has libvirtd in container in fusu-services.nix

This commit is contained in:
Sebastian Moser
2025-10-03 17:29:42 +02:00
parent 320570979e
commit d3f6e79b85
19 changed files with 827 additions and 256 deletions

74
mods/fusu-services.nix Normal file
View File

@@ -0,0 +1,74 @@
{ pkgs, dataDir, config, inputs, system, ... }: let
/**
thanks: @melektron
This builder creates a small shell script that wraps arion to specify
it to operate on a specific registered arion service identified by `srv_name`.
This can be used to manage the docker-compose functionality of an arion service
that is defined in the NixOS system, independently from the systemctl service that
starts it. If you start/stop compose projects using this, you should first stop
the systemctl service.
*/
createArionServiceManager = srv_name: setup: (
pkgs.writeShellScriptBin "manage-arion-${srv_name}" ''
echo operating on: ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml}
${setup}
${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
''
);
in {
environment.systemPackages = [
pkgs.arion
# Do install the docker CLI to talk to podman.
# Not needed when virtualisation.docker.enable = true;
pkgs.docker-client
# add all the service managers
(createArionServiceManager "libvirt" "")
];
# Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05.
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
users.extraUsers.me.extraGroups = ["podman"];
######################## libvirtd in container #########################
virtualisation.arion = {
backend = "podman-socket";
projects.libvirt.settings.services.libvirt = { pkgs, lib, ... }: {
nixos.useSystemd = true;
service.useHostStore = true;
nixos.configuration = {
boot.tmp.useTmpfs = true;
virtualisation.libvirtd = {
enable = true;
};
users.users.me = {
uid = 1001;
isNormalUser = true;
password = "changeme";
extraGroups = [ "networkmanager" "wheel" "libvirtd" "plugdev" ];
};
};
service = {
privileged = true;
volumes = [
"${dataDir}/libvirt/run:/run/libvirt"
"${dataDir}/libvirt/lib:/var/lib/libvirt"
];
};
};
};
}

105
mods/le-disk-setup.nix Normal file
View File

@@ -0,0 +1,105 @@
# future setup of using disko to format my raspi sd-card
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix"
"${inputs.nixpkgs}/nixos/modules/profiles/base.nix"
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
sdImage = {
populateFirmwareCommands =
let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
# Otherwise the serial output will be garbled.
core_freq=250
[pi02]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
armstub=armstub8-gic.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
# Supported in newer board revisions
arm_boost=1
[cm4]
# Enable host mode on the 2711 built-in XHCI USB controller.
# This line should be removed if the legacy DWC2 controller is required
# (e.g. for USB device mode) or if USB support is not required.
otg_mode=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in
''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
# Add the config
cp ${configTxt} firmware/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-2-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b-plus.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-cm3.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2-w.dtb firmware/
# Add pi4 specific files
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}