From 8f7eb704c783a6421881b08d0962596bf3b2e01c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 7 Feb 2024 14:55:14 +0100 Subject: [PATCH 01/11] vms: integrate virtiofsd --- nixosModules/clanCore/vm.nix | 10 +++++++ pkgs/clan-cli/clan_cli/vms/run.py | 49 +++++++++++++++++++++++++++++-- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index 11e827082..46e9b1a3c 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -78,7 +78,17 @@ let done ''; }; + + boot.initrd.systemd.emergencyAccess = true; + + boot.initrd.kernelModules = [ "virtiofs" ]; + virtualisation.writableStore = false; virtualisation.fileSystems = { + "/nix/store" = { + options = lib.mkForce [ "x-systemd.requires=systemd-modules-load.service" ]; + fsType = lib.mkForce "virtiofs"; + }; + ${config.clanCore.secretsUploadDirectory} = lib.mkForce { device = "secrets"; fsType = "9p"; diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index 40a3454e6..0b6ce1c22 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -3,8 +3,10 @@ import contextlib import importlib import json import logging +import multiprocessing import os import random +import shutil import socket import subprocess import time @@ -91,6 +93,7 @@ def qemu_command( secrets_dir: Path, rootfs_img: Path, state_img: Path, + virtiofsd_socket: Path, qmp_socket_file: Path, qga_socket_file: Path, ) -> QemuCommand: @@ -115,7 +118,8 @@ def qemu_command( "-device", "virtio-rng-pci", "-net", "nic,netdev=user.0,model=virtio", "-netdev", "user,id=user.0", - "-virtfs", "local,path=/nix/store,security_model=none,mount_tag=nix-store", + "-chardev", f"socket,id=char0,path={virtiofsd_socket}", + "-device", "vhost-user-fs-pci,chardev=char0,tag=nix-store", "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=shared", "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=xchg", "-virtfs", f"local,path={secrets_dir},security_model=none,mount_tag=secrets", @@ -263,6 +267,43 @@ def start_waypipe(cid: int | None, title_prefix: str) -> Iterator[None]: with subprocess.Popen(waypipe) as proc: try: while not test_vsock_port(3049): + rc = proc.poll() + if rc is not None: + msg = f"waypipe exited unexpectedly with code {rc}" + raise ClanError(msg) + time.sleep(0.1) + yield + finally: + proc.kill() + + +@contextlib.contextmanager +def start_virtiofsd(socket_path: Path) -> Iterator[None]: + sandbox = "namespace" + if shutil.which("newuidmap") is None: + sandbox = "none" + virtiofsd = nix_shell( + ["nixpkgs#virtiofsd"], + [ + "virtiofsd", + "--socket-path", + str(socket_path), + "--cache", "always", + "--posix-acl", + "--sandbox", + sandbox, + "--xattr", + "--shared-dir", + "/nix/store", + ], + ) + with subprocess.Popen(virtiofsd) as proc: + try: + while not socket_path.exists(): + rc = proc.poll() + if rc is not None: + msg = f"virtiofsd exited unexpectedly with code {rc}" + raise ClanError(msg) time.sleep(0.1) yield finally: @@ -318,6 +359,7 @@ def run_vm(vm: VmConfig, nix_options: list[str] = []) -> None: size="50G", label="state", ) + virtiofsd_socket = Path(sockets) / "virtiofsd.sock" qemu_cmd = qemu_command( vm, nixos_config, @@ -325,6 +367,7 @@ def run_vm(vm: VmConfig, nix_options: list[str] = []) -> None: secrets_dir=secrets_dir, rootfs_img=rootfs_img, state_img=state_img, + virtiofsd_socket=virtiofsd_socket, qmp_socket_file=qmp_socket_file, qga_socket_file=qga_socket_file, ) @@ -339,7 +382,9 @@ def run_vm(vm: VmConfig, nix_options: list[str] = []) -> None: "XDG_DATA_DIRS" ] = f"{remote_viewer_mimetypes}:{env.get('XDG_DATA_DIRS', '')}" - with start_waypipe(qemu_cmd.vsock_cid, f"[{vm.machine_name}] "): + with start_waypipe( + qemu_cmd.vsock_cid, f"[{vm.machine_name}] " + ), start_virtiofsd(virtiofsd_socket): run( nix_shell(packages, qemu_cmd.args), env=env, From f8a10ab0fc59db50d22e19515116c8bd90bb3b27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 8 Feb 2024 16:17:09 +0100 Subject: [PATCH 02/11] switch to sops-nix experimental branch --- pkgs/clan-cli/clan_cli/vms/run.