statement of this file.
loader.systemd-boot.extraInstallCommands = ''
704
-
${lib.meta.getExe xenBootBuilder} ${cfg.efi.bootBuilderVerbosity}
705
+
${getExe xenBootBuilder} ${cfg.efi.bootBuilderVerbosity}
···
XENSTORED="${cfg.store.path}"
QEMU_XEN="${cfg.qemu.package}/${cfg.qemu.package.qemu-system-i386}"
747
-
${lib.strings.optionalString cfg.trace ''
748
+
${optionalString cfg.trace ''
···
# The OCaml-based Xen Store Daemon requires /etc/xen/oxenstored.conf to start.
759
-
// lib.attrsets.optionalAttrs (cfg.store.type == "ocaml") {
760
+
// optionalAttrs (cfg.store.type == "ocaml") {
"xen/oxenstored.conf".text = ''
pid-file = ${cfg.store.settings.pidFile}
762
-
test-eagain = ${lib.trivial.boolToString cfg.store.settings.testEAGAIN}
763
+
test-eagain = ${boolToString cfg.store.settings.testEAGAIN}
merge-activate = ${toString cfg.store.settings.enableMerge}
conflict-burst-limit = ${toString cfg.store.settings.conflict.burstLimit}
conflict-max-history-seconds = ${toString cfg.store.settings.conflict.maxHistorySeconds}
···
quota-path-max = ${toString cfg.store.settings.quota.maxPath}
quota-maxoutstanding = ${toString cfg.store.settings.quota.maxOutstanding}
quota-maxwatchevents = ${toString cfg.store.settings.quota.maxWatchEvents}
778
-
persistent = ${lib.trivial.boolToString cfg.store.settings.persistent}
779
+
persistent = ${boolToString cfg.store.settings.persistent}
xenstored-log-file = ${cfg.store.settings.xenstored.log.file}
if isNull cfg.store.settings.xenstored.log.level then
···
access-log-file = ${cfg.store.settings.xenstored.accessLog.file}
access-log-nb-lines = ${toString cfg.store.settings.xenstored.accessLog.nbLines}
acesss-log-nb-chars = ${toString cfg.store.settings.xenstored.accessLog.nbChars}
790
-
access-log-special-ops = ${lib.trivial.boolToString cfg.store.settings.xenstored.accessLog.specialOps}
791
+
access-log-special-ops = ${boolToString cfg.store.settings.xenstored.accessLog.specialOps}
ring-scan-interval = ${toString cfg.store.settings.ringScanInterval}
xenstored-kva = ${cfg.store.settings.xenstored.xenfs.kva}
xenstored-port = ${cfg.store.settings.xenstored.xenfs.port}
···
873
-
meta.maintainers = lib.teams.xen.members;
874
+
meta.maintainers = members;
pyrox.dev