- Make OVMF firmware images distributed with QEMU available under
/run/libvirt/nix-ovmf directory
- Repackage OVMF firmware metadata JSON files from QEMU package,
patching the image file locations to point to stable
/run/libvirt/nix-ovmf rather than the nix store path of QEMU package.
And make them available at /var/lib/qemu/firmware, the path libvirt
uses to verify domain configuration.
- Remove now obsolete `nvram` entry from qemu.conf.
It was removed by upstream in Nov 2019.
Eliminates log spam from libvirtd.service.
Fixes#378894
There are a bunch of components such as incus or LXC that also use
`boot.isContainer`, so we'd have to differentiate between "OS container"
and "actually nspawn".
This became necessary for the file-systems part where nspawn takes care
of setting up special filesystems like `/proc`, `/dev` etc., but others
don't.
To allow for a `boot.isContainer` being less overloaded, this introduces
`boot.isNspawnContainer` that is exclusively used for nspawn-specific
things. When `true`, `boot.isContainer = true;` is implied.
This service exists to avoid extra instance restarts. While its dependencies
are slim, there are still some, so disable restartIfChanged to avoid any
switches from affecting instances.
SSH key generation was split out into its own systemd service in
https://github.com/NixOS/nixpkgs/pull/372979, but dependent service
definitions weren't updated.
The `apply-ec2-data` service needs to run before SSH key generation,
as it fetches host keys defined in ec2 user data and these keys should
take priority over generating new ones. Currently, the ordering
doesn't specify which should run first of `apply-ec2-data` and
`sshd-keygen`; in practice it seems that `sshd-keygen` often wins the
race, though.
Update the dependencies so that `apply-ec2-data` always runs first.
This disables the hard, not overridable, dependency on `runc`.
It also sharpens the description of `extraPackages` to highlight the
difference between those options.
Fixes#443274.
Eventually we'd like to change our posture on this, and somehow ensure
that 'init' is always our systemd binary, but for now containers
require us to do it this way.
If user already has qemu installed in their system, there might be a collision between normal qemu-system-i386, and qemu-system-i386 with Xen support enabled
In this case, we want Xen supported qemu to win, as otherwise systems won't start with the configuration we provide in NixOS wiki