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index 0b6ce1c22..bc3341a7f 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -3,7 +3,6 @@ import contextlib import importlib import json import logging -import multiprocessing import os import random import shutil @@ -288,7 +287,8 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]: "virtiofsd", "--socket-path", str(socket_path), - "--cache", "always", + "--cache", + "always", "--posix-acl", "--sandbox", sandbox, From 53df1fc209164246ee49556bf7ecf9bce56d6e29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 8 Feb 2024 17:19:30 +0100 Subject: [PATCH 03/11] qemu: disable sea-bios and option rom --- pkgs/clan-cli/clan_cli/vms/run.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index bc3341a7f..e3b1148e2 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -114,9 +114,11 @@ def qemu_command( "-smp", str(nixos_config["cores"]), "-cpu", "max", "-enable-kvm", + # speed-up boot by not waiting for the boot menu + "-boot", "menu=off,strict=on", "-device", "virtio-rng-pci", - "-net", "nic,netdev=user.0,model=virtio", "-netdev", "user,id=user.0", + "-device", "virtio-net-pci,netdev=user.0,romfile=", "-chardev", f"socket,id=char0,path={virtiofsd_socket}", "-device", "vhost-user-fs-pci,chardev=char0,tag=nix-store", "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=shared", From 1c1b6135984a0475abf3245c5b7fab85033c6782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 9 Feb 2024 16:08:46 +0100 Subject: [PATCH 04/11] simplify vmstate directory --- nixosModules/clanCore/vm.nix | 62 +++++++----------------------------- 1 file changed, 12 insertions(+), 50 deletions(-) diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index 46e9b1a3c..46cea819e 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -7,19 +7,6 @@ let config.clanCore.state ); - # Ensure sane mount order by topo-sorting - sortedStateFolders = - let - sorted = lib.toposort lib.hasPrefix stateFolders; - in - sorted.result or ( - throw '' - The state folders have a cyclic dependency. - This is not allowed. - The cyclic dependencies are: - - ${lib.concatStringsSep "\n - " sorted.loops} - '' - ); vmModule = { imports = [ @@ -43,42 +30,6 @@ let boot.kernelPackages = pkgs.linuxPackages_latest; boot.initrd.systemd.storePaths = [ pkgs.util-linux pkgs.e2fsprogs ]; - # Ensures, that all state paths will be persisted across reboots - # - Mounts the state.qcow2 disk to /vmstate. - # - Binds directories from /vmstate/{some-path} to /{some-path}. - boot.initrd.systemd.services.rw-etc-pre = { - unitConfig = { - DefaultDependencies = false; - RequiresMountsFor = "/sysroot /dev"; - }; - wantedBy = [ "initrd.target" ]; - requiredBy = [ "rw-etc.service" ]; - before = [ "rw-etc.service" ]; - serviceConfig = { - Type = "oneshot"; - }; - script = '' - set -x - mkdir -p -m 0755 \ - /sysroot/vmstate \ - /sysroot/.rw-etc \ - /sysroot/var/lib/nixos - - ${pkgs.util-linux}/bin/blkid /dev/vdb || ${pkgs.e2fsprogs}/bin/mkfs.ext4 /dev/vdb - sync - mount /dev/vdb /sysroot/vmstate - - mkdir -p -m 0755 /sysroot/vmstate/{.rw-etc,var/lib/nixos} - mount --bind /sysroot/vmstate/.rw-etc /sysroot/.rw-etc - mount --bind /sysroot/vmstate/var/lib/nixos /sysroot/var/lib/nixos - - for folder in "${lib.concatStringsSep ''" "'' sortedStateFolders}"; do - mkdir -p -m 0755 "/sysroot/vmstate/$folder" "/sysroot/$folder" - mount --bind "/sysroot/vmstate/$folder" "/sysroot/$folder" - done - ''; - }; - boot.initrd.systemd.emergencyAccess = true; boot.initrd.kernelModules = [ "virtiofs" ]; @@ -89,13 +40,24 @@ let