From 5bec2b61229d6bbba71d69e35e4943e9fd09cddc Mon Sep 17 00:00:00 2001
From: astro microvm.b
0
Declared by:
What CPU to emulate, if any. If different from the host @@ -251,7 +251,7 @@
null
Declared by:
Extra arguments to pass to crosvm.
@@ -261,7 +261,7 @@Declared by:
A Hypervisor’s sandbox directory
@@ -271,7 +271,7 @@Declared by:
Generated Hypervisor declared by config.microvm.hypervisor
"config.microvm.runner.${config.microvm.hypervisor}"
Declared by:
PCI/USB devices that are passed from the host to the MicroVM
@@ -304,7 +304,7 @@Declared by:
Device is either on the pci
or the usb
bus
Declared by:
Identification of the device on its bus
@@ -320,7 +320,7 @@Declared by:
When using the SLiRP user networking (default), this option allows to @@ -349,7 +349,7 @@
Declared by:
Controls the direction in which the ports are mapped:
@@ -369,7 +369,7 @@The IPv4 address on the guest VLAN.
@@ -379,7 +379,7 @@The guest port to be mapped.
@@ -387,7 +387,7 @@The IPv4 address of the host.
@@ -397,7 +397,7 @@The host port to be mapped.
@@ -405,7 +405,7 @@The protocol to forward.
@@ -415,7 +415,7 @@Enable GUI support.
@@ -431,7 +431,7 @@false
Declared by:
Path of vhost-user socket
@@ -441,7 +441,7 @@"$HOSTNAME-gpu.sock"
Declared by:
Whether to enable the microvm.nix guest module.
@@ -451,7 +451,7 @@true
Declared by:
Whether to use hugepages as memory backend. @@ -462,7 +462,7 @@
false
Declared by:
Which hypervisor to use for this MicroVM
@@ -473,7 +473,7 @@"qemu"
Declared by:
Path to the initrd file in the initrd package
@@ -483,7 +483,7 @@"${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"
Declared by:
Network interfaces
@@ -493,7 +493,7 @@[ ]
Declared by:
Attach network interface to host bridge interface for type = “bridge”
@@ -503,7 +503,7 @@Interface name on the host
@@ -511,7 +511,7 @@Declared by:
MAC address of the guest’s network interface
@@ -519,7 +519,7 @@Declared by:
Attach network interface to host interface for type = “macvlan”
@@ -529,7 +529,7 @@The MACVLAN mode to use
@@ -539,7 +539,7 @@Interface type
@@ -547,7 +547,7 @@Declared by:
Kernel package to use for MicroVM runners
@@ -557,7 +557,7 @@Declared by:
Includes boot.kernelParams but doesn’t end up in toplevel, thereby allowing references to toplevel
@@ -565,7 +565,7 @@Declared by:
Amount of RAM in megabytes
@@ -575,7 +575,7 @@512
Declared by:
Commands to run before starting the hypervisor
@@ -585,7 +585,7 @@""
Declared by:
Extra arguments to pass to qemu.
@@ -595,7 +595,7 @@[ ]
Declared by:
Generated Hypervisor runner for this NixOS
@@ -603,7 +603,7 @@Declared by:
Shared directory trees
@@ -613,7 +613,7 @@Declared by:
Where to mount the share inside the container
@@ -621,7 +621,7 @@Protocol for this share
@@ -631,7 +631,7 @@"9p"
Declared by:
Socket for communication with virtiofs daemon
@@ -641,7 +641,7 @@null
Declared by:
Path to shared directory tree
@@ -649,7 +649,7 @@Declared by:
Unique virtiofs daemon tag
@@ -657,7 +657,7 @@Declared by:
Hypervisor control socket path
@@ -667,7 +667,7 @@Declared by:
Whether to boot with the storeDisk, that is, unless the host’s /nix/store is a microvm.share.
