bgpwtf/edge01: as-deployed: add qemu-bridge-helper config to fix anchorvm Change-Id: I305c498f8332de8addac435da57ba88e1b34c7f0

commit: 67c86188d770503aba496328b35bdefd82fa030c [log] [tgz]
author: Bartosz Stebel <implr@hackerspace.pl> Fri Dec 18 16:39:52 2020 +0100
committer: Bartosz Stebel <implr@hackerspace.pl> Mon Dec 21 15:14:13 2020 +0100
tree: 6eab252a49b5558668aebb0d40f5c87945b996a1
parent: 882cd7ba8190de0fcf0f9272db2b23f3b176b433 [diff] [blame]
diff --git a/bgpwtf/machines/modules/anchorvm.nix b/bgpwtf/machines/modules/anchorvm.nix
index 9c7b17f..9eddde9 100644
--- a/bgpwtf/machines/modules/anchorvm.nix
+++ b/bgpwtf/machines/modules/anchorvm.nix

@@ -24,6 +24,15 @@
     };
   };
 
+  config.environment = {
+    # qemu-bridge-helper (needed for -nic bridge) requires this file to exist.
+    # We're running as root and don't care about the ACL functionality, so just
+    # make a minimal file that allows the interface.
+    # This snippet stolen from nixpkgs//libvirtd.nix
+    etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e:
+      "allow ${e}") [cfg.bridge];
+  };
+
   config.systemd.services.anchorvm = {
     wantedBy = [ "multi-user.target" ];
     after = [
commit	67c86188d770503aba496328b35bdefd82fa030c	[log] [tgz]
author	Bartosz Stebel <implr@hackerspace.pl>	Fri Dec 18 16:39:52 2020 +0100
committer	Bartosz Stebel <implr@hackerspace.pl>	Mon Dec 21 15:14:13 2020 +0100
tree	6eab252a49b5558668aebb0d40f5c87945b996a1
parent	882cd7ba8190de0fcf0f9272db2b23f3b176b433 [diff] [blame]