fsType = lib.mkForce "virtiofs"; }; + "/vmstate" = { + device = "/dev/vdb"; + options = ["x-systemd.makefs"]; + options = [ "x-systemd.makefs" ]; + }; + ${config.clanCore.secretsUploadDirectory} = lib.mkForce { device = "secrets"; fsType = "9p"; neededForBoot = true; options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ]; }; - }; + } // lib.listToAttrs (map (folder: + lib.nameValuePair folder { + device = "/vmstate${folder}"; + fsType = "none"; + options = ["bind"]; + }) stateFolders); }; # We cannot simply merge the VM config into the current system config, because From 4c6a95c84463ccd6c061d2e0ceef0a59b2a42ee3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 9 Feb 2024 16:40:10 +0100 Subject: [PATCH 05/11] drop unused mounts --- nixosModules/clanCore/vm.nix | 29 +++++++++++++++++++---------- pkgs/clan-cli/clan_cli/vms/run.py | 6 ++---- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index 46cea819e..cf98e1725 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -34,10 +34,16 @@ let boot.initrd.kernelModules = [ "virtiofs" ]; virtualisation.writableStore = false; - virtualisation.fileSystems = { + virtualisation.fileSystems = lib.mkForce ({ + "/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + options = [ "defaults" "x-systemd.makefs" ]; + }; "/nix/store" = { - options = lib.mkForce [ "x-systemd.requires=systemd-modules-load.service" ]; - fsType = lib.mkForce "virtiofs"; + device = "nix-store"; + options = [ "x-systemd.requires=systemd-modules-load.service" ]; + fsType = "virtiofs"; }; "/vmstate" = { @@ -46,18 +52,21 @@ let options = [ "x-systemd.makefs" ]; }; - ${config.clanCore.secretsUploadDirectory} = lib.mkForce { + ${config.clanCore.secretsUploadDirectory} = { device = "secrets"; fsType = "9p"; neededForBoot = true; options = [ "trans=virtio" "version=9p2000.L" "cache=loose" ]; }; - } // lib.listToAttrs (map (folder: - lib.nameValuePair folder { - device = "/vmstate${folder}"; - fsType = "none"; - options = ["bind"]; - }) stateFolders); + + } // lib.listToAttrs (map + (folder: + lib.nameValuePair folder { + device = "/vmstate${folder}"; + fsType = "none"; + options = [ "bind" ]; + }) + stateFolders)); }; # We cannot simply merge the VM config into the current system config, because diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index e3b1148e2..36ad1868a 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -119,10 +119,8 @@ def qemu_command( "-device", "virtio-rng-pci", "-netdev", "user,id=user.0", "-device", "virtio-net-pci,netdev=user.0,romfile=", - "-chardev", f"socket,id=char0,path={virtiofsd_socket}", - "-device", "vhost-user-fs-pci,chardev=char0,tag=nix-store", - "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=shared", - "-virtfs", f"local,path={xchg_dir},security_model=none,mount_tag=xchg", + "-chardev", f"socket,id=char1,path={virtiofsd_socket}", + "-device", "vhost-user-fs-pci,chardev=char1,tag=nix-store", "-virtfs", f"local,path={secrets_dir},security_model=none,mount_tag=secrets", "-drive", f"cache=writeback,file={rootfs_img},format=raw,id=drive1,if=none,index=1,werror=report", "-device", "virtio-blk-pci,bootindex=1,drive=drive1,serial=root", From d2d42670033d48b11f1e446ba579f2755722f836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 9 Feb 2024 16:50:58 +0100 Subject: [PATCH 06/11] format rootfs in vm itself --- nixosModules/clanCore/vm.nix | 15 +++++++++------ pkgs/clan-cli/clan_cli/vms/run.py | 17 ----------------- 2 files changed, 9 insertions(+), 23 deletions(-) diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index cf98e1725..479d23afb 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -35,21 +35,24 @@ let boot.initrd.kernelModules = [ "virtiofs" ]; virtualisation.writableStore = false; virtualisation.fileSystems = lib.mkForce ({ - "/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - options = [ "defaults" "x-systemd.makefs" ]; - }; "/nix/store" = { device = "nix-store"; options = [ "x-systemd.requires=systemd-modules-load.service" ]; fsType = "virtiofs"; }; + "/" = { + device = "/dev/vda"; + fsType = "ext4"; + noCheck = true; + options = [ "defaults" "x-systemd.makefs" ]; + }; + "/vmstate" = { device = "/dev/vdb"; - options = ["x-systemd.makefs"]; options = [ "x-systemd.makefs" ]; + noCheck = true; + fsType = "ext4"; }; ${config.clanCore.secretsUploadDirectory} = { diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index 36ad1868a..80bacd65f 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -194,7 +194,6 @@ def prepare_disk( directory: Path, disk_format: str = "raw", size: str = "1024M", - label: str = "nixos", file_name: str = "disk.img", ) -> Path: disk_img = directory / file_name @@ -215,21 +214,6 @@ def prepare_disk( error_msg=f"Could not create disk image at {disk_img}", ) - if disk_format == "raw": - cmd = nix_shell( - ["nixpkgs#e2fsprogs"], - [ - "mkfs.ext4", - "-L", - label, - str(disk_img), - ], - ) - run( - cmd, - log=Log.BOTH, - error_msg=f"Could not create ext4 filesystem at {disk_img}", - ) return disk_img @@ -357,7 +341,6 @@ def run_vm(vm: VmConfig, nix_options: list[str] = []) -> None: file_name="state.qcow2", disk_format="qcow2", size="50G", - label="state", ) virtiofsd_socket = Path(sockets) / "virtiofsd.sock" qemu_cmd = qemu_command( From 2970c1bc00da9cf13b5bb8761a877e0b2d8d1692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Feb 2024 11:17:15 +0100 Subject: [PATCH 07/11] use virtio-console instead of serial for vm --- pkgs/clan-cli/clan_cli/vms/run.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index 80bacd65f..a4fc9e00e 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -100,7 +100,7 @@ def qemu_command( (Path(nixos_config["toplevel"]) / "kernel-params").read_text(), f'init={nixos_config["toplevel"]}/init', f'regInfo={nixos_config["regInfo"]}/registration', - "console=ttyS0,115200n8", + "console=hvc0", ] if not vm.waypipe: kernel_cmdline.append("console=tty0") @@ -136,6 +136,11 @@ def qemu_command( "-chardev", f"socket,path={qga_socket_file},server=on,wait=off,id=qga0", "-device", "virtio-serial", "-device", "virtserialport,chardev=qga0,name=org.qemu.guest_agent.0", + + "-serial", "null", + "-chardev", "stdio,mux=on,id=char0,signal=off", + "-mon", "chardev=char0,mode=readline", + "-device", "virtconsole,chardev=char0,nr=0", ] # fmt: on vsock_cid = None From 7c41a0e0f89dc81f7d1e5b73f585b84da13c191b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Feb 2024 11:18:27 +0100 Subject: [PATCH 08/11] also use qcow2 for volatile state --- pkgs/clan-cli/clan_cli/vms/run.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index a4fc9e00e..1e155ebdd 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -122,7 +122,7 @@ def qemu_command( "-chardev", f"socket,id=char1,path={virtiofsd_socket}", "-device", "vhost-user-fs-pci,chardev=char1,tag=nix-store", "-virtfs", f"local,path={secrets_dir},security_model=none,mount_tag=secrets", - "-drive", f"cache=writeback,file={rootfs_img},format=raw,id=drive1,if=none,index=1,werror=report", + "-drive", f"cache=writeback,file={rootfs_img},format=qcow2,id=drive1,if=none,index=1,werror=report", "-device", "virtio-blk-pci,bootindex=1,drive=drive1,serial=root", "-drive", f"cache=writeback,file={state_img},format=qcow2,id=state,if=none,index=2,werror=report", "-device", "virtio-blk-pci,drive=state", @@ -197,7 +197,6 @@ def get_secrets( def prepare_disk( directory: Path, - disk_format: str = "raw", size: str = "1024M", file_name: str = "disk.img", ) -> Path: @@ -208,7 +207,7 @@ def