@@ -677,7 +677,7 @@true
Declared by:
User to switch to when started as root
@@ -687,7 +687,7 @@null
Declared by:
Number of virtual CPU cores
@@ -697,7 +697,7 @@1
Declared by:
Disk images
@@ -707,7 +707,7 @@[ ]
Declared by:
Created image on host automatically before start?
@@ -717,7 +717,7 @@File system for automatic creation and mounting
@@ -727,7 +727,7 @@"ext4"
Declared by:
Path to disk image on the host
@@ -735,7 +735,7 @@Declared by:
If and where to mount the volume inside the container
@@ -743,7 +743,7 @@Volume size if created automatically
@@ -751,7 +751,7 @@Declared by:
Virtual Machine address; @@ -768,7 +768,7 @@
null
Declared by:
Path to the writable /nix/store overlay.
@@ -787,7 +787,7 @@0
Declared by:
What CPU to emulate, if any. If different from the host @@ -471,7 +471,7 @@
null
Declared by:
Extra arguments to pass to crosvm.
@@ -481,7 +481,7 @@Declared by:
A Hypervisor’s sandbox directory
@@ -491,7 +491,7 @@Declared by:
Generated Hypervisor declared by config.microvm.hypervisor
"config.microvm.runner.${config.microvm.hypervisor}"
Declared by:
PCI/USB devices that are passed from the host to the MicroVM
@@ -524,7 +524,7 @@Declared by:
Device is either on the pci
or the usb
bus
Declared by:
Identification of the device on its bus
@@ -540,7 +540,7 @@Declared by:
When using the SLiRP user networking (default), this option allows to @@ -569,7 +569,7 @@
Declared by:
Controls the direction in which the ports are mapped:
@@ -589,7 +589,7 @@The IPv4 address on the guest VLAN.
@@ -599,7 +599,7 @@The guest port to be mapped.
@@ -607,7 +607,7 @@The IPv4 address of the host.
@@ -617,7 +617,7 @@The host port to be mapped.
@@ -625,7 +625,7 @@The protocol to forward.
@@ -635,7 +635,7 @@Enable GUI support.
@@ -651,7 +651,7 @@false
Declared by:
Path of vhost-user socket
@@ -661,7 +661,7 @@"$HOSTNAME-gpu.sock"
Declared by:
Whether to enable the microvm.nix guest module.
@@ -671,7 +671,7 @@true
Declared by:
Whether to use hugepages as memory backend. @@ -682,7 +682,7 @@
false
Declared by:
Which hypervisor to use for this MicroVM
@@ -693,7 +693,7 @@"qemu"
Declared by:
Path to the initrd file in the initrd package
@@ -703,7 +703,7 @@"${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"
Declared by:
Network interfaces
@@ -713,7 +713,7 @@[ ]
Declared by:
Attach network interface to host bridge interface for type = “bridge”
@@ -723,7 +723,7 @@Interface name on the host
@@ -731,7 +731,7 @@Declared by:
MAC address of the guest’s network interface
@@ -739,7 +739,7 @@Declared by:
Attach network interface to host interface for type = “macvlan”
@@ -749,7 +749,7 @@The MACVLAN mode to use
@@ -759,7 +759,7 @@Interface type
@@ -767,7 +767,7 @@Declared by:
Kernel package to use for MicroVM runners
@@ -777,7 +777,7 @@Declared by:
Includes boot.kernelParams but doesn’t end up in toplevel, thereby allowing references to toplevel
@@ -785,7 +785,7 @@Declared by:
Amount of RAM in megabytes
@@ -795,7 +795,7 @@512
Declared by:
Commands to run before starting the hypervisor
@@ -805,7 +805,7 @@""
Declared by:
Extra arguments to pass to qemu.
