# Systemd services for libvirtd.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.virtualisation.libvirtd;
configFile = pkgs.writeText "libvirtd.conf" ''
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
${cfg.extraConfig}
'';
in
{
###### interface
options = {
virtualisation.libvirtd.enable =
mkOption {
default = false;
description =
''
This option enables libvirtd, a daemon that manages
virtual machines. Users in the "libvirtd" group can interact with
the daemon (e.g. to start or stop VMs) using the
virsh command line tool, among others.
'';
};
virtualisation.libvirtd.enableKVM =
mkOption {
default = true;
description =
''
This option enables support for QEMU/KVM in libvirtd.
'';
};
virtualisation.libvirtd.extraConfig =
mkOption {
default = "";
description =
''
Extra contents appended to the libvirtd configuration file,
libvirtd.conf.
'';
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages =
[ pkgs.libvirt pkgs.netcat-openbsd ]
++ optional cfg.enableKVM pkgs.qemu_kvm;
boot.kernelModules = [ "tun" ];
systemd.services.libvirtd =
{ description = "Libvirt Virtual Machine Management Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
path =
[ pkgs.bridge_utils pkgs.dmidecode pkgs.dnsmasq
pkgs.ebtables
] ++ optional cfg.enableKVM pkgs.qemu_kvm;
preStart =
''
mkdir -p /var/log/libvirt/qemu -m 755
rm -f /var/run/libvirtd.pid
mkdir -p /var/lib/libvirt
mkdir -p /var/lib/libvirt/dnsmasq
chmod 755 /var/lib/libvirt
chmod 755 /var/lib/libvirt/dnsmasq
# Libvirt unfortunately writes mutable state (such as
# runtime changes to VM, network or filter configurations)
# to /etc. So we can't use environment.etc to make the
# default network and filter definitions available, since
# libvirt will then modify the originals in the Nix store.
# So here we copy them instead. Ugly.
for i in $(cd ${pkgs.libvirt}/etc && echo \
libvirt/qemu/networks/*.xml libvirt/qemu/networks/autostart/*.xml \
libvirt/nwfilter/*.xml );
do
mkdir -p /etc/$(dirname $i) -m 755
cp -fpd ${pkgs.libvirt}/etc/$i /etc/$i
done
# libvirtd puts the full path of the emulator binary in the machine
# config file. But this path can unfortunately be garbage collected
# while still being used by the virtual machine. So update the
# emulator path on each startup to something valid (re-scan $PATH).
for file in /etc/libvirt/qemu/*.xml; do
# get (old) emulator path from config file
emulator=$(grep "^[[:space:]]*" "$file" | sed 's,^[[:space:]]*\(.*\).*,\1,')
# get a (definitely) working emulator path by re-scanning $PATH
new_emulator=$(command -v $(basename "$emulator"))
# write back
sed -i "s,^[[:space:]]*.*, $new_emulator ," "$file"
done
''; # */
serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
serviceConfig.Type = "forking";
serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
# Wait until libvirtd is ready to accept requests.
postStart =
''
for ((i = 0; i < 60; i++)); do
if ${pkgs.libvirt}/bin/virsh list > /dev/null; then exit 0; fi
sleep 1
done
exit 1 # !!! seems to be ignored
'';
};
jobs."libvirt-guests" =
{ description = "Libvirt Virtual Machines";
wantedBy = [ "multi-user.target" ];
wants = [ "libvirtd.service" ];
after = [ "libvirtd.service" ];
restartIfChanged = false;
path = [ pkgs.gettext pkgs.libvirt pkgs.gawk ];
preStart =
''
mkdir -p /var/lock/subsys -m 755
${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests start || true
'';
postStop = "${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests stop";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
users.extraGroups.libvirtd.gid = config.ids.gids.libvirtd;
};
}