Skip to content

Commit

Permalink
Refactor VM and application definitions
Browse files Browse the repository at this point in the history 
Signed-off-by: Yuri Nesterov <[email protected]>
  • Loading branch information
@nesteroff @brianmcgillion
nesteroff authored and brianmcgillion committed Dec 11, 2024
1 parent 8938072 commit 8c7feb2
Show file tree
Hide file tree
Showing 21 changed files with 861 additions and 559 deletions.
1 change: 0 additions & 1 deletion modules/common/services/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
./audio.nix
./wifi.nix
./firmware.nix
./desktop.nix
./xdgopener.nix
./xdghandlers.nix
./namespaces.nix
Expand Down
106 changes: 87 additions & 19 deletions modules/microvm/virtualization/microvm/appvm.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,35 @@ let
configHost = config;
cfg = config.ghaf.virtualization.microvm.appvm;

sshKeysHelper = pkgs.callPackage ../../../../packages/ssh-keys-helper {
inherit pkgs;
config = configHost;
};

makeVm =
{ vm, vmIndex }:
let
vmName = "${vm.name}-vm";
cid = if vm.cid > 0 then vm.cid else cfg.vsockBaseCID + vmIndex;
# A list of applications for the GIVC service
givcApplications = map (app: {
name = app.givcName;
command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/${app.command}";
args = app.givcArgs;
}) vm.applications;
# Packages and extra modules from all applications defined in the appvm
appPackages = builtins.concatLists (map (app: app.packages) vm.applications);
appExtraModules = builtins.concatLists (map (app: app.extraModules) vm.applications);
sshKeysHelper = pkgs.callPackage ../../../../packages/ssh-keys-helper {
inherit pkgs;
config = configHost;
};
appvmConfiguration = {
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.self.nixosModules.givc-appvm
{
ghaf.givc.appvm = {
enable = true;
name = lib.mkForce vmName;
applications = givcApplications;
};
}
(import ./common/vm-networking.nix {
inherit config lib vmName;
inherit (vm) macAddress;
Expand Down Expand Up @@ -126,7 +141,7 @@ let
pkgs.tpm2-tools
pkgs.opensc
pkgs.givc-cli
];
] ++ vm.packages ++ appPackages;

security.tpm2 = {
enable = true;
Expand All @@ -137,6 +152,8 @@ let
lib.mkIf configHost.ghaf.virtualization.microvm.idsvm.mitmproxy.enable
[ ./idsvm/mitmproxy/mitmproxy-ca/mitmproxy-ca-cert.pem ];

time.timeZone = configHost.time.timeZone;

microvm = {
optimize.enable = false;
mem = vm.ramMb;
Expand Down Expand Up @@ -197,19 +214,9 @@ let
{
autostart = true;
config = appvmConfiguration // {
imports =
appvmConfiguration.imports
++ cfg.extraModules
++ vm.extraModules
++ [ { environment.systemPackages = vm.packages; } ];
imports = appvmConfiguration.imports ++ cfg.extraModules ++ vm.extraModules ++ appExtraModules;
};
};