@@ -815,7 +815,7 @@[ ]
Declared by:
Generated Hypervisor runner for this NixOS
@@ -823,7 +823,7 @@Declared by:
Shared directory trees
@@ -833,7 +833,7 @@Declared by:
Where to mount the share inside the container
@@ -841,7 +841,7 @@Protocol for this share
@@ -851,7 +851,7 @@"9p"
Declared by:
Socket for communication with virtiofs daemon
@@ -861,7 +861,7 @@null
Declared by:
Path to shared directory tree
@@ -869,7 +869,7 @@Declared by:
Unique virtiofs daemon tag
@@ -877,7 +877,7 @@Declared by:
Hypervisor control socket path
@@ -887,7 +887,7 @@Declared by:
Whether to boot with the storeDisk, that is, unless the host’s /nix/store is a microvm.share.
@@ -897,7 +897,7 @@true
Declared by:
User to switch to when started as root
@@ -907,7 +907,7 @@null
Declared by:
Number of virtual CPU cores
@@ -917,7 +917,7 @@1
Declared by:
Disk images
@@ -927,7 +927,7 @@[ ]
Declared by:
Created image on host automatically before start?
@@ -937,7 +937,7 @@File system for automatic creation and mounting
@@ -947,7 +947,7 @@"ext4"
Declared by:
Path to disk image on the host
@@ -955,7 +955,7 @@Declared by:
If and where to mount the volume inside the container
@@ -963,7 +963,7 @@Volume size if created automatically
@@ -971,7 +971,7 @@Declared by:
Virtual Machine address; @@ -988,7 +988,7 @@
null
Declared by:
Path to the writable /nix/store overlay.
@@ -1007,7 +1007,7 @@Quickly running a MicroVM interactively is great for testing. You get
diff --git a/searchindex.js b/searchindex.js
index e66dffe2..190e0518 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Object.assign(window.search, {"doc_urls":["intro.html#intro","intro.html#compartmentalization","intro.html#the-case-against-containers","intro.html#just-virtual-machines","declaring.html#declaring-nixos-microvms","declaring.html#the-microvm-module","options.html#configuration-options","interfaces.html#network-interfaces","interfaces.html#type--user","interfaces.html#type--tap","interfaces.html#type--macvtap","interfaces.html#type--bridge","shares.html#shares","shares.html#sharing-a-hosts-nixstore","shares.html#writable-nixstore-overlay","output-options.html#microvm-output-options","output-options.html#configure-microvmhypervisor-use-microvmdeclaredrunner","microvm-options.html#_moduleargs","microvm-options.html#microvmballoonmem","microvm-options.html#microvmcpu","microvm-options.html#microvmcrosvmextraargs","microvm-options.html#microvmcrosvmpivotroot","microvm-options.html#microvmdeclaredrunner","microvm-options.html#microvmdevices","microvm-options.html#microvmdevicesbus","microvm-options.html#microvmdevicespath","microvm-options.html#microvmforwardports","microvm-options.html#microvmforwardportsfrom","microvm-options.html#microvmforwardportsguestaddress","microvm-options.html#microvmforwardportsguestport","microvm-options.html#microvmforwardportshostaddress","microvm-options.html#microvmforwardportshostport","microvm-options.html#microvmforwardportsproto","microvm-options.html#microvmgraphicsenable","microvm-options.html#microvmgraphicssocket","microvm-options.html#microvmguestenable","microvm-options.html#microvmhugepagemem","microvm-options.html#microvmhypervisor","microvm-options.html#microvminitrdpath","microvm-options.html#microvminterfaces","microvm-options.html#microvminterfacesbridge","microvm-options.html#microvminterfacesid","microvm-options.html#microvminterfacesmac","microvm-options.html#microvminterfacesmacvtaplink","microvm-options.html#microvminterfacesmacvtapmode","microvm-options.html#microvminterfacestype","microvm-options.html#microvmkernel","microvm-options.html#microvmkernelparams