From 5887df5f946a0032dcb3fb47f62b067663736244 Mon Sep 17 00:00:00 2001 From: Mika Tammi Date: Thu, 28 Sep 2023 17:39:22 +0300 Subject: [PATCH 1/2] Shared /nix/store and read-write tmpfs overlay /nix/store is shared read-only from the host, and in debug mode, there is read-write tmpfs overlay on top of it, which allows usage of `nix-shell -p ...` inside the virtual machine. Signed-off-by: Mika Tammi --- modules/virtualization/microvm/appvm.nix | 11 ++++++++++- modules/virtualization/microvm/guivm.nix | 11 ++++++++++- modules/virtualization/microvm/netvm.nix | 11 ++++++++++- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/modules/virtualization/microvm/appvm.nix b/modules/virtualization/microvm/appvm.nix index 32e37112d..06bec0700 100644 --- a/modules/virtualization/microvm/appvm.nix +++ b/modules/virtualization/microvm/appvm.nix @@ -56,7 +56,16 @@ mem = vm.ramMb; vcpu = vm.cores; hypervisor = "qemu"; - storeDiskType = "squashfs"; + + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + writableStoreOverlay = lib.mkIf config.ghaf.development.debug.tools.enable "/nix/.rw-store"; + interfaces = [ { type = "tap"; diff --git a/modules/virtualization/microvm/guivm.nix b/modules/virtualization/microvm/guivm.nix index 7987157bf..b3fb88dc7 100644 --- a/modules/virtualization/microvm/guivm.nix +++ b/modules/virtualization/microvm/guivm.nix @@ -54,7 +54,16 @@ microvm = { mem = 2048; hypervisor = "qemu"; - storeDiskType = "squashfs"; + + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + writableStoreOverlay = lib.mkIf config.ghaf.development.debug.tools.enable "/nix/.rw-store"; + interfaces = [ { type = "tap"; diff --git a/modules/virtualization/microvm/netvm.nix b/modules/virtualization/microvm/netvm.nix index 5b0ddd5cc..e21df6fee 100644 --- a/modules/virtualization/microvm/netvm.nix +++ b/modules/virtualization/microvm/netvm.nix @@ -73,7 +73,16 @@ }; }; - microvm.storeDiskType = "squashfs"; + microvm = { + shares = [ + { + tag = "ro-store"; + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + } + ]; + writableStoreOverlay = lib.mkIf config.ghaf.development.debug.tools.enable "/nix/.rw-store"; + }; imports = import ../../module-list.nix; }) From e691806f4ec98ee1923451121304d3d8e8f89856 Mon Sep 17 00:00:00 2001 From: Mika Tammi Date: Thu, 28 Sep 2023 18:43:48 +0300 Subject: [PATCH 2/2] lenovo-x1-carbon: Fix Chromium AppVm As machine type has changed back to q35, remove qboot bios workaround. Signed-off-by: Mika Tammi --- modules/virtualization/microvm/appvm.nix | 5 ----- targets/lenovo-x1-carbon.nix | 6 ++++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/virtualization/microvm/appvm.nix b/modules/virtualization/microvm/appvm.nix index 06bec0700..27939d08a 100644 --- a/modules/virtualization/microvm/appvm.nix +++ b/modules/virtualization/microvm/appvm.nix @@ -73,11 +73,6 @@ mac = vm.macAddress; } ]; - # Use qboot BIOS on x86_64-linux as workaround - qemu.extraArgs = lib.optionals (config.nixpkgs.hostPlatform.system == "x86_64-linux") [ - "-bios" - "${pkgs.qboot}/bios.bin" - ]; }; networking.nat = { diff --git a/targets/lenovo-x1-carbon.nix b/targets/lenovo-x1-carbon.nix index 6da38da28..16935ea83 100644 --- a/targets/lenovo-x1-carbon.nix +++ b/targets/lenovo-x1-carbon.nix @@ -145,9 +145,11 @@ nixpkgs.config.pulseaudio = true; microvm.qemu.extraArgs = [ - # APPVMs use microvm qemu machine which has pcie disabled by default + # APPVMs use microvm qemu machine which has pcie + # disabled by default, and it also causes other + # problems. "-M" - "microvm,pcie=on,accel=kvm:tcg,pit=off,pic=off,rtc=off,mem-merge=on" + "q35,accel=kvm:tcg,mem-merge=on,sata=off" # Lenovo X1 integrated usb webcam "-device" "qemu-xhci"