# Host service dependencies
after = optional config.ghaf.services.audio.enable "pulseaudio.service";
requires = after;
# Sleep appvms to give gui-vm time to start
serviceConfig.ExecStartPre = "/bin/sh -c 'sleep 8'";
in
{
options.ghaf.virtualization.microvm.appvm = {
Expand All @@ -218,7 +225,7 @@ in
description = ''
List of AppVMs to be created
'';
type = lib.types.listOf (
type = types.listOf (
types.submodule {
options = {
name = mkOption {
Expand All @@ -227,6 +234,62 @@ in
'';
type = types.str;
};
applications = mkOption {
description = ''
Applications to include in the AppVM
'';
type = types.listOf (
types.submodule (
{ config, lib, ... }:
{
options = rec {
name = mkOption {
type = types.str;
description = "The name of the application";
};
description = mkOption {
type = types.str;
description = "A brief description of the application";
};
packages = mkOption {
type = types.listOf types.package;
description = "A list of packages required for the application";
default = [ ];
};
icon = mkOption {
type = types.str;
description = "Application icon";
default = null;
};
command = mkOption {
type = types.str;
description = "The command to run the application";
default = null;
};
extraModules = mkOption {
description = "Additional modules required for the application";
type = types.listOf types.attrs;
default = [ ];
};
givcName = mkOption {
description = "GIVC name for the application";
type = types.str;
};
givcArgs = mkOption {
description = "A list of GIVC arguments for the application";
type = types.listOf types.str;
default = [ ];
};
};
config = {
# Create a default GIVC name for the application
givcName = lib.mkDefault (lib.strings.toLower (lib.replaceStrings [ " " ] [ "-" ] config.name));
};
}
)
);
default = [ ];
};
packages = mkOption {
description = ''
Packages that are included into the AppVM
Expand Down Expand Up @@ -356,6 +419,7 @@ in
) cfg.vms;
in
lib.mkIf cfg.enable {
# Define microvms for each AppVM configuration
microvm.vms =
let
vms = lib.imap0 (vmIndex: vm: { "${vm.name}-vm" = makeVm { inherit vmIndex vm; }; }) cfg.vms;
Expand All @@ -367,7 +431,11 @@ in
let
serviceDependencies = map (vm: {
"microvm@${vm.name}-vm" = {
inherit after requires serviceConfig;
# Host service dependencies
after = optional config.ghaf.services.audio.enable "pulseaudio.service";
requires = optional config.ghaf.services.audio.enable "pulseaudio.service";
# Sleep appvms to give gui-vm time to start
serviceConfig.ExecStartPre = "/bin/sh -c 'sleep 8'";
};
"${vm.name}-swtpm" = makeSwtpmService { inherit vm; };
}) cfg.vms;
Expand Down
55 changes: 55 additions & 0 deletions modules/microvm/virtualization/microvm/guivm.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,27 @@ let
${lib.optionalString config.ghaf.givc.enableTls "--key /run/givc/ghaf-host-key.pem"}
${lib.optionalString (!config.ghaf.givc.enableTls) "--notls"}
'';
# A list of applications from all AppVMs
virtualApps = lib.lists.concatMap (
vm: map (app: app // { vmName = "${vm.name}-vm"; }) vm.applications
) config.ghaf.virtualization.microvm.appvm.vms;

# Launchers for all virtualized applications that run in AppVMs
virtualLaunchers = map (app: rec {
inherit (app) name;
inherit (app) description;
#inherit (app) givcName;
vm = app.vmName;
path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm ${vm} ${app.givcName}";
inherit (app) icon;
}) virtualApps;
# Launchers for all desktop, non-virtualized applications that run in the GUIVM
guivmLaunchers = map (app: {
inherit (app) name;
inherit (app) description;
path = app.command;
inherit (app) icon;
}) cfg.applications;
in
{
ghaf = {
Expand All @@ -52,6 +73,9 @@ let
graphics.enable = true;
};

# Create launchers for regular apps running in the GUIVM and virtualized ones if GIVC is enabled
graphics.launchers = guivmLaunchers ++ lib.optionals config.ghaf.givc.enable virtualLaunchers;

# To enable screen locking set to true
graphics.labwc = {
autolock.enable = lib.mkDefault config.ghaf.graphics.labwc.autolock.enable;
Expand Down Expand Up @@ -303,6 +327,37 @@ in
Context Identifier (CID) of the GUIVM VSOCK
'';
};

applications = lib.mkOption {
description = ''
Applications to include in the GUIVM
'';
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption {
type = lib.types.str;
description = "The name of the application";
};
description = lib.mkOption {
type = lib.types.str;
description = "A brief description of the application";
};
icon = lib.mkOption {
type = lib.types.str;
description = "Application icon";
default = null;
};
command = lib.mkOption {
type = lib.types.str;
description = "The command to run the application";
default = null;
};
};
}
);
default = [ ];
};
};

config = lib.mkIf cfg.enable {
Expand Down
6 changes: 0 additions & 6 deletions modules/microvm/virtualization/microvm/modules.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,6 @@ let
# Fprint module
fprint = optionalAttrs cfg.guivm.fprint { config.ghaf.services.fprint.enable = true; };

# Desktop module
desktop = {
config.ghaf.services.desktop.enable = true;
};

# XDG opener
xdgOpener = {
config.ghaf.services.xdgopener.enable = true;
Expand Down Expand Up @@ -162,7 +157,6 @@ in
kernelConfigs.guivm
firmwareModule
qemuModules.guivm
serviceModules.desktop
serviceModules.fprint
serviceModules.yubikey
serviceModules.xdgOpener
Expand Down
33 changes: 0 additions & 33 deletions modules/reference/appvms/appflowy.nix
View file

This file was deleted.

Loading

0 comments on commit 8c7feb2

Please sign in to comment.