","microvm-options.html#microvmmem","microvm-options.html#microvmprestart","microvm-options.html#microvmqemuextraargs","microvm-options.html#microvmrunner","microvm-options.html#microvmshares","microvm-options.html#microvmsharesmountpoint","microvm-options.html#microvmsharesproto","microvm-options.html#microvmsharessocket","microvm-options.html#microvmsharessource","microvm-options.html#microvmsharestag","microvm-options.html#microvmsocket","microvm-options.html#microvmstoreondisk","microvm-options.html#microvmuser","microvm-options.html#microvmvcpu","microvm-options.html#microvmvolumes","microvm-options.html#microvmvolumesautocreate","microvm-options.html#microvmvolumesfstype","microvm-options.html#microvmvolumesimage","microvm-options.html#microvmvolumesmountpoint","microvm-options.html#microvmvolumessize","microvm-options.html#microvmvsockcid","microvm-options.html#microvmwritablestoreoverlay","packages.html#running-a-microvm-as-a-package","packages.html#immediately-running-a-nixosconfiguration","packages.html#add-a-runner-package-to-your-flake","host.html#preparing-a-nixos-host-for-declarative-microvms","simple-network.html#a-simple-network-setup","simple-network.html#a-bridge-to-link-tap-interfaces","simple-network.html#advanced-improving-performance","advanced-network.html#advanced-network-setup","advanced-network.html#a-bridge-to-link-tap-interfaces","advanced-network.html#provide-internet-access-with-nat","advanced-network.html#port-forwarding","host-systemd.html#systemd-services-on-a-microvm-host","host-systemd.html#install-microvm-nameservice","host-systemd.html#microvm-tap-interfacesservice","host-systemd.html#microvm-macvtap-interfacesservice","host-systemd.html#microvm-pci-devicesservice","host-systemd.html#microvm-virtiofsdservice","host-systemd.html#microvmservice","host-systemd.html#microvmstarget","declarative.html#declarative-microvms","declarative.html#fully-declarative","declarative.html#declarative-deployment","microvm-command.html#imperative-microvm-management-with-the-microvm-command","microvm-command.html#create-a-microvm","microvm-command.html#enabling-microvm-autostart","microvm-command.html#update-a-microvm","microvm-command.html#list-microvms","microvm-command.html#removing-microvms","conventions.html#conventions-between-microvm-packages-and-the-host","conventions.html#generating-custom-operating-system-hypervisor-packages","faq.html#frequently-asked-questions","faq.html#can-i-support-the-development-and-maintenance-of-this-project","faq.html#how-to-centralize-logging-with-journald","faq.html#can-i-build-with-hypervisors-from-the-hosts-nixpkgs-instead-of-the-microvms","faq.html#how-can-i-deploy-imperatively-from-continuous-integration"],"index":{"documentStore":{"docInfo":{"0":{"body":19,"breadcrumbs":2,"title":1},"1":{"body":29,"breadcrumbs":2,"title":1},"10":{"body":85,"breadcrumbs":6,"title":2},"100":{"body":0,"breadcrumbs":6,"title":3},"101":{"body":1,"breadcrumbs":7,"title":4},"102":{"body":92,"breadcrumbs":6,"title":3},"103":{"body":18,"breadcrumbs":9,"title":6},"104":{"body":121,"breadcrumbs":7,"title":4},"11":{"body":26,"breadcrumbs":6,"title":2},"12":{"body":39,"breadcrumbs":5,"title":1},"13":{"body":21,"breadcrumbs":7,"title":3},"14":{"body":66,"breadcrumbs":7,"title":3},"15":{"body":55,"breadcrumbs":7,"title":3},"16":{"body":26,"breadcrumbs":8,"title":4},"17":{"body":142,"breadcrumbs":5,"title":1},"18":{"body":30,"breadcrumbs":5,"title":1},"19":{"body":19,"breadcrumbs":5,"title":1},"2":{"body":74,"breadcrumbs":4,"title":3},"20":{"body":12,"breadcrumbs":5,"title":1},"21":{"body":12,"breadcrumbs":5,"title":1},"22":{"body":12,"breadcrumbs":5,"title":1},"23":{"body":27,"breadcrumbs":5,"title":1},"24":{"body":12,"breadcrumbs":5,"title":1},"25":{"body":9,"breadcrumbs":5,"title":1},"26":{"body":67,"breadcrumbs":5,"title":1},"27":{"body":32,"breadcrumbs":5,"title":1},"28":{"body":11,"breadcrumbs":5,"title":1},"29":{"body":17,"breadcrumbs":5,"title":1},"3":{"body":39,"breadcrumbs":3,"title":2},"30":{"body":10,"breadcrumbs":5,"title":1},"31":{"body":17,"breadcrumbs":5,"title":1},"32":{"body":12,"breadcrumbs":5,"title":1},"33":{"body":30,"breadcrumbs":5,"title":1},"34":{"body":13,"breadcrumbs":5,"title":1},"35":{"body":13,"breadcrumbs":5,"title":1},"36":{"body":18,"breadcrumbs":5,"title":1},"37":{"body":27,"breadcrumbs":5,"title":1},"38":{"body":13,"breadcrumbs":5,"title":1},"39":{"body":10,"breadcrumbs":5,"title":1},"4":{"body":15,"breadcrumbs":5,"title":3},"40":{"body":17,"breadcrumbs":5,"title":1},"41":{"body":9,"breadcrumbs":5,"title":1},"42":{"body":11,"breadcrumbs":5,"title":1},"43":{"body":16,"breadcrumbs":5,"title":1},"44":{"body":17,"breadcrumbs":5,"title":1},"45":{"body":12,"breadcrumbs":5,"title":1},"46":{"body":13,"breadcrumbs":5,"title":1},"47":{"body":17,"breadcrumbs":5,"title":1},"48":{"body":12,"breadcrumbs":5,"title":1},"49":{"body":14,"breadcrumbs":5,"title":1},"5":{"body":60,"breadcrumbs":4,"title":2},"50":{"body":12,"breadcrumbs":5,"title":1},"51":{"body":12,"breadcrumbs":5,"title":1},"52":{"body":11,"breadcrumbs":5,"title":1},"53":{"body":10,"breadcrumbs":5,"title":1},"54":{"body":12,"breadcrumbs":5,"title":1},"55":{"body":13,"breadcrumbs":5,"title":1},"56":{"body":12,"breadcrumbs":5,"title":1},"57":{"body":10,"breadcrumbs":5,"title":1},"58":{"body":13,"breadcrumbs":5,"title":1},"59":{"body":15,"breadcrumbs":5,"title":1},"6":{"body":95,"breadcrumbs":6,"title":2},"60":{"body":13,"breadcrumbs":5,"title":1},"61":{"body":13,"breadcrumbs":5,"title":1},"62":{"body":10,"breadcrumbs":5,"title":1},"63":{"body":14,"breadcrumbs":5,"title":1},"64":{"body":13,"breadcrumbs":5,"title":1},"65":{"body":10,"breadcrumbs":5,"title":1},"66":{"body":11,"breadcrumbs":5,"title":1},"67":{"body":11,"breadcrumbs":5,"title":1},"68":{"body":24,"breadcrumbs":5,"title":1},"69":{"body":51,"breadcrumbs":5,"title":1},"7":{"body":29,"breadcrumbs":6,"title":2},"70":{"body":26,"breadcrumbs":6,"title":3},"71":{"body":9,"breadcrumbs":6,"title":3},"72":{"body":18,"breadcrumbs":7,"title":4},"73":{"body":95,"breadcrumbs":9,"title":5},"74":{"body":37,"breadcrumbs":10,"title":3},"75":{"body":110,"breadcrumbs":11,"title":4},"76":{"body":41,"breadcrumbs":10,"title":3},"77":{"body":30,"breadcrumbs":10,"title":3},"78":{"body":96,"breadcrumbs":11,"title":4},"79":{"body":53,"breadcrumbs":11,"title":4},"8":{"body":26,"breadcrumbs":6,"title":2},"80":{"body":48,"breadcrumbs":9,"title":2},"81":{"body":13,"breadcrumbs":11,"title":4},"82":{"body":39,"breadcrumbs":10,"title":3},"83":{"body":8,"breadcrumbs":10,"title":3},"84":{"body":8,"breadcrumbs":10,"title":3},"85":{"body":5,"breadcrumbs":10,"title":3},"86":{"body":9,"breadcrumbs":9,"title":2},"87":{"body":8,"breadcrumbs":8,"title":1},"88":{"body":5,"breadcrumbs":8,"title":1},"89":{"body":44,"breadcrumbs":4,"title":2},"9":{"body":55,"breadcrumbs":6,"title":2},"90":{"body":84,"breadcrumbs":4,"title":2},"91":{"body":53,"breadcrumbs":4,"title":2},"92":{"body":15,"breadcrumbs":8,"title":5},"93":{"body":21,"breadcrumbs":5,"title":2},"94":{"body":13,"breadcrumbs":6,"title":3},"95":{"body":38,"breadcrumbs":5,"title":2},"96":{"body":30,"breadcrumbs":5,"title":2},"97":{"body":29,"breadcrumbs":5,"title":2},"98":{"body":105,"breadcrumbs":6,"title":5},"99":{"body":34,"breadcrumbs":7,"title":6}},"docs":{"0":{"body":"microvm.nix