| Bartosz Stebel | c726798 | 2020-12-10 15:38:29 +0100 | [diff] [blame] | 1 | # This module runs the RIPE anchor VM in a bare qemu. |
| 2 | # It's expected that a storage LV is created independently and passed as blkdev. |
| 3 | { config, pkgs, lib, ... }: |
| 4 | |
| 5 | with lib; |
| 6 | |
| 7 | let |
| 8 | cfg = config.hscloud.anchorvm; |
| 9 | |
| 10 | in { |
| 11 | options.hscloud.anchorvm = { |
| 12 | blkdev = mkOption { |
| 13 | type = types.str; |
| 14 | description = "Root block device"; |
| 15 | }; |
| 16 | bridge = mkOption { |
| 17 | type = types.str; |
| 18 | description = "bridge interface"; |
| 19 | }; |
| 20 | ram = mkOption { |
| 21 | type = types.int; |
| 22 | description = "memory allocated to the vm"; |
| 23 | default = 2048; |
| 24 | }; |
| 25 | }; |
| 26 | |
| 27 | config.systemd.services.anchorvm = { |
| 28 | wantedBy = [ "multi-user.target" ]; |
| 29 | after = [ |
| 30 | "network.target" |
| 31 | ]; |
| 32 | serviceConfig = { |
| 33 | Type = "simple"; |
| 34 | # spawn=allow needed for bridge helper |
| 35 | ExecStart = ''${pkgs.qemu}/bin/qemu-kvm \ |
| 36 | -nographic -m ${toString cfg.ram} -smp 2 \ |
| 37 | -drive file=${cfg.blkdev},if=virtio,cache=none,format=raw \ |
| 38 | -nic bridge,br=${cfg.bridge},model=virtio-net-pci \ |
| 39 | -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=allow,resourcecontrol=deny |
| 40 | ''; |
| 41 | Restart = "always"; |
| 42 | }; |
| 43 | }; |
| 44 | } |