The service unnecessarily populates /etc/qemu with a symlink, so it's not
possible to write files like /etc/qemu/bridge.conf or /etc/qemu/host.conf
anymore. Since etc-service-type uses file-union, it's possible to put files in
subdirectories. This restores the behavior suggested by manual where user can
extend etc-service-type with qemu/host.conf etc.
* gnu/services/virtualization.scm (/etc/qemu/firmware): Extend with
qemu/firmware instead of qemu
Change-Id: I7c1ea790e5abf7ad05dce56b7901ac6eb90208fd
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/virtualization.scm (libvirt-configuration): Fix typos and
punctuation, and decorate with more Texinfo adornments. Remove extraneous
text. Convert enumerations to sentences re-generating the Texinfo
documentation with configuration->documentation doesn't require fixing these
by hand after (the text is re-flowed, breaking enumerations). Mention the use
of 'log-filters' is preferable to 'log-level', as commented in the defaut
libvirt.conf template.
* doc/guix.texi (Virtualization Services): Re-generate.
Change-Id: Icc2abe21a787b4bb6ac3b35a95f6aaaf3bbda9aa
* gnu/services/virtualization.scm (qemu-binfmt-shepherd-services)
[requirement]: Add file-system-/gnu/store.
qemu-binfmt service write references to the store to
/proc/sys/fs/binfmt_misc/qemu-[architecture] files, therefore
/gnu/store needs to be mounted during the lifetime of the service
instance. If /gnu/store does not remain mounted, the issues
discussed by nigko and Rutherther on IRC are arisen:
https://logs.guix.gnu.org/guix/2025-04-05.loghttps://logs.guix.gnu.org/guix/2025-04-08.log
Change-Id: I7e7a42a5ba0e39aa58c997739898f3457dd793a9
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This makes libvirt able to boot images that require a UEFI bootloader, with
the available firmwares exposed to libvirt made configurable via a new
configuration field. For more background on the problem this fixes, see the
same issue that was reported in NixOS (see:
https://github.com/NixOS/nixpkgs/issues/115996).
* gnu/services/virtualization.scm: (list-of-file-likes?): New predicate.
(libvirt-configuration): [firmwares]: New field.
(/etc/qemu/firmware): New procedure.
(libvirt-service-type): Extend the etc-service-type with it.
(generate-libvirt-documentation): Delete obsolete procedure.
* doc/guix.texi: Re-generate doc.
* gnu/tests/virtualization.scm (run-libvirt-test): Augment memory from 256 to
512 MiB. Test it.
Series-to: 77110@debbugs.gnu.org
Change-Id: I40694964405f13681520bf1e28b7365b0200d8f7
This is a follow-up to commit 614ba97d98 ("gnu: libvirt: Fix path to Linux
modules.gnu: libvirt: Fix path to Linux modules."), which I had inadvertently
broken with a small change before applying. Apologies!
* gnu/services/virtualization.scm (libvirt-shepherd-service): Add missing
string append to form LINUX_MODULE_DIRECTORY variable definition.
Change-Id: I304bdf20584d475fb01e3da995f0eddf430fb73b
The uptime/ /proc/loadavg reporting in the Hurd is 1.0 for a machine without
load. This may have been caused by recent SMP work.
* gnu/services/virtualization.scm (hurd-vm-guix-extension): Set
overload-threshold to 1.8 to allow offloading to actually happen.
Change-Id: I2b5be4d8e8d884cba767702f9cdccf91717eb95d
This allows us to use %base-services/hurd for services in a Hurd config for a
real machine without removing static-networking.
* gnu/system/hurd.scm (%base-services/hurd): Factor networking out to...
(%base-services+qemu-networking/hurd): ..this new variable.
* gnu/system/examples/bare-hurd.tmpl (%hurd-os): Use it.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Use it.
* gnu/system/images/hurd.scm (hurd-barebones-os): Use it. Add comment about
QEMU and networking for a real machine.
Change-Id: I777a63410383b9bf8b5740e4513dbc1e9fb0fd41
These are useless when offloading yet were causing problems on systems
where the default substitute servers are unreachable.
* gnu/services/virtualization.scm (%virtual-build-machine-operating-system):
Add ‘use-substitutes?’ field to ‘guix-configuration’.
Change-Id: I7d5e380a6f2e2d537de43fdb3c550958ed4db255
This is a followup to e0ade40c2b, which
didn’t have the desired effect.
* gnu/services/virtualization.scm (virtual-build-machine-default-image):
Add ‘volatile-root?’ field.
Change-Id: I1a622f22cdd0f8f83860a6eb4a852518db3b46b7
* gnu/services/virtualization.scm (check-vm-availability): Check the
value of ‘live-service-running’.
Change-Id: Iba858ea0fa417d9276e026b72b4b78791932482e
So far the partition had too little free space.
* gnu/services/virtualization.scm (%default-virtual-build-machine-image-size):
New variable.
(virtual-build-machine-default-image): Define ‘partitions’ field.
Change-Id: Iffe0f316eecad8754d29f8c811cdc4836a818a3f
This provides /dev/pts and other things that are important for
builds (for example, Python 2.x has ‘openpty’ unit tests that can only
succeed when /dev/pts is available.)
* gnu/services/virtualization.scm (%virtual-build-machine-operating-system)
[file-systems]: Add %BASE-FILE-SYSTEMS.
Change-Id: I7d12a4cb491e957bf55e6c5f9dd09c013473ca42
Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
When booting with pci-arbiter and rumpdisk and using 1024MB of memory for
qemu, booting hangs, or seems to hang, at the end of the rumpdisk boot
messages. At least 1200MB is required, currently.
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[memory-size]: Bump
to 2048.
* gnu/system/examples/bare-hurd.tmpl: Suggest using 2048 here too. Update
example `guix system image' and "qemu" command lines too.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
This is a follow-up to commit 9ad311ec15.
* gnu/packages/virtualization.scm: Remove copyright line.
* gnu/services/virtualization.scm: Add copyright line.
Signed-off-by: Christopher Baines <mail@cbaines.net>
Reported by zamfofex.
Regression introduced in 2bac6ea177.
* gnu/services/virtualization.scm (secret-service-operating-system):
Add 'inherit' keyword for 'guix-configuration'.
Fix the check for empty device path. Do not use --daemonize, since that is
handled by make-forkexec-constructor. Drop the --pidfile option which is
unused without --daemonize.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify
command arguments.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/databases.scm (postgresql-service-type)[description]: New field.
(memcached-service-type)[description]: New field.
(mysql-service-type)[description]: New field.
(redis-service-type)[description]: New field.
* gnu/services/desktop.scm (geoclue-service-type)[description]: New
field.
(udisks-service-type)[description]: New field.
(elogind-service-type)[description]: New field.
(account-service-type)[description]: New field.
* gnu/services/kerberos.scm (krb5-service-type)[description]: New field.
(pam-krb5-service-type)[description]: New field.
* gnu/services/lirc.scm (lirc-service-type)[description]: New field.
* gnu/services/mail.scm (dovecot-service-type)[description]: New field.
(opensmtpd-service-type)[description]: New field.
(mail-aliases-service-type)[description]: New field.
(exim-service-type)[description]: New field.
* gnu/services/monitoring.scm (zabbix-server-service-type)[description]:
New field.
(zabbix-agent-service-type)[description]: New field.
* gnu/services/nfs.scm (rpcbind-service-type)[description]: New field.
(pipefs-service-type)[description]: New field.
(gss-service-type)[description]: New field.
(idmap-service-type)[description]: New field.
* gnu/services/spice.scm (spice-vdagent-service-type)[description]: New field.
* gnu/services/sysctl.scm (sysctl-service-type)[description]: New field.
* gnu/services/virtualization.scm (libvirt-service-type)[description]:
New field.
(virtlog-service-type)[description]: New field.
* gnu/services/vpn.scm (openvpn-server-service-type)[description]: New field.
(openvpn-client-service-type)[description]: New field.
(wireguard-service-type)[description]: New field.
* gnu/services/web.scm (httpd-service-type)[description]: New field.
(fcgiwrap-service-type)[description]: New field.
(agate-service-type)[description]: New field.
[name]: Fix.
The justification about the order of activation snippets given in the
comment had been obsolete since
39e3b4b7ce.
Lately, running the activation snippets for "ssh-keygen -A" and "guix
archive --generate-key" would take a little bit too long, thereby
preventing the childhurd from starting on time.
* gnu/services/virtualization.scm (secret-service-operating-system):
Clear 'generate-host-keys?' and 'generate-substitute-key?'.
Previously, by accessing the raw <qemu-guest-agent-configuration>
fields, 'qemu' would match the first field, which is the '%location'
field, not the 'qemu' field.
It would seem this bug has always been present since the addition of the
'location' field in d132d9f96b predates
the addition of 'qemu-guest-agent-service-type' in
f634a0baab.
Fixes <https://issues.guix.gnu.org/54041>.
Reported by Ricardo Wurmus <rekado@elephly.net>.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service):
Use accessors for <qemu-guest-agent-configuration>.
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
When accessing libvrtd remotely, polkit can't be used unless you are
logged as root. Instead allow libvirt groups member access to the
control socket.
* gnu/services/virtualization.scm (libvirt-configuration)
[unix-sock-group]: Change default from "root" to "libvirt".
* gnu/services/virtualization.scm (libvirt-configuration): Add 'qemu'
field.
(libvirt-service-type): Replace 'qemu' package with the one specified in
the service configuration.