is a Flake to run lightweight NixOS virtual machines on NixOS. Starting with the reasons why for the remainder of this chapter, this handbook guides you through the provisioning of MicroVMs on your NixOS machine.","breadcrumbs":"Intro » Intro","id":"0","title":"Intro"},"1":{"body":"NixOS makes running services a breeze. Being able to quickly rollback configuration is a life-saver. Not so much however on systems that are shared by multiple services where maintenance of one affects others. Increase stability by partitioning services into virtual NixOS systems that can be updated individually.","breadcrumbs":"Intro » Compartmentalization","id":"1","title":"Compartmentalization"},"10":{"body":"MACVTAP interfaces attach to a host's physical network interface, joining the same Ethernet segment with a separate MAC address. Before running a MicroVM interactively from a package, do the following steps manually: # Parent interface:\nLINK=eth0\n# MACVTAP interface, as specified under microvm.interfaces.*.id:\nID=microvm1\n# Create the interface\nsudo ip l add link $LINK name $ID type macvtap mode bridge\n# Obtain the interface index number\nIFINDEX=$(cat /sys/class/net/$ID/ifindex)\n# Grant yourself permission\nsudo chown $USER /dev/tap$IFINDEX When running MicroVMs through the host module, the macvtap network interfaces are created through a systemd service dependency. Per interface with type = \"macvtap\", a link attribute with the parent interface, and mode attribute for the MACVTAP filtering mode must be specified.","breadcrumbs":"Declaring MicroVMs » Network interfaces » type = \"macvtap\"","id":"10","title":"type = \"macvtap\""},"100":{"body":"","breadcrumbs":"Frequently Asked Questions » Frequently Asked Questions","id":"100","title":"Frequently Asked Questions"},"101":{"body":"❤ Sponsor","breadcrumbs":"Frequently Asked Questions » Can I support the development and maintenance of this project?","id":"101","title":"Can I support the development and maintenance of this project?"},"102":{"body":"That is possible without even requiring a network transport by just making the journals available to the host as a share. Because journald identifies hosts by their /etc/machine-id, we propose to use static content for that file. Add a NixOS module like the following to your MicroVM configuration: environment.etc.\"machine-id\" = { mode = \"0644\"; text = # change this to suit your flake's interface self.lib.addresses.machineId.${config.networking.hostName} + \"\\n\";\n}; microvm.shares = [ { # On the host source = \"/var/lib/microvms/${config.networking.hostName}/journal\"; # In the MicroVM mountPoint = \"/var/log/journal\"; tag = \"journal\"; proto = \"virtiofs\"; socket = \"journal.sock\";\n} ]; Last, make the MicroVM journals available to your host. The machine-id must be available. systemd.tmpfiles.rules = map (vmHost: let machineId = self.lib.addresses.machineId.${vmHost}; in # creates a symlink of each MicroVM's journal under the host's /var/log/journal \"L+ /var/log/journal/${machineId} - - - - /var/lib/microvms/${vmHost}/journal/${machineId}\"\n) (builtins.attrNames self.lib.addresses.machineId); Once your MicroVM's journal data is visible in the /var/log/journal/$machineId/ directories, journalctl can pick it up using the -m/--merge switch.","breadcrumbs":"Frequently Asked Questions » How to centralize logging with journald?","id":"102","title":"How to centralize logging with journald?"