prepare_disk( "qemu-img", "create", "-f", - disk_format, + "qcow2", str(disk_img), size, ], @@ -344,7 +343,6 @@ def run_vm(vm: VmConfig, nix_options: list[str] = []) -> None: state_img = prepare_disk( directory=state_dir, file_name="state.qcow2", - disk_format="qcow2", size="50G", ) virtiofsd_socket = Path(sockets) / "virtiofsd.sock" From e8bb051c354f4607b9184c55aee2b261c542e80d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Feb 2024 11:23:29 +0100 Subject: [PATCH 09/11] demo.sh: make relative path configureable --- pkgs/clan-vm-manager/demo.sh | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/pkgs/clan-vm-manager/demo.sh b/pkgs/clan-vm-manager/demo.sh index 1bf573579..48a4830e0 100755 --- a/pkgs/clan-vm-manager/demo.sh +++ b/pkgs/clan-vm-manager/demo.sh @@ -1,21 +1,29 @@ #!/usr/bin/env bash +set -eux -o pipefail + rm -r ~/.config/clan -clan history add "clan://~/Projects/democlan#syncthing-peer1" -clan history add "clan://~/Projects/democlan#syncthing-peer2" +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi -clan history add "clan://~/Projects/democlan#moonlight-peer1" -clan history add "clan://~/Projects/democlan#moonlight-peer2" +democlan="$1" + +clan history add "clan://$democlan#syncthing-peer1" +clan history add "clan://$democlan#syncthing-peer2" + +clan history add "clan://$democlan#moonlight-peer1" +clan history add "clan://$democlan#moonlight-peer2" clear cat << EOF Open up this link in a browser: -"clan://~/Projects/democlan#syncthing-introducer" +"clan://$democlan#syncthing-introducer" EOF - cat << EOF Execute this command to show waypipe windows: -$ clan --flake ~/Projects/democlan/ vms run --wayland wayland +$ clan --flake $democlan vms run --wayland wayland EOF From 9f494e1024cd19427848b49c359a70db091a2898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Feb 2024 12:30:29 +0100 Subject: [PATCH 10/11] drop check for /var/lib/nixos --- pkgs/clan-cli/tests/test_vms_cli.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkgs/clan-cli/tests/test_vms_cli.py b/pkgs/clan-cli/tests/test_vms_cli.py index 4345ca89d..4805ee63a 100644 --- a/pkgs/clan-cli/tests/test_vms_cli.py +++ b/pkgs/clan-cli/tests/test_vms_cli.py @@ -266,13 +266,6 @@ def test_vm_persistence( # connect second time qga = qga_connect(state_dir) - # ensure that either /var/lib/nixos or /etc gets persisted - # (depending on if system.etc.overlay.enable is set or not) - exitcode, out, err = qga.run( - "ls /vmstate/var/lib/nixos/gid-map || ls /vmstate/.rw-etc/upper" - ) - assert exitcode == 0, err - # ensure that the file created by the service is still there and has the expected content exitcode, out, err = qga.run("cat /var/my-state/test") assert exitcode == 0, err From 2202e5a001b534baaeb79bca714af069ec198a57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Feb 2024 13:31:13 +0100 Subject: [PATCH 11/11] fix virtiofsd in CIs --- nixosModules/clanCore/vm.nix | 3 +-- pkgs/clan-cli/clan_cli/vms/run.py | 2 -- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index 479d23afb..08f6779c8 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -37,14 +37,13 @@ let virtualisation.fileSystems = lib.mkForce ({ "/nix/store" = { device = "nix-store"; - options = [ "x-systemd.requires=systemd-modules-load.service" ]; + options = [ "x-systemd.requires=systemd-modules-load.service" "ro" ]; fsType = "virtiofs"; }; "/" = { device = "/dev/vda"; fsType = "ext4"; - noCheck = true; options = [ "defaults" "x-systemd.makefs" ]; }; diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index 1e155ebdd..489a9cb86 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -277,10 +277,8 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]: str(socket_path), "--cache", "always", - "--posix-acl", "--sandbox", sandbox, - "--xattr", "--shared-dir", "/nix/store", ],