},"103":{"body":"Yes. This scenario is enabled through the flake's lib.buildRunner function. See the nix run microvm#build-microvm script that you will need to customize to fit your deployment scenario.","breadcrumbs":"Frequently Asked Questions » Can I build with hypervisors from the host's nixpkgs instead of the MicroVM's?","id":"103","title":"Can I build with hypervisors from the host's nixpkgs instead of the MicroVM's?"},"104":{"body":"Do this by integrating into your automation what the microvm command does. environment.systemPackages = [ ( # Provide a manual updating script that fetches the latest # updated+built system from Hydra pkgs.writeScriptBin \"update-microvm\" '' #! ${pkgs.runtimeShell} -e if [ $# -lt 1 ]; then NAMES=\"$(ls -1 /var/lib/microvms)\" else NAMES=\"$@\" fi for NAME in $NAMES; do echo MicroVM $NAME cd /var/lib/microvms/$NAME # Is this truly the flake that is being built on Hydra? if [ \"$(cat flake)\" = \"git+https://gitea.example.org/org/nix-config?ref=flake-update\" ]; then NEW=$(curl -sLH \"Accept: application/json\" https://hydra.example.org/job/org/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path) nix copy --from https://nix-cache.example.org $NEW if [ -e booted ]; then nix store diff-closures $(readlink booted) $NEW elif [ -e current ]; then echo \"NOT BOOTED! Diffing to old current:\" nix store diff-closures $(readlink current) $NEW else echo \"NOT BOOTED?\" fi CHANGED=no if ! [ -e current ]; then ln -s $NEW current CHANGED=yes elif [ \"$(readlink current)\" != $NEW ]; then rm -f old cp --no-dereference current old rm -f current ln -s $NEW current CHANGED=yes fi fi if [ \"$CHANGED\" = \"yes\" ]; then systemctl restart microvm@$NAME fi echo done ''\n) ];","breadcrumbs":"Frequently Asked Questions » How can I deploy imperatively from Continuous Integration?","id":"104","title":"How can I deploy imperatively from Continuous Integration?"},"11":{"body":"This mode lets qemu create a tap interface and attach it to a bridge. The qemu-bridge-helper binary needs to be setup with the proper permissions. See the host module for that. qemu will be run without -sandbox on in order for this contraption to work.","breadcrumbs":"Declaring MicroVMs » Network interfaces » type = \"bridge\"","id":"11","title":"type = \"bridge\""},"12":{"body":"In microvm.shares elements the proto field allows either of two values: 9p (default) is built into many hypervisors, allowing you to quickly share a directory tree virtiofs requires a separate virtiofsd service which is only started as a prerequisite when you start MicroVMs through a systemd service that comes with the microvm.nixosModules.host module. Expect virtiofs to yield better performance over 9p.","breadcrumbs":"Declaring MicroVMs » Shared directories » Shares","id":"12","title":"Shares"},"13":{"body":"If a share with source = \"/nix/store\" is defined, size and build time of the stage1 squashfs for /dev/vda will be reduced drastically. microvm.shares = [ { tag = \"ro-store\"; source = \"/nix/store\"; mountPoint = \"/nix/.ro-store\";\n} ];","breadcrumbs":"Declaring MicroVMs » Shared directories » Sharing a host's /nix/store","id":"13","title":"Sharing a host's /nix/store"},"14":{"body":"An optional writable layer will be mounted if the path microvm.writableStoreOverlay is set. Make sure that the path is located on a writable filesystem. Caveat: The Linux overlay filesystem is very picky about the filesystems that can be the upper (writable) layer. 9p/virtiofs shares don't work currently, so resort to using a volume for that: { config, ... }:\n{ microvm.writableStoreOverlay = \"/nix/.rw-store\"; microvm.volumes = [ { image = \"nix-store-overlay.img\"; mountPoint = config.microvm.writableStoreOverlay; size = 2048; } ];\n} Caveat: The Nix database will forget all built packages after a reboot, containing only what is needed for the VM's NixOS system. Until this has been solved, it is recommended to just delete and recreate the overlay after MicroVM shutdown or before startup.","breadcrumbs":"Declaring MicroVMs » Shared directories » Writable /nix/store overlay","id":"14","title":"Writable /nix/store overlay"},"15":{"body":"Hypervisor runners are provided in the config generated by a nixosSystem for you to use inside and outside your configuration. Option Purpose microvm.declaredRunner Runner package selected according to microvm.hypervisor microvm.runners Attribute set of runner packages per known Hypervisor. The microvm.declaredRunner selects the hypervisor according to the configured microvm.hypervisor. nix run .#nixosConfigurations.my-microvm.config.microvm.declaredRunner The microvm.runners option provides a runner for each known Hypervisor regardless of the microvm.hypervisor config setting. To build my-microvm for Firecracker for example: nix run .#nixosConfigurations.my-microvm.config.microvm.runners.firecracker","breadcrumbs":"Declaring MicroVMs » Output options » MicroVM output options","id":"15","title":"MicroVM output options"},"16":{"body":"One of the microvm.runners is picked by microvm.declaredRunner by evaluating microvm.hypervisor. You may switch the Hypervisor quickly, but use declaredRunner in production. Any other NixOS configuration that evaluates the microvm.hypervisor option can be wrong when you pick from microvm.runners directly. One example would be the defaults set by microvm.optimize.","breadcrumbs":"Declaring MicroVMs » Output options » Configure microvm.hypervisor, use microvm.declaredRunner!","id":"16","title":"Configure microvm.hypervisor, use microvm.declaredRunner!"},"17":{"body":"Additional arguments passed to each module in addition to ones like lib, config, and pkgs, modulesPath. This option is also available to all submodules. Submodules do not inherit args from their parent module, nor do they provide args to their parent module or sibling submodules. The sole exception to this is the argument name which is provided by parent modules to a submodule and contains the attribute name the submodule is bound to, or a unique generated name if it is not bound to an attribute. Some arguments are already passed by default, of which the following cannot be changed with this option: lib: The nixpkgs library. config: The results of all options after merging the values from all modules together. options: The options declared in all modules. specialArgs: The specialArgs argument passed to evalModules. All attributes of specialArgs Whereas option values can generally depend on other option values thanks to laziness, this does not apply to imports, which must be computed statically before anything else. For this reason, callers of the module system can provide specialArgs which are available during import resolution. For NixOS, specialArgs includes modulesPath, which allows you to import extra modules from the nixpkgs package tree without having to somehow make the module aware of the location of the nixpkgs or NixOS directories. { modulesPath, ... }: { imports = [ (modulesPath + \"/profiles/minimal.nix\") ];\n} For NixOS, the default value for this option includes at least this argument: pkgs: The nixpkgs package set according to the nixpkgs.pkgs option. Type: lazy attribute set of raw value Declared by: