+6

nixos/doc/manual/release-notes/rl-2411.section.md

reviewed

··· 397 397 398 398 - The `services.trust-dns` module has been renamed to `services.hickory-dns`. 399 399 400 400 + - The option `services.prometheus.exporters.pgbouncer.connectionStringFile` has been removed since 401 401 + it leaked the connection string (and thus potentially the DB password) into the cmdline 402 402 + of process making it effectively world-readable. 403 403 + 404 404 + Use [`services.prometheus.exporters.pgbouncer.connectionEnvFile`](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) instead. 405 405 + 400 406 - The `lsh` package and the `services.lshd` module have been removed as they had no maintainer in Nixpkgs and hadn’t seen an upstream release in over a decade. It is recommended to migrate to `openssh` and `services.openssh`. 401 407 402 408 - `opencv2` and `opencv3` have been removed, as they are obsolete and

+93 -130

nixos/maintainers/scripts/ec2/amazon-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 let 9 9 - inherit (lib) 10 10 - mkOption 11 11 - optionalString 12 12 - types 13 13 - versionAtLeast 14 14 - ; 4 4 + inherit (lib) mkOption optionalString types versionAtLeast; 15 5 inherit (lib.options) literalExpression; 16 6 cfg = config.amazonImage; 17 7 amiBootMode = if config.ec2.efi then "uefi" else "legacy-bios"; 18 18 - virtualisationOptions = import ../../../modules/virtualisation/virtualisation-options.nix; 19 8 20 20 - in 21 21 - { 22 22 - imports = [ 23 23 - ../../../modules/virtualisation/amazon-image.nix 24 24 - virtualisationOptions.diskSize 25 25 - (lib.mkRenamedOptionModuleWith { 26 26 - sinceRelease = 2411; 27 27 - from = [ 28 28 - "virtualisation" 29 29 - "amazonImage" 30 30 - "sizeMB" 31 31 - ]; 32 32 - to = [ 33 33 - "virtualisation" 34 34 - "diskSize" 35 35 - ]; 36 36 - }) 37 37 - ]; 9 9 + in { 10 10 + 11 11 + imports = [ ../../../modules/virtualisation/amazon-image.nix ]; 38 12 39 13 # Amazon recommends setting this to the highest possible value for a good EBS 40 14 # experience, which prior to 4.15 was 255. 41 15 # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes 42 16 config.boot.kernelParams = 43 43 - let 44 44 - timeout = 45 45 - if versionAtLeast config.boot.kernelPackages.kernel.version "4.15" then "4294967295" else "255"; 46 46 - in 47 47 - [ "nvme_core.io_timeout=${timeout}" ]; 17 17 + let timeout = 18 18 + if versionAtLeast config.boot.kernelPackages.kernel.version "4.15" 19 19 + then "4294967295" 20 20 + else "255"; 21 21 + in [ "nvme_core.io_timeout=${timeout}" ]; 48 22 49 23 options.amazonImage = { 50 24 name = mkOption { ··· 60 34 } 61 35 ] 62 36 ''; 63 63 - default = [ ]; 37 37 + default = []; 64 38 description = '' 65 39 This option lists files to be copied to fixed locations in the 66 40 generated image. Glob patterns work. 67 41 ''; 68 42 }; 69 43 44 44 + sizeMB = mkOption { 45 45 + type = with types; either (enum [ "auto" ]) int; 46 46 + default = 3072; 47 47 + example = 8192; 48 48 + description = "The size in MB of the image"; 49 49 + }; 50 50 + 70 51 format = mkOption { 71 71 - type = types.enum [ 72 72 - "raw" 73 73 - "qcow2" 74 74 - "vpc" 75 75 - ]; 52 52 + type = types.enum [ "raw" "qcow2" "vpc" ]; 76 53 default = "vpc"; 77 54 description = "The image format to output"; 78 55 }; 79 56 }; 80 57 81 81 - config.virtualisation.diskSize = lib.mkDefault (3 * 1024); 82 82 - config.virtualisation.diskSizeAutoSupported = !config.ec2.zfs.enable; 83 83 - 84 84 - config.system.build.amazonImage = 85 85 - let 86 86 - configFile = pkgs.writeText "configuration.nix" '' 58 58 + config.system.build.amazonImage = let 59 59 + configFile = pkgs.writeText "configuration.nix" 60 60 + '' 87 61 { modulesPath, ... }: { 88 62 imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ]; 89 63 ${optionalString config.ec2.efi '' ··· 96 70 } 97 71 ''; 98 72 99 99 - zfsBuilder = import ../../../lib/make-multi-disk-zfs-image.nix { 100 100 - inherit 101 101 - lib 102 102 - config 103 103 - configFile 104 104 - pkgs 105 105 - ; 106 106 - inherit (cfg) contents format name; 73 73 + zfsBuilder = import ../../../lib/make-multi-disk-zfs-image.nix { 74 74 + inherit lib config configFile pkgs; 75 75 + inherit (cfg) contents format name; 107 76 108 108 - includeChannel = true; 77 77 + includeChannel = true; 109 78 110 110 - bootSize = 1000; # 1G is the minimum EBS volume 79 79 + bootSize = 1000; # 1G is the minimum EBS volume 111 80 112 112 - rootSize = config.virtualisation.diskSize; 113 113 - rootPoolProperties = { 114 114 - ashift = 12; 115 115 - autoexpand = "on"; 116 116 - }; 81 81 + rootSize = cfg.sizeMB; 82 82 + rootPoolProperties = { 83 83 + ashift = 12; 84 84 + autoexpand = "on"; 85 85 + }; 117 86 118 118 - datasets = config.ec2.zfs.datasets; 87 87 + datasets = config.ec2.zfs.datasets; 119 88 120 120 - postVM = '' 121 121 - extension=''${rootDiskImage##*.} 122 122 - friendlyName=$out/${cfg.name} 123 123 - rootDisk="$friendlyName.root.$extension" 124 124 - bootDisk="$friendlyName.boot.$extension" 125 125 - mv "$rootDiskImage" "$rootDisk" 126 126 - mv "$bootDiskImage" "$bootDisk" 89 89 + postVM = '' 90 90 + extension=''${rootDiskImage##*.} 91 91 + friendlyName=$out/${cfg.name} 92 92 + rootDisk="$friendlyName.root.$extension" 93 93 + bootDisk="$friendlyName.boot.$extension" 94 94 + mv "$rootDiskImage" "$rootDisk" 95 95 + mv "$bootDiskImage" "$bootDisk" 127 96 128 128 - mkdir -p $out/nix-support 129 129 - echo "file ${cfg.format} $bootDisk" >> $out/nix-support/hydra-build-products 130 130 - echo "file ${cfg.format} $rootDisk" >> $out/nix-support/hydra-build-products 97 97 + mkdir -p $out/nix-support 98 98 + echo "file ${cfg.format} $bootDisk" >> $out/nix-support/hydra-build-products 99 99 + echo "file ${cfg.format} $rootDisk" >> $out/nix-support/hydra-build-products 131 100 132 132 - ${pkgs.jq}/bin/jq -n \ 133 133 - --arg system_label ${lib.escapeShellArg config.system.nixos.label} \ 134 134 - --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ 135 135 - --arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 136 136 - --arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 137 137 - --arg boot_mode "${amiBootMode}" \ 138 138 - --arg root "$rootDisk" \ 139 139 - --arg boot "$bootDisk" \ 140 140 - '{} 141 141 - | .label = $system_label 142 142 - | .boot_mode = $boot_mode 143 143 - | .system = $system 144 144 - | .disks.boot.logical_bytes = $boot_logical_bytes 145 145 - | .disks.boot.file = $boot 146 146 - | .disks.root.logical_bytes = $root_logical_bytes 147 147 - | .disks.root.file = $root 148 148 - ' > $out/nix-support/image-info.json 149 149 - ''; 150 150 - }; 101 101 + ${pkgs.jq}/bin/jq -n \ 102 102 + --arg system_label ${lib.escapeShellArg config.system.nixos.label} \ 103 103 + --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ 104 104 + --arg root_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$rootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 105 105 + --arg boot_logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$bootDisk" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 106 106 + --arg boot_mode "${amiBootMode}" \ 107 107 + --arg root "$rootDisk" \ 108 108 + --arg boot "$bootDisk" \ 109 109 + '{} 110 110 + | .label = $system_label 111 111 + | .boot_mode = $boot_mode 112 112 + | .system = $system 113 113 + | .disks.boot.logical_bytes = $boot_logical_bytes 114 114 + | .disks.boot.file = $boot 115 115 + | .disks.root.logical_bytes = $root_logical_bytes 116 116 + | .disks.root.file = $root 117 117 + ' > $out/nix-support/image-info.json 118 118 + ''; 119 119 + }; 151 120 152 152 - extBuilder = import ../../../lib/make-disk-image.nix { 153 153 - inherit 154 154 - lib 155 155 - config 156 156 - configFile 157 157 - pkgs 158 158 - ; 121 121 + extBuilder = import ../../../lib/make-disk-image.nix { 122 122 + inherit lib config configFile pkgs; 159 123 160 160 - inherit (cfg) contents format name; 124 124 + inherit (cfg) contents format name; 161 125 162 162 - fsType = "ext4"; 163 163 - partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt"; 126 126 + fsType = "ext4"; 127 127 + partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt"; 164 128 165 165 - inherit (config.virtualisation) diskSize; 129 129 + diskSize = cfg.sizeMB; 166 130 167 167 - postVM = '' 168 168 - extension=''${diskImage##*.} 169 169 - friendlyName=$out/${cfg.name}.$extension 170 170 - mv "$diskImage" "$friendlyName" 171 171 - diskImage=$friendlyName 131 131 + postVM = '' 132 132 + extension=''${diskImage##*.} 133 133 + friendlyName=$out/${cfg.name}.$extension 134 134 + mv "$diskImage" "$friendlyName" 135 135 + diskImage=$friendlyName 172 136 173 173 - mkdir -p $out/nix-support 174 174 - echo "file ${cfg.format} $diskImage" >> $out/nix-support/hydra-build-products 137 137 + mkdir -p $out/nix-support 138 138 + echo "file ${cfg.format} $diskImage" >> $out/nix-support/hydra-build-products 175 139 176 176 - ${pkgs.jq}/bin/jq -n \ 177 177 - --arg system_label ${lib.escapeShellArg config.system.nixos.label} \ 178 178 - --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ 179 179 - --arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 180 180 - --arg boot_mode "${amiBootMode}" \ 181 181 - --arg file "$diskImage" \ 182 182 - '{} 183 183 - | .label = $system_label 184 184 - | .boot_mode = $boot_mode 185 185 - | .system = $system 186 186 - | .logical_bytes = $logical_bytes 187 187 - | .file = $file 188 188 - | .disks.root.logical_bytes = $logical_bytes 189 189 - | .disks.root.file = $file 190 190 - ' > $out/nix-support/image-info.json 191 191 - ''; 192 192 - }; 193 193 - in 194 194 - if config.ec2.zfs.enable then zfsBuilder else extBuilder; 140 140 + ${pkgs.jq}/bin/jq -n \ 141 141 + --arg system_label ${lib.escapeShellArg config.system.nixos.label} \ 142 142 + --arg system ${lib.escapeShellArg pkgs.stdenv.hostPlatform.system} \ 143 143 + --arg logical_bytes "$(${pkgs.qemu_kvm}/bin/qemu-img info --output json "$diskImage" | ${pkgs.jq}/bin/jq '."virtual-size"')" \ 144 144 + --arg boot_mode "${amiBootMode}" \ 145 145 + --arg file "$diskImage" \ 146 146 + '{} 147 147 + | .label = $system_label 148 148 + | .boot_mode = $boot_mode 149 149 + | .system = $system 150 150 + | .logical_bytes = $logical_bytes 151 151 + | .file = $file 152 152 + | .disks.root.logical_bytes = $logical_bytes 153 153 + | .disks.root.file = $file 154 154 + ' > $out/nix-support/image-info.json 155 155 + ''; 156 156 + }; 157 157 + in if config.ec2.zfs.enable then zfsBuilder else extBuilder; 195 158 196 159 meta.maintainers = with lib.maintainers; [ arianvp ]; 197 160 }

+18 -36

nixos/maintainers/scripts/openstack/openstack-image-zfs.nix

reviewed

··· 1 1 # nix-build '<nixpkgs/nixos>' -A config.system.build.openstackImage --arg configuration "{ imports = [ ./nixos/maintainers/scripts/openstack/openstack-image.nix ]; }" 2 2 3 3 - { 4 4 - config, 5 5 - lib, 6 6 - pkgs, 7 7 - ... 8 8 - }: 3 3 + { config, lib, pkgs, ... }: 9 4 let 10 5 inherit (lib) mkOption types; 11 6 copyChannel = true; 12 7 cfg = config.openstackImage; 13 8 imageBootMode = if config.openstack.efi then "uefi" else "legacy-bios"; 14 14 - virtualisationOptions = import ../../../modules/virtualisation/virtualisation-options.nix; 15 9 in 16 10 { 17 11 imports = [ 18 12 ../../../modules/virtualisation/openstack-config.nix 19 19 - virtualisationOptions.diskSize 20 20 - (lib.mkRenamedOptionModuleWith { 21 21 - sinceRelease = 2411; 22 22 - from = [ 23 23 - "virtualisation" 24 24 - "openstackImage" 25 25 - "sizeMB" 26 26 - ]; 27 27 - to = [ 28 28 - "virtualisation" 29 29 - "diskSize" 30 30 - ]; 31 31 - }) 13 13 + ] ++ (lib.optional copyChannel ../../../modules/installer/cd-dvd/channel.nix); 32 14 33 33 - ] ++ (lib.optional copyChannel ../../../modules/installer/cd-dvd/channel.nix); 34 15 35 16 options.openstackImage = { 36 17 name = mkOption { ··· 41 22 42 23 ramMB = mkOption { 43 24 type = types.int; 44 44 - default = (3 * 1024); 25 25 + default = 1024; 45 26 description = "RAM allocation for build VM"; 46 27 }; 47 28 29 29 + sizeMB = mkOption { 30 30 + type = types.int; 31 31 + default = 8192; 32 32 + description = "The size in MB of the image"; 33 33 + }; 34 34 + 48 35 format = mkOption { 49 49 - type = types.enum [ 50 50 - "raw" 51 51 - "qcow2" 52 52 - ]; 36 36 + type = types.enum [ "raw" "qcow2" ]; 53 37 default = "qcow2"; 54 38 description = "The image format to output"; 55 39 }; ··· 70 54 }; 71 55 }; 72 56 73 73 - virtualisation.diskSize = lib.mkDefault (8 * 1024); 74 74 - virtualisation.diskSizeAutoSupported = false; 75 75 - 76 57 system.build.openstackImage = import ../../../lib/make-single-disk-zfs-image.nix { 77 58 inherit lib config; 78 59 inherit (cfg) contents format name; 79 60 pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package 80 61 81 81 - configFile = pkgs.writeText "configuration.nix" '' 82 82 - { modulesPath, ... }: { 83 83 - imports = [ "''${modulesPath}/virtualisation/openstack-config.nix" ]; 84 84 - openstack.zfs.enable = true; 85 85 - } 86 86 - ''; 62 62 + configFile = pkgs.writeText "configuration.nix" 63 63 + '' 64 64 + { modulesPath, ... }: { 65 65 + imports = [ "''${modulesPath}/virtualisation/openstack-config.nix" ]; 66 66 + openstack.zfs.enable = true; 67 67 + } 68 68 + ''; 87 69 88 70 includeChannel = copyChannel; 89 71 90 72 bootSize = 1000; 91 73 memSize = cfg.ramMB; 92 92 - rootSize = config.virtualisation.diskSize; 74 74 + rootSize = cfg.sizeMB; 93 75 rootPoolProperties = { 94 76 ashift = 12; 95 77 autoexpand = "on";

+37 -66

nixos/modules/profiles/macos-builder.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - options, 5 5 - ... 6 6 - }: 1 1 + { config, lib, options, ... }: 7 2 8 3 let 9 4 keysDirectory = "/var/keys"; ··· 20 15 imports = [ 21 16 ../virtualisation/qemu-vm.nix 22 17 23 23 - (lib.mkRenamedOptionModuleWith { 24 24 - sinceRelease = 2411; 25 25 - from = [ 26 26 - "virtualisation" 27 27 - "darwin-builder" 28 28 - "diskSize" 29 29 - ]; 30 30 - to = [ 31 31 - "virtualisation" 32 32 - "diskSize" 33 33 - ]; 34 34 - }) 35 35 - 36 18 # Avoid a dependency on stateVersion 37 19 { 38 20 disabledModules = [ ··· 41 23 ]; 42 24 # swraid's default depends on stateVersion 43 25 config.boot.swraid.enable = false; 44 44 - options.boot.isContainer = lib.mkOption { 45 45 - default = false; 46 46 - internal = true; 47 47 - }; 26 26 + options.boot.isContainer = lib.mkOption { default = false; internal = true; }; 48 27 } 49 28 ]; 50 50 - 51 51 - options.virtualisation.description = "The maximum disk space allocated to the runner in megabytes"; 52 29 53 30 options.virtualisation.darwin-builder = with lib; { 31 31 + diskSize = mkOption { 32 32 + default = 20 * 1024; 33 33 + type = types.int; 34 34 + example = 30720; 35 35 + description = "The maximum disk space allocated to the runner in MB"; 36 36 + }; 54 37 memorySize = mkOption { 55 38 default = 3 * 1024; 56 39 type = types.int; ··· 76 59 ''; 77 60 }; 78 61 workingDirectory = mkOption { 79 79 - default = "."; 80 80 - type = types.str; 81 81 - example = "/var/lib/darwin-builder"; 82 82 - description = '' 83 83 - The working directory to use to run the script. When running 84 84 - as part of a flake will need to be set to a non read-only filesystem. 85 85 - ''; 62 62 + default = "."; 63 63 + type = types.str; 64 64 + example = "/var/lib/darwin-builder"; 65 65 + description = '' 66 66 + The working directory to use to run the script. When running 67 67 + as part of a flake will need to be set to a non read-only filesystem. 68 68 + ''; 86 69 }; 87 70 hostPort = mkOption { 88 71 default = 31022; ··· 175 158 script = hostPkgs.writeShellScriptBin "create-builder" ( 176 159 '' 177 160 set -euo pipefail 178 178 - '' 179 179 - + 180 180 - # When running as non-interactively as part of a DarwinConfiguration the working directory 181 181 - # must be set to a writeable directory. 182 182 - ( 183 183 - if cfg.workingDirectory != "." then 184 184 - '' 185 185 - ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" 186 186 - cd "${cfg.workingDirectory}" 187 187 - '' 188 188 - else 189 189 - "" 190 190 - ) 191 191 - + '' 192 192 - KEYS="''${KEYS:-./keys}" 193 193 - ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" 194 194 - PRIVATE_KEY="''${KEYS}/${user}_${keyType}" 195 195 - PUBLIC_KEY="''${PRIVATE_KEY}.pub" 196 196 - if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then 197 197 - ${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}" 198 198 - ${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost' 199 199 - fi 200 200 - if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then 201 201 - (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}") 202 202 - fi 203 203 - KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} 204 204 - '' 205 205 - ); 161 161 + '' + 162 162 + # When running as non-interactively as part of a DarwinConfiguration the working directory 163 163 + # must be set to a writeable directory. 164 164 + (if cfg.workingDirectory != "." then '' 165 165 + ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" 166 166 + cd "${cfg.workingDirectory}" 167 167 + '' else "") + '' 168 168 + KEYS="''${KEYS:-./keys}" 169 169 + ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" 170 170 + PRIVATE_KEY="''${KEYS}/${user}_${keyType}" 171 171 + PUBLIC_KEY="''${PRIVATE_KEY}.pub" 172 172 + if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then 173 173 + ${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}" 174 174 + ${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost' 175 175 + fi 176 176 + if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then 177 177 + (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}") 178 178 + fi 179 179 + KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} 180 180 + ''); 206 181 207 182 in 208 183 script.overrideAttrs (old: { ··· 248 223 ''; 249 224 250 225 virtualisation = { 251 251 - diskSize = lib.mkDefault (20 * 1024); 226 226 + diskSize = cfg.diskSize; 252 227 253 228 memorySize = cfg.memorySize; 254 229 255 230 forwardPorts = [ 256 256 - { 257 257 - from = "host"; 258 258 - guest.port = 22; 259 259 - host.port = cfg.hostPort; 260 260 - } 231 231 + { from = "host"; guest.port = 22; host.port = cfg.hostPort; } 261 232 ]; 262 233 263 234 # Disable graphics for the builder since users will likely want to run it

+11 -14

nixos/modules/services/monitoring/prometheus/exporters.nix

reviewed

··· 3 3 let 4 4 inherit (lib) concatStrings foldl foldl' genAttrs literalExpression maintainers 5 5 mapAttrs mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption 6 6 - optional types mkOptionDefault flip attrNames; 6 6 + optional types mkOptionDefault flip attrNames xor; 7 7 8 8 cfg = config.services.prometheus.exporters; 9 9 ··· 230 230 in 231 231 mkIf conf.enable { 232 232 warnings = conf.warnings or []; 233 233 + assertions = conf.assertions or []; 233 234 users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { 234 235 description = "Prometheus ${name} exporter service user"; 235 236 isSystemUser = true; ··· 360 361 'services.prometheus.exporters.nextcloud.tokenFile' 361 362 ''; 362 363 } { 363 363 - assertion = cfg.pgbouncer.enable -> ( 364 364 - (cfg.pgbouncer.connectionStringFile != null || cfg.pgbouncer.connectionString != "") 365 365 - ); 366 366 - message = '' 367 367 - PgBouncer exporter needs either connectionStringFile or connectionString configured" 368 368 - ''; 369 369 - } { 370 364 assertion = cfg.sql.enable -> ( 371 365 (cfg.sql.configFile == null) != (cfg.sql.configuration == null) 372 366 ); ··· 405 399 Please ensure you have either `services.prometheus.exporters.deluge.delugePassword' 406 400 or `services.prometheus.exporters.deluge.delugePasswordFile' set! 407 401 ''; 408 408 - } ] ++ (flip map (attrNames exporterOpts) (exporter: { 402 402 + } { 403 403 + assertion = cfg.pgbouncer.enable -> ( 404 404 + xor (cfg.pgbouncer.connectionEnvFile == null) (cfg.pgbouncer.connectionString == null) 405 405 + ); 406 406 + message = '' 407 407 + Options `services.prometheus.exporters.pgbouncer.connectionEnvFile` and 408 408 + `services.prometheus.exporters.pgbouncer.connectionString` are mutually exclusive! 409 409 + ''; 410 410 + }] ++ (flip map (attrNames exporterOpts) (exporter: { 409 411 assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall; 410 412 message = '' 411 413 The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless ··· 417 419 Configuration file in `services.prometheus.exporters.idrac.configurationPath` may override 418 420 `services.prometheus.exporters.idrac.listenAddress` and/or `services.prometheus.exporters.idrac.port`. 419 421 Consider using `services.prometheus.exporters.idrac.configuration` instead. 420 420 - '' 421 421 - ) 422 422 - (mkIf 423 423 - (cfg.pgbouncer.enable && cfg.pgbouncer.connectionString != "") '' 424 424 - config.services.prometheus.exporters.pgbouncer.connectionString is insecure. Use connectionStringFile instead. 425 422 '' 426 423 ) 427 424 ] ++ config.services.prometheus.exporters.warnings;

+35 -25

nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix

reviewed

··· 7 7 mkPackageOption 8 8 types 9 9 optionals 10 10 - optionalString 11 10 getExe 12 12 - getExe' 13 11 escapeShellArg 14 14 - escapeShellArgs 15 12 concatStringsSep 16 13 ; 17 14 in ··· 29 26 }; 30 27 31 28 connectionString = mkOption { 32 32 - type = types.str; 33 33 - default = ""; 29 29 + type = types.nullOr types.str; 30 30 + default = null; 34 31 example = "postgres://admin:@localhost:6432/pgbouncer?sslmode=require"; 35 32 description = '' 36 33 Connection string for accessing pgBouncer. ··· 43 40 auth_file if auth_type other than "any" is used. 44 41 45 42 WARNING: this secret is stored in the world-readable Nix store! 46 46 - Use {option}`connectionStringFile` instead. 43 43 + Use [](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) if the 44 44 + URL contains a secret. 47 45 ''; 48 46 }; 49 47 50 50 - connectionStringFile = mkOption { 51 51 - type = types.nullOr types.path; 48 48 + connectionEnvFile = mkOption { 49 49 + type = types.nullOr types.str; 52 50 default = null; 53 53 - example = "/run/keys/pgBouncer-connection-string"; 54 51 description = '' 55 55 - File that contains pgBouncer connection string in format: 56 56 - postgres://admin:@localhost:6432/pgbouncer?sslmode=require 52 52 + File that must contain the environment variable 53 53 + `PGBOUNCER_EXPORTER_CONNECTION_STRING` which is set to the connection 54 54 + string used by pgbouncer. I.e. the format is supposed to look like this: 57 55 58 58 - NOTE: You MUST keep pgbouncer as database name (special internal db)!!! 56 56 + ``` 57 57 + PGBOUNCER_EXPORTER_CONNECTION_STRING="postgres://admin@localhost:6432/pgbouncer?sslmode=require" 58 58 + ``` 59 59 60 60 - NOTE: ignore_startup_parameters MUST contain "extra_float_digits". 61 61 - 62 62 - NOTE: Admin user (with password or passwordless) MUST exist in the 63 63 - auth_file if auth_type other than "any" is used. 60 60 + NOTE: You MUST keep pgbouncer as database name (special internal db)! 61 61 + NOTE: `services.pgbouncer.settings.pgbouncer.ignore_startup_parameters` 62 62 + MUST contain "extra_float_digits". 64 63 65 65 - {option}`connectionStringFile` takes precedence over {option}`connectionString` 64 64 + Mutually exclusive with [](#opt-services.prometheus.exporters.pgbouncer.connectionString). 66 65 ''; 67 66 }; 68 67 ··· 126 125 127 126 serviceOpts = { 128 127 after = [ "pgbouncer.service" ]; 129 129 - script = optionalString (cfg.connectionStringFile != null) '' 130 130 - connectionString=$(${escapeShellArgs [ 131 131 - (getExe' pkgs.coreutils "cat") "--" cfg.connectionStringFile 132 132 - ]}) 133 133 - '' + concatStringsSep " " ([ 128 128 + script = concatStringsSep " " ([ 134 129 "exec -- ${escapeShellArg (getExe cfg.package)}" 135 130 "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}" 136 136 - "--pgBouncer.connectionString ${if cfg.connectionStringFile != null 137 137 - then "\"$connectionString\"" 138 138 - else "${escapeShellArg cfg.connectionString}"}" 131 131 + ] ++ optionals (cfg.connectionString != null) [ 132 132 + "--pgBouncer.connectionString ${escapeShellArg cfg.connectionString}" 139 133 ] ++ optionals (cfg.telemetryPath != null) [ 140 134 "--web.telemetry-path ${escapeShellArg cfg.telemetryPath}" 141 135 ] ++ optionals (cfg.pidFile != null) [ ··· 151 145 ] ++ cfg.extraFlags); 152 146 153 147 serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; 148 148 + serviceConfig.EnvironmentFile = lib.mkIf (cfg.connectionEnvFile != null) [ 149 149 + cfg.connectionEnvFile 150 150 + ]; 154 151 }; 152 152 + 153 153 + imports = [ 154 154 + (lib.mkRemovedOptionModule [ "connectionStringFile" ] '' 155 155 + As replacement, the option `services.prometheus.exporters.pgbouncer.connectionEnvFile` 156 156 + has been added. In contrast to `connectionStringFile` it must be an environment file 157 157 + with the connection string being set to `PGBOUNCER_EXPORTER_CONNECTION_STRING`. 158 158 + 159 159 + The change was necessary since the former option wrote the contents of the file 160 160 + into the cmdline of the exporter making the connection string effectively 161 161 + world-readable. 162 162 + '') 163 163 + ({ options.warnings = options.warnings; options.assertions = options.assertions; }) 164 164 + ]; 155 165 }

+13 -31

nixos/modules/virtualisation/azure-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 with lib; 9 4 let 10 5 cfg = config.virtualisation.azureImage; 11 11 - virtualisationOptions = import ./virtualisation-options.nix; 12 6 in 13 7 { 14 14 - imports = [ 15 15 - ./azure-common.nix 16 16 - virtualisationOptions.diskSize 17 17 - (lib.mkRenamedOptionModuleWith { 18 18 - sinceRelease = 2411; 19 19 - from = [ 20 20 - "virtualisation" 21 21 - "azureImage" 22 22 - "diskSize" 23 23 - ]; 24 24 - to = [ 25 25 - "virtualisation" 26 26 - "diskSize" 27 27 - ]; 28 28 - }) 29 29 - ]; 8 8 + imports = [ ./azure-common.nix ]; 30 9 31 10 options.virtualisation.azureImage = { 11 11 + diskSize = mkOption { 12 12 + type = with types; either (enum [ "auto" ]) int; 13 13 + default = "auto"; 14 14 + example = 2048; 15 15 + description = '' 16 16 + Size of disk image. Unit is MB. 17 17 + ''; 18 18 + }; 19 19 + 32 20 bootSize = mkOption { 33 21 type = types.int; 34 22 default = 256; ··· 47 35 }; 48 36 49 37 vmGeneration = mkOption { 50 50 - type = 51 51 - with types; 52 52 - enum [ 53 53 - "v1" 54 54 - "v2" 55 55 - ]; 38 38 + type = with types; enum [ "v1" "v2" ]; 56 39 default = "v1"; 57 40 description = '' 58 41 VM Generation to use. ··· 74 57 bootSize = "${toString cfg.bootSize}M"; 75 58 partitionTableType = if cfg.vmGeneration == "v2" then "efi" else "legacy"; 76 59 77 77 - inherit (cfg) contents; 78 78 - inherit (config.virtualisation) diskSize; 60 60 + inherit (cfg) diskSize contents; 79 61 inherit config lib pkgs; 80 62 }; 81 63 };

+26 -49

nixos/modules/virtualisation/digital-ocean-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 with lib; 9 4 let 10 5 cfg = config.virtualisation.digitalOceanImage; 11 11 - virtualisationOptions = import ./virtualisation-options.nix; 12 6 in 13 7 { 14 8 15 15 - imports = [ 16 16 - ./digital-ocean-config.nix 17 17 - virtualisationOptions.diskSize 18 18 - (lib.mkRenamedOptionModuleWith { 19 19 - sinceRelease = 2411; 20 20 - from = [ 21 21 - "virtualisation" 22 22 - "digitialOceanImage" 23 23 - "diskSize" 24 24 - ]; 25 25 - to = [ 26 26 - "virtualisation" 27 27 - "diskSize" 28 28 - ]; 29 29 - }) 30 30 - ]; 9 9 + imports = [ ./digital-ocean-config.nix ]; 31 10 32 11 options = { 12 12 + virtualisation.digitalOceanImage.diskSize = mkOption { 13 13 + type = with types; either (enum [ "auto" ]) int; 14 14 + default = "auto"; 15 15 + example = 4096; 16 16 + description = '' 17 17 + Size of disk image. Unit is MB. 18 18 + ''; 19 19 + }; 20 20 + 33 21 virtualisation.digitalOceanImage.configFile = mkOption { 34 22 type = with types; nullOr path; 35 23 default = null; ··· 43 31 }; 44 32 45 33 virtualisation.digitalOceanImage.compressionMethod = mkOption { 46 46 - type = types.enum [ 47 47 - "gzip" 48 48 - "bzip2" 49 49 - ]; 34 34 + type = types.enum [ "gzip" "bzip2" ]; 50 35 default = "gzip"; 51 36 example = "bzip2"; 52 37 description = '' ··· 59 44 60 45 #### implementation 61 46 config = { 47 47 + 62 48 system.build.digitalOceanImage = import ../../lib/make-disk-image.nix { 63 49 name = "digital-ocean-image"; 64 50 format = "qcow2"; 65 65 - postVM = 66 66 - let 67 67 - compress = 68 68 - { 69 69 - "gzip" = "${pkgs.gzip}/bin/gzip"; 70 70 - "bzip2" = "${pkgs.bzip2}/bin/bzip2"; 71 71 - } 72 72 - .${cfg.compressionMethod}; 73 73 - in 74 74 - '' 75 75 - ${compress} $diskImage 76 76 - ''; 77 77 - configFile = 78 78 - if cfg.configFile == null then 79 79 - config.virtualisation.digitalOcean.defaultConfigFile 80 80 - else 81 81 - cfg.configFile; 82 82 - inherit (config.virtualisation) diskSize; 51 51 + postVM = let 52 52 + compress = { 53 53 + "gzip" = "${pkgs.gzip}/bin/gzip"; 54 54 + "bzip2" = "${pkgs.bzip2}/bin/bzip2"; 55 55 + }.${cfg.compressionMethod}; 56 56 + in '' 57 57 + ${compress} $diskImage 58 58 + ''; 59 59 + configFile = if cfg.configFile == null 60 60 + then config.virtualisation.digitalOcean.defaultConfigFile 61 61 + else cfg.configFile; 62 62 + inherit (cfg) diskSize; 83 63 inherit config lib pkgs; 84 64 }; 85 65 86 66 }; 87 67 88 88 - meta.maintainers = with maintainers; [ 89 89 - arianvp 90 90 - eamsden 91 91 - ]; 68 68 + meta.maintainers = with maintainers; [ arianvp eamsden ]; 92 69 93 70 }

+13 -31

nixos/modules/virtualisation/google-compute-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 with lib; 9 4 let ··· 16 11 ]; 17 12 } 18 13 ''; 19 19 - virtualisationOptions = import ./virtualisation-options.nix; 20 14 in 21 15 { 22 16 23 23 - imports = [ 24 24 - ./google-compute-config.nix 25 25 - virtualisationOptions.diskSize 26 26 - (lib.mkRenamedOptionModuleWith { 27 27 - sinceRelease = 2411; 28 28 - from = [ 29 29 - "virtualisation" 30 30 - "googleComputeImage" 31 31 - "diskSize" 32 32 - ]; 33 33 - to = [ 34 34 - "virtualisation" 35 35 - "diskSize" 36 36 - ]; 37 37 - }) 38 38 - ]; 17 17 + imports = [ ./google-compute-config.nix ]; 39 18 40 19 options = { 20 20 + virtualisation.googleComputeImage.diskSize = mkOption { 21 21 + type = with types; either (enum [ "auto" ]) int; 22 22 + default = "auto"; 23 23 + example = 1536; 24 24 + description = '' 25 25 + Size of disk image. Unit is MB. 26 26 + ''; 27 27 + }; 28 28 + 41 29 virtualisation.googleComputeImage.configFile = mkOption { 42 30 type = with types; nullOr str; 43 31 default = null; ··· 76 64 system.build.googleComputeImage = import ../../lib/make-disk-image.nix { 77 65 name = "google-compute-image"; 78 66 postVM = '' 79 79 - PATH=$PATH:${ 80 80 - with pkgs; 81 81 - lib.makeBinPath [ 82 82 - gnutar 83 83 - gzip 84 84 - ] 85 85 - } 67 67 + PATH=$PATH:${with pkgs; lib.makeBinPath [ gnutar gzip ]} 86 68 pushd $out 87 69 mv $diskImage disk.raw 88 70 tar -Sc disk.raw | gzip -${toString cfg.compressionLevel} > \ ··· 93 75 format = "raw"; 94 76 configFile = if cfg.configFile == null then defaultConfigFile else cfg.configFile; 95 77 partitionTableType = if cfg.efi then "efi" else "legacy"; 96 96 - inherit (config.virtualisation) diskSize; 78 78 + inherit (cfg) diskSize; 97 79 inherit config lib pkgs; 98 80 }; 99 81

+11 -29

nixos/modules/virtualisation/hyperv-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - pkgs, 4 4 - lib, 5 5 - ... 6 6 - }: 1 1 + { config, pkgs, lib, ... }: 7 2 8 3 with lib; 9 4 10 5 let 11 6 cfg = config.hyperv; 12 12 - virtualisationOptions = import ./virtualisation-options.nix; 13 7 14 14 - in 15 15 - { 16 16 - 17 17 - imports = [ 18 18 - virtualisationOptions.diskSize 19 19 - (lib.mkRenamedOptionModuleWith { 20 20 - sinceRelease = 2411; 21 21 - from = [ 22 22 - "virtualisation" 23 23 - "hyperv" 24 24 - "baseImageSize" 25 25 - ]; 26 26 - to = [ 27 27 - "virtualisation" 28 28 - "diskSize" 29 29 - ]; 30 30 - }) 31 31 - ]; 32 32 - 8 8 + in { 33 9 options = { 34 10 hyperv = { 11 11 + baseImageSize = mkOption { 12 12 + type = with types; either (enum [ "auto" ]) int; 13 13 + default = "auto"; 14 14 + example = 2048; 15 15 + description = '' 16 16 + The size of the hyper-v base image in MiB. 17 17 + ''; 18 18 + }; 35 19 vmDerivationName = mkOption { 36 20 type = types.str; 37 21 default = "nixos-hyperv-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; ··· 50 34 }; 51 35 52 36 config = { 53 53 - virtualisation.diskSize = lib.mkDefault (4 * 1024); 54 54 - 55 37 system.build.hypervImage = import ../../lib/make-disk-image.nix { 56 38 name = cfg.vmDerivationName; 57 39 postVM = '' ··· 59 41 rm $diskImage 60 42 ''; 61 43 format = "raw"; 62 62 - inherit (config.virtualisation) diskSize; 44 44 + diskSize = cfg.baseImageSize; 63 45 partitionTableType = "efi"; 64 46 inherit config lib pkgs; 65 47 };

+11 -24

nixos/modules/virtualisation/linode-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 with lib; 9 4 let ··· 15 10 ]; 16 11 } 17 12 ''; 18 18 - virtualisationOptions = import ./virtualisation-options.nix; 19 13 in 20 14 { 21 21 - imports = [ 22 22 - ./linode-config.nix 23 23 - virtualisationOptions.diskSize 24 24 - (lib.mkRenamedOptionModuleWith { 25 25 - sinceRelease = 2411; 26 26 - from = [ 27 27 - "virtualisation" 28 28 - "linodeImage" 29 29 - "diskSize" 30 30 - ]; 31 31 - to = [ 32 32 - "virtualisation" 33 33 - "diskSize" 34 34 - ]; 35 35 - }) 36 36 - ]; 15 15 + imports = [ ./linode-config.nix ]; 37 16 38 17 options = { 18 18 + virtualisation.linodeImage.diskSize = mkOption { 19 19 + type = with types; either (enum (singleton "auto")) ints.positive; 20 20 + default = "auto"; 21 21 + example = 1536; 22 22 + description = '' 23 23 + Size of disk image in MB. 24 24 + ''; 25 25 + }; 39 26 40 27 virtualisation.linodeImage.configFile = mkOption { 41 28 type = with types; nullOr str; ··· 70 57 format = "raw"; 71 58 partitionTableType = "none"; 72 59 configFile = if cfg.configFile == null then defaultConfigFile else cfg.configFile; 73 73 - inherit (config.virtualisation) diskSize; 60 60 + inherit (cfg) diskSize; 74 61 inherit config lib pkgs; 75 62 }; 76 63 };

+3 -14

nixos/modules/virtualisation/oci-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 let 9 4 cfg = config.oci; ··· 12 7 imports = [ ./oci-common.nix ]; 13 8 14 9 config = { 15 15 - virtualisation.diskSize = lib.mkDefault (8 * 1024); 16 16 - virtualisation.diskSizeAutoSupported = false; 17 17 - 18 10 system.build.OCIImage = import ../../lib/make-disk-image.nix { 19 11 inherit config lib pkgs; 20 20 - inherit (config.virtualisation) diskSize; 12 12 + inherit (cfg) diskSize; 21 13 name = "oci-image"; 22 14 configFile = ./oci-config-user.nix; 23 15 format = "qcow2"; ··· 33 25 after = [ "network-online.target" ]; 34 26 wants = [ "network-online.target" ]; 35 27 36 36 - path = [ 37 37 - pkgs.coreutils 38 38 - pkgs.curl 39 39 - ]; 28 28 + path = [ pkgs.coreutils pkgs.curl ]; 40 29 script = '' 41 30 mkdir -m 0700 -p /root/.ssh 42 31 if [ -f /root/.ssh/authorized_keys ]; then

+7 -23

nixos/modules/virtualisation/oci-options.nix

reviewed

··· 1 1 - { 2 2 - lib, 3 3 - ... 4 4 - }: 5 5 - let 6 6 - virtualisationOptions = import ./virtualisation-options.nix; 7 7 - in 1 1 + { config, lib, pkgs, ... }: 8 2 { 9 9 - imports = [ 10 10 - virtualisationOptions.diskSize 11 11 - (lib.mkRenamedOptionModuleWith { 12 12 - sinceRelease = 2411; 13 13 - from = [ 14 14 - "virtualisation" 15 15 - "oci" 16 16 - "diskSize" 17 17 - ]; 18 18 - to = [ 19 19 - "virtualisation" 20 20 - "diskSize" 21 21 - ]; 22 22 - }) 23 23 - ]; 24 24 - 25 3 options = { 26 4 oci = { 27 5 efi = lib.mkOption { ··· 30 8 description = '' 31 9 Whether the OCI instance is using EFI. 32 10 ''; 11 11 + }; 12 12 + diskSize = lib.mkOption { 13 13 + type = lib.types.int; 14 14 + default = 8192; 15 15 + description = "Size of the disk image created in MB."; 16 16 + example = "diskSize = 12 * 1024; # 12GiB"; 33 17 }; 34 18 }; 35 19 };

+143 -190

nixos/modules/virtualisation/proxmox-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - pkgs, 4 4 - lib, 5 5 - ... 6 6 - }: 1 1 + { config, pkgs, lib, ... }: 7 2 8 3 with lib; 9 9 - let 10 10 - virtualisationOptions = import ./virtualisation-options.nix; 11 11 - in 12 12 - { 13 13 - imports = [ 14 14 - virtualisationOptions.diskSize 15 15 - (lib.mkRenamedOptionModuleWith { 16 16 - sinceRelease = 2411; 17 17 - from = [ 18 18 - "virtualisation" 19 19 - "proxmoxImage" 20 20 - "diskSize" 21 21 - ]; 22 22 - to = [ 23 23 - "virtualisation" 24 24 - "diskSize" 25 25 - ]; 26 26 - }) 27 27 - ]; 28 4 5 5 + { 29 6 options.proxmox = { 30 7 qemuConf = { 31 8 # essential configs ··· 77 54 ''; 78 55 }; 79 56 bios = mkOption { 80 80 - type = types.enum [ 81 81 - "seabios" 82 82 - "ovmf" 83 83 - ]; 57 57 + type = types.enum [ "seabios" "ovmf" ]; 84 58 default = "seabios"; 85 59 description = '' 86 60 Select BIOS implementation (seabios = Legacy BIOS, ovmf = UEFI). ··· 111 85 description = '' 112 86 Size of the boot partition. Is only used if partitionTableType is 113 87 either "efi" or "hybrid". 88 88 + ''; 89 89 + }; 90 90 + diskSize = mkOption { 91 91 + type = types.str; 92 92 + default = "auto"; 93 93 + example = "20480"; 94 94 + description = '' 95 95 + The size of the disk, in megabytes. 96 96 + if "auto" size is calculated based on the contents copied to it and 97 97 + additionalSpace is taken into account. 114 98 ''; 115 99 }; 116 100 net0 = mkOption { ··· 140 124 }; 141 125 }; 142 126 qemuExtraConf = mkOption { 143 143 - type = 144 144 - with types; 145 145 - attrsOf (oneOf [ 146 146 - str 147 147 - int 148 148 - ]); 149 149 - default = { }; 127 127 + type = with types; attrsOf (oneOf [ str int ]); 128 128 + default = {}; 150 129 example = literalExpression '' 151 130 { 152 131 cpu = "host"; ··· 158 137 ''; 159 138 }; 160 139 partitionTableType = mkOption { 161 161 - type = types.enum [ 162 162 - "efi" 163 163 - "hybrid" 164 164 - "legacy" 165 165 - "legacy+gpt" 166 166 - ]; 140 140 + type = types.enum [ "efi" "hybrid" "legacy" "legacy+gpt" ]; 167 141 description = '' 168 142 Partition table type to use. See make-disk-image.nix partitionTableType for details. 169 143 Defaults to 'legacy' for 'proxmox.qemuConf.bios="seabios"' (default), other bios values defaults to 'efi'. ··· 211 185 }; 212 186 }; 213 187 214 214 - config = 215 215 - let 216 216 - cfg = config.proxmox; 217 217 - cfgLine = name: value: '' 218 218 - ${name}: ${builtins.toString value} 219 219 - ''; 220 220 - virtio0Storage = builtins.head (builtins.split ":" cfg.qemuConf.virtio0); 221 221 - cfgFile = 222 222 - fileName: properties: 223 223 - pkgs.writeTextDir fileName '' 224 224 - # generated by NixOS 225 225 - ${lib.concatStrings (lib.mapAttrsToList cfgLine properties)} 226 226 - #qmdump#map:virtio0:drive-virtio0:${virtio0Storage}:raw: 227 227 - ''; 188 188 + config = let 189 189 + cfg = config.proxmox; 190 190 + cfgLine = name: value: '' 191 191 + ${name}: ${builtins.toString value} 192 192 + ''; 193 193 + virtio0Storage = builtins.head (builtins.split ":" cfg.qemuConf.virtio0); 194 194 + cfgFile = fileName: properties: pkgs.writeTextDir fileName '' 195 195 + # generated by NixOS 196 196 + ${lib.concatStrings (lib.mapAttrsToList cfgLine properties)} 197 197 + #qmdump#map:virtio0:drive-virtio0:${virtio0Storage}:raw: 198 198 + ''; 199 199 + inherit (cfg) partitionTableType; 200 200 + supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid"; 201 201 + supportBios = partitionTableType == "legacy" || partitionTableType == "hybrid" || partitionTableType == "legacy+gpt"; 202 202 + hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid"; 203 203 + hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt"; 204 204 + in { 205 205 + assertions = [ 206 206 + { 207 207 + assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf"; 208 208 + message = "systemd-boot requires 'ovmf' bios"; 209 209 + } 210 210 + { 211 211 + assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf"; 212 212 + message = "'efi' disk partitioning requires 'ovmf' bios"; 213 213 + } 214 214 + { 215 215 + assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios"; 216 216 + message = "'legacy' disk partitioning requires 'seabios' bios"; 217 217 + } 218 218 + { 219 219 + assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios"; 220 220 + message = "'legacy+gpt' disk partitioning requires 'seabios' bios"; 221 221 + } 222 222 + ]; 223 223 + system.build.VMA = import ../../lib/make-disk-image.nix { 224 224 + name = "proxmox-${cfg.filenameSuffix}"; 228 225 inherit (cfg) partitionTableType; 229 229 - supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid"; 230 230 - supportBios = 231 231 - partitionTableType == "legacy" 232 232 - || partitionTableType == "hybrid" 233 233 - || partitionTableType == "legacy+gpt"; 234 234 - hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid"; 235 235 - hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt"; 236 236 - in 237 237 - { 238 238 - assertions = [ 239 239 - { 240 240 - assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf"; 241 241 - message = "systemd-boot requires 'ovmf' bios"; 242 242 - } 243 243 - { 244 244 - assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf"; 245 245 - message = "'efi' disk partitioning requires 'ovmf' bios"; 246 246 - } 247 247 - { 248 248 - assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios"; 249 249 - message = "'legacy' disk partitioning requires 'seabios' bios"; 250 250 - } 251 251 - { 252 252 - assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios"; 253 253 - message = "'legacy+gpt' disk partitioning requires 'seabios' bios"; 254 254 - } 255 255 - ]; 256 256 - system.build.VMA = import ../../lib/make-disk-image.nix { 257 257 - name = "proxmox-${cfg.filenameSuffix}"; 258 258 - inherit (cfg) partitionTableType; 259 259 - postVM = 260 260 - let 261 261 - # Build qemu with PVE's patch that adds support for the VMA format 262 262 - vma = 263 263 - (pkgs.qemu_kvm.override { 264 264 - alsaSupport = false; 265 265 - pulseSupport = false; 266 266 - sdlSupport = false; 267 267 - jackSupport = false; 268 268 - gtkSupport = false; 269 269 - vncSupport = false; 270 270 - smartcardSupport = false; 271 271 - spiceSupport = false; 272 272 - ncursesSupport = false; 273 273 - libiscsiSupport = false; 274 274 - tpmSupport = false; 275 275 - numaSupport = false; 276 276 - seccompSupport = false; 277 277 - guestAgentSupport = false; 278 278 - }).overrideAttrs 279 279 - (super: rec { 280 280 - # Check https://github.com/proxmox/pve-qemu/tree/master for the version 281 281 - # of qemu and patch to use 282 282 - version = "9.0.0"; 283 283 - src = pkgs.fetchurl { 284 284 - url = "https://download.qemu.org/qemu-${version}.tar.xz"; 285 285 - hash = "sha256-MnCKxmww2MiSYz6paMdxwcdtWX1w3erSGg0izPOG2mk="; 286 286 - }; 287 287 - patches = [ 288 288 - # Proxmox' VMA tool is published as a particular patch upon QEMU 289 289 - "${ 290 290 - pkgs.fetchFromGitHub { 291 291 - owner = "proxmox"; 292 292 - repo = "pve-qemu"; 293 293 - rev = "14afbdd55f04d250bd679ca1ad55d3f47cd9d4c8"; 294 294 - hash = "sha256-lSJQA5SHIHfxJvMLIID2drv2H43crTPMNIlIT37w9Nc="; 295 295 - } 296 296 - }/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch" 297 297 - ]; 226 226 + postVM = let 227 227 + # Build qemu with PVE's patch that adds support for the VMA format 228 228 + vma = (pkgs.qemu_kvm.override { 229 229 + alsaSupport = false; 230 230 + pulseSupport = false; 231 231 + sdlSupport = false; 232 232 + jackSupport = false; 233 233 + gtkSupport = false; 234 234 + vncSupport = false; 235 235 + smartcardSupport = false; 236 236 + spiceSupport = false; 237 237 + ncursesSupport = false; 238 238 + libiscsiSupport = false; 239 239 + tpmSupport = false; 240 240 + numaSupport = false; 241 241 + seccompSupport = false; 242 242 + guestAgentSupport = false; 243 243 + }).overrideAttrs ( super: rec { 244 244 + # Check https://github.com/proxmox/pve-qemu/tree/master for the version 245 245 + # of qemu and patch to use 246 246 + version = "9.0.0"; 247 247 + src = pkgs.fetchurl { 248 248 + url = "https://download.qemu.org/qemu-${version}.tar.xz"; 249 249 + hash = "sha256-MnCKxmww2MiSYz6paMdxwcdtWX1w3erSGg0izPOG2mk="; 250 250 + }; 251 251 + patches = [ 252 252 + # Proxmox' VMA tool is published as a particular patch upon QEMU 253 253 + "${pkgs.fetchFromGitHub { 254 254 + owner = "proxmox"; 255 255 + repo = "pve-qemu"; 256 256 + rev = "14afbdd55f04d250bd679ca1ad55d3f47cd9d4c8"; 257 257 + hash = "sha256-lSJQA5SHIHfxJvMLIID2drv2H43crTPMNIlIT37w9Nc="; 258 258 + }}/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch" 259 259 + ]; 260 260 + 261 261 + buildInputs = super.buildInputs ++ [ pkgs.libuuid ]; 262 262 + nativeBuildInputs = super.nativeBuildInputs ++ [ pkgs.perl ]; 298 263 299 299 - buildInputs = super.buildInputs ++ [ pkgs.libuuid ]; 300 300 - nativeBuildInputs = super.nativeBuildInputs ++ [ pkgs.perl ]; 264 264 + }); 265 265 + in 266 266 + '' 267 267 + ${vma}/bin/vma create "vzdump-qemu-${cfg.filenameSuffix}.vma" \ 268 268 + -c ${cfgFile "qemu-server.conf" (cfg.qemuConf // cfg.qemuExtraConf)}/qemu-server.conf drive-virtio0=$diskImage 269 269 + rm $diskImage 270 270 + ${pkgs.zstd}/bin/zstd "vzdump-qemu-${cfg.filenameSuffix}.vma" 271 271 + mv "vzdump-qemu-${cfg.filenameSuffix}.vma.zst" $out/ 301 272 302 302 - }); 303 303 - in 304 304 - '' 305 305 - ${vma}/bin/vma create "vzdump-qemu-${cfg.filenameSuffix}.vma" \ 306 306 - -c ${ 307 307 - cfgFile "qemu-server.conf" (cfg.qemuConf // cfg.qemuExtraConf) 308 308 - }/qemu-server.conf drive-virtio0=$diskImage 309 309 - rm $diskImage 310 310 - ${pkgs.zstd}/bin/zstd "vzdump-qemu-${cfg.filenameSuffix}.vma" 311 311 - mv "vzdump-qemu-${cfg.filenameSuffix}.vma.zst" $out/ 273 273 + mkdir -p $out/nix-support 274 274 + echo "file vma $out/vzdump-qemu-${cfg.filenameSuffix}.vma.zst" > $out/nix-support/hydra-build-products 275 275 + ''; 276 276 + inherit (cfg.qemuConf) additionalSpace diskSize bootSize; 277 277 + format = "raw"; 278 278 + inherit config lib pkgs; 279 279 + }; 312 280 313 313 - mkdir -p $out/nix-support 314 314 - echo "file vma $out/vzdump-qemu-${cfg.filenameSuffix}.vma.zst" > $out/nix-support/hydra-build-products 315 315 - ''; 316 316 - inherit (cfg.qemuConf) additionalSpace bootSize; 317 317 - inherit (config.virtualisation) diskSize; 318 318 - format = "raw"; 319 319 - inherit config lib pkgs; 281 281 + boot = { 282 282 + growPartition = true; 283 283 + kernelParams = [ "console=ttyS0" ]; 284 284 + loader.grub = { 285 285 + device = lib.mkDefault (if (hasNoFsPartition || supportBios) then 286 286 + # Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"), 287 287 + # which will be used the bootloader, do not set it as loader.grub.device. 288 288 + # GRUB installation fails, unless the whole disk is selected. 289 289 + "/dev/vda" 290 290 + else 291 291 + "nodev"); 292 292 + efiSupport = lib.mkDefault supportEfi; 293 293 + efiInstallAsRemovable = lib.mkDefault supportEfi; 320 294 }; 321 295 322 322 - boot = { 323 323 - growPartition = true; 324 324 - kernelParams = [ "console=ttyS0" ]; 325 325 - loader.grub = { 326 326 - device = lib.mkDefault ( 327 327 - if (hasNoFsPartition || supportBios) then 328 328 - # Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"), 329 329 - # which will be used the bootloader, do not set it as loader.grub.device. 330 330 - # GRUB installation fails, unless the whole disk is selected. 331 331 - "/dev/vda" 332 332 - else 333 333 - "nodev" 334 334 - ); 335 335 - efiSupport = lib.mkDefault supportEfi; 336 336 - efiInstallAsRemovable = lib.mkDefault supportEfi; 337 337 - }; 296 296 + loader.timeout = 0; 297 297 + initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ]; 298 298 + }; 338 299 339 339 - loader.timeout = 0; 340 340 - initrd.availableKernelModules = [ 341 341 - "uas" 342 342 - "virtio_blk" 343 343 - "virtio_pci" 344 344 - ]; 345 345 - }; 300 300 + fileSystems."/" = { 301 301 + device = "/dev/disk/by-label/nixos"; 302 302 + autoResize = true; 303 303 + fsType = "ext4"; 304 304 + }; 305 305 + fileSystems."/boot" = lib.mkIf hasBootPartition { 306 306 + device = "/dev/disk/by-label/ESP"; 307 307 + fsType = "vfat"; 308 308 + }; 346 309 347 347 - fileSystems."/" = { 348 348 - device = "/dev/disk/by-label/nixos"; 349 349 - autoResize = true; 350 350 - fsType = "ext4"; 351 351 - }; 352 352 - fileSystems."/boot" = lib.mkIf hasBootPartition { 353 353 - device = "/dev/disk/by-label/ESP"; 354 354 - fsType = "vfat"; 355 355 - }; 310 310 + networking = mkIf cfg.cloudInit.enable { 311 311 + hostName = mkForce ""; 312 312 + useDHCP = false; 313 313 + }; 356 314 357 357 - networking = mkIf cfg.cloudInit.enable { 358 358 - hostName = mkForce ""; 359 359 - useDHCP = false; 360 360 - }; 361 361 - 362 362 - services = { 363 363 - cloud-init = mkIf cfg.cloudInit.enable { 364 364 - enable = true; 365 365 - network.enable = true; 366 366 - }; 367 367 - sshd.enable = mkDefault true; 368 368 - qemuGuest.enable = true; 315 315 + services = { 316 316 + cloud-init = mkIf cfg.cloudInit.enable { 317 317 + enable = true; 318 318 + network.enable = true; 369 319 }; 370 370 - 371 371 - proxmox.qemuExtraConf.${cfg.cloudInit.device} = "${cfg.cloudInit.defaultStorage}:vm-9999-cloudinit,media=cdrom"; 320 320 + sshd.enable = mkDefault true; 321 321 + qemuGuest.enable = true; 372 322 }; 323 323 + 324 324 + proxmox.qemuExtraConf.${cfg.cloudInit.device} = "${cfg.cloudInit.defaultStorage}:vm-9999-cloudinit,media=cdrom"; 325 325 + }; 373 326 }

+799 -912

nixos/modules/virtualisation/qemu-vm.nix

reviewed

··· 4 4 # `config'. By default, the Nix store is shared read-only with the 5 5 # host, which makes (re)building VMs very efficient. 6 6 7 7 - { 8 8 - config, 9 9 - lib, 10 10 - pkgs, 11 11 - options, 12 12 - ... 13 13 - }: 7 7 + { config, lib, pkgs, options, ... }: 14 8 15 9 with lib; 16 10 ··· 28 22 29 23 consoles = lib.concatMapStringsSep " " (c: "console=${c}") cfg.qemu.consoles; 30 24 31 31 - driveOpts = 32 32 - { ... }: 33 33 - { 25 25 + driveOpts = { ... }: { 34 26 35 35 - options = { 27 27 + options = { 36 28 37 37 - file = mkOption { 38 38 - type = types.str; 39 39 - description = "The file image used for this drive."; 40 40 - }; 41 41 - 42 42 - driveExtraOpts = mkOption { 43 43 - type = types.attrsOf types.str; 44 44 - default = { }; 45 45 - description = "Extra options passed to drive flag."; 46 46 - }; 29 29 + file = mkOption { 30 30 + type = types.str; 31 31 + description = "The file image used for this drive."; 32 32 + }; 47 33 48 48 - deviceExtraOpts = mkOption { 49 49 - type = types.attrsOf types.str; 50 50 - default = { }; 51 51 - description = "Extra options passed to device flag."; 52 52 - }; 34 34 + driveExtraOpts = mkOption { 35 35 + type = types.attrsOf types.str; 36 36 + default = {}; 37 37 + description = "Extra options passed to drive flag."; 38 38 + }; 53 39 54 54 - name = mkOption { 55 55 - type = types.nullOr types.str; 56 56 - default = null; 57 57 - description = "A name for the drive. Must be unique in the drives list. Not passed to qemu."; 58 58 - }; 40 40 + deviceExtraOpts = mkOption { 41 41 + type = types.attrsOf types.str; 42 42 + default = {}; 43 43 + description = "Extra options passed to device flag."; 44 44 + }; 59 45 46 46 + name = mkOption { 47 47 + type = types.nullOr types.str; 48 48 + default = null; 49 49 + description = "A name for the drive. Must be unique in the drives list. Not passed to qemu."; 60 50 }; 61 51 62 52 }; 63 53 64 64 - selectPartitionTableLayout = 65 65 - { useEFIBoot, useDefaultFilesystems }: 66 66 - if useDefaultFilesystems then if useEFIBoot then "efi" else "legacy" else "none"; 54 54 + }; 55 55 + 56 56 + selectPartitionTableLayout = { useEFIBoot, useDefaultFilesystems }: 57 57 + if useDefaultFilesystems then 58 58 + if useEFIBoot then "efi" else "legacy" 59 59 + else "none"; 67 60 68 68 - driveCmdline = 69 69 - idx: 70 70 - { 71 71 - file, 72 72 - driveExtraOpts, 73 73 - deviceExtraOpts, 74 74 - ... 75 75 - }: 61 61 + driveCmdline = idx: { file, driveExtraOpts, deviceExtraOpts, ... }: 76 62 let 77 63 drvId = "drive${toString idx}"; 78 78 - mkKeyValue = generators.mkKeyValueDefault { } "="; 64 64 + mkKeyValue = generators.mkKeyValueDefault {} "="; 79 65 mkOpts = opts: concatStringsSep "," (mapAttrsToList mkKeyValue opts); 80 80 - driveOpts = mkOpts ( 81 81 - driveExtraOpts 82 82 - // { 83 83 - index = idx; 84 84 - id = drvId; 85 85 - "if" = "none"; 86 86 - inherit file; 87 87 - } 88 88 - ); 89 89 - deviceOpts = mkOpts ( 90 90 - deviceExtraOpts 91 91 - // { 92 92 - drive = drvId; 93 93 - } 94 94 - ); 66 66 + driveOpts = mkOpts (driveExtraOpts // { 67 67 + index = idx; 68 68 + id = drvId; 69 69 + "if" = "none"; 70 70 + inherit file; 71 71 + }); 72 72 + deviceOpts = mkOpts (deviceExtraOpts // { 73 73 + drive = drvId; 74 74 + }); 95 75 device = 96 76 if cfg.qemu.diskInterface == "scsi" then 97 77 "-device lsi53c895a -device scsi-hd,${deviceOpts}" 98 78 else 99 79 "-device virtio-blk-pci,${deviceOpts}"; 100 80 in 101 101 - "-drive ${driveOpts} ${device}"; 81 81 + "-drive ${driveOpts} ${device}"; 102 82 103 83 drivesCmdLine = drives: concatStringsSep "\\\n " (imap1 driveCmdline drives); 104 84 105 85 # Shell script to start the VM. 106 106 - startVM = '' 107 107 - #! ${hostPkgs.runtimeShell} 86 86 + startVM = 87 87 + '' 88 88 + #! ${hostPkgs.runtimeShell} 108 89 109 109 - export PATH=${makeBinPath [ hostPkgs.coreutils ]}''${PATH:+:}$PATH 110 110 - 111 111 - set -e 90 90 + export PATH=${makeBinPath [ hostPkgs.coreutils ]}''${PATH:+:}$PATH 112 91 113 113 - # Create an empty ext4 filesystem image. A filesystem image does not 114 114 - # contain a partition table but just a filesystem. 115 115 - createEmptyFilesystemImage() { 116 116 - local name=$1 117 117 - local size=$2 118 118 - local temp=$(mktemp) 119 119 - ${qemu}/bin/qemu-img create -f raw "$temp" "$size" 120 120 - ${hostPkgs.e2fsprogs}/bin/mkfs.ext4 -L ${rootFilesystemLabel} "$temp" 121 121 - ${qemu}/bin/qemu-img convert -f raw -O qcow2 "$temp" "$name" 122 122 - rm "$temp" 123 123 - } 92 92 + set -e 124 93 125 125 - NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${toString config.virtualisation.diskImage}}") || test -z "$NIX_DISK_IMAGE" 94 94 + # Create an empty ext4 filesystem image. A filesystem image does not 95 95 + # contain a partition table but just a filesystem. 96 96 + createEmptyFilesystemImage() { 97 97 + local name=$1 98 98 + local size=$2 99 99 + local temp=$(mktemp) 100 100 + ${qemu}/bin/qemu-img create -f raw "$temp" "$size" 101 101 + ${hostPkgs.e2fsprogs}/bin/mkfs.ext4 -L ${rootFilesystemLabel} "$temp" 102 102 + ${qemu}/bin/qemu-img convert -f raw -O qcow2 "$temp" "$name" 103 103 + rm "$temp" 104 104 + } 126 105 127 127 - if test -n "$NIX_DISK_IMAGE" && ! test -e "$NIX_DISK_IMAGE"; then 128 128 - echo "Disk image do not exist, creating the virtualisation disk image..." 106 106 + NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${toString config.virtualisation.diskImage}}") || test -z "$NIX_DISK_IMAGE" 129 107 130 130 - ${ 131 131 - if (cfg.useBootLoader && cfg.useDefaultFilesystems) then 132 132 - '' 133 133 - # Create a writable qcow2 image using the systemImage as a backing 134 134 - # image. 108 108 + if test -n "$NIX_DISK_IMAGE" && ! test -e "$NIX_DISK_IMAGE"; then 109 109 + echo "Disk image do not exist, creating the virtualisation disk image..." 135 110 136 136 - # CoW prevent size to be attributed to an image. 137 137 - # FIXME: raise this issue to upstream. 138 138 - ${qemu}/bin/qemu-img create \ 139 139 - -f qcow2 \ 140 140 - -b ${systemImage}/nixos.qcow2 \ 141 141 - -F qcow2 \ 142 142 - "$NIX_DISK_IMAGE" 143 143 - '' 144 144 - else if cfg.useDefaultFilesystems then 145 145 - '' 146 146 - createEmptyFilesystemImage "$NIX_DISK_IMAGE" "${toString cfg.diskSize}M" 147 147 - '' 148 148 - else 149 149 - '' 150 150 - # Create an empty disk image without a filesystem. 151 151 - ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" "${toString cfg.diskSize}M" 152 152 - '' 153 153 - } 154 154 - echo "Virtualisation disk image created." 155 155 - fi 111 111 + ${if (cfg.useBootLoader && cfg.useDefaultFilesystems) then '' 112 112 + # Create a writable qcow2 image using the systemImage as a backing 113 113 + # image. 156 114 157 157 - # Create a directory for storing temporary data of the running VM. 158 158 - if [ -z "$TMPDIR" ] || [ -z "$USE_TMPDIR" ]; then 159 159 - TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) 160 160 - fi 115 115 + # CoW prevent size to be attributed to an image. 116 116 + # FIXME: raise this issue to upstream. 117 117 + ${qemu}/bin/qemu-img create \ 118 118 + -f qcow2 \ 119 119 + -b ${systemImage}/nixos.qcow2 \ 120 120 + -F qcow2 \ 121 121 + "$NIX_DISK_IMAGE" 122 122 + '' else if cfg.useDefaultFilesystems then '' 123 123 + createEmptyFilesystemImage "$NIX_DISK_IMAGE" "${toString cfg.diskSize}M" 124 124 + '' else '' 125 125 + # Create an empty disk image without a filesystem. 126 126 + ${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" "${toString cfg.diskSize}M" 127 127 + '' 128 128 + } 129 129 + echo "Virtualisation disk image created." 130 130 + fi 161 131 162 162 - ${lib.optionalString (cfg.useNixStoreImage) '' 163 163 - echo "Creating Nix store image..." 132 132 + # Create a directory for storing temporary data of the running VM. 133 133 + if [ -z "$TMPDIR" ] || [ -z "$USE_TMPDIR" ]; then 134 134 + TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) 135 135 + fi 164 136 165 165 - ${hostPkgs.gnutar}/bin/tar --create \ 166 166 - --absolute-names \ 167 167 - --verbatim-files-from \ 168 168 - --transform 'flags=rSh;s|/nix/store/||' \ 169 169 - --files-from ${ 170 170 - hostPkgs.closureInfo { 171 171 - rootPaths = [ 172 172 - config.system.build.toplevel 173 173 - regInfo 174 174 - ]; 175 175 - } 176 176 - }/store-paths \ 177 177 - | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \ 178 178 - --quiet \ 179 179 - --force-uid=0 \ 180 180 - --force-gid=0 \ 181 181 - -L ${nixStoreFilesystemLabel} \ 182 182 - -U eb176051-bd15-49b7-9e6b-462e0b467019 \ 183 183 - -T 0 \ 184 184 - --tar=f \ 185 185 - "$TMPDIR"/store.img 137 137 + ${lib.optionalString (cfg.useNixStoreImage) '' 138 138 + echo "Creating Nix store image..." 186 139 187 187 - echo "Created Nix store image." 188 188 - ''} 140 140 + ${hostPkgs.gnutar}/bin/tar --create \ 141 141 + --absolute-names \ 142 142 + --verbatim-files-from \ 143 143 + --transform 'flags=rSh;s|/nix/store/||' \ 144 144 + --files-from ${hostPkgs.closureInfo { rootPaths = [ config.system.build.toplevel regInfo ]; }}/store-paths \ 145 145 + | ${hostPkgs.erofs-utils}/bin/mkfs.erofs \ 146 146 + --quiet \ 147 147 + --force-uid=0 \ 148 148 + --force-gid=0 \ 149 149 + -L ${nixStoreFilesystemLabel} \ 150 150 + -U eb176051-bd15-49b7-9e6b-462e0b467019 \ 151 151 + -T 0 \ 152 152 + --tar=f \ 153 153 + "$TMPDIR"/store.img 189 154 190 190 - # Create a directory for exchanging data with the VM. 191 191 - mkdir -p "$TMPDIR/xchg" 155 155 + echo "Created Nix store image." 156 156 + '' 157 157 + } 192 158 193 193 - ${lib.optionalString cfg.useHostCerts '' 194 194 - mkdir -p "$TMPDIR/certs" 195 195 - if [ -e "$NIX_SSL_CERT_FILE" ]; then 196 196 - cp -L "$NIX_SSL_CERT_FILE" "$TMPDIR"/certs/ca-certificates.crt 197 197 - else 198 198 - echo \$NIX_SSL_CERT_FILE should point to a valid file if virtualisation.useHostCerts is enabled. 199 199 - fi 200 200 - ''} 159 159 + # Create a directory for exchanging data with the VM. 160 160 + mkdir -p "$TMPDIR/xchg" 201 161 202 202 - ${lib.optionalString cfg.useEFIBoot '' 203 203 - # Expose EFI variables, it's useful even when we are not using a bootloader (!). 204 204 - # We might be interested in having EFI variable storage present even if we aren't booting via UEFI, hence 205 205 - # no guard against `useBootLoader`. Examples: 206 206 - # - testing PXE boot or other EFI applications 207 207 - # - directbooting LinuxBoot, which `kexec()s` into a UEFI environment that can boot e.g. Windows 208 208 - NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${config.system.name}-efi-vars.fd}") 209 209 - # VM needs writable EFI vars 210 210 - if ! test -e "$NIX_EFI_VARS"; then 211 211 - ${ 212 212 - if cfg.efi.keepVariables then 213 213 - # We still need the EFI var from the make-disk-image derivation 214 214 - # because our "switch-to-configuration" process might 215 215 - # write into it and we want to keep this data. 216 216 - ''cp ${systemImage}/efi-vars.fd "$NIX_EFI_VARS"'' 162 162 + ${lib.optionalString cfg.useHostCerts 163 163 + '' 164 164 + mkdir -p "$TMPDIR/certs" 165 165 + if [ -e "$NIX_SSL_CERT_FILE" ]; then 166 166 + cp -L "$NIX_SSL_CERT_FILE" "$TMPDIR"/certs/ca-certificates.crt 217 167 else 218 218 - ''cp ${cfg.efi.variables} "$NIX_EFI_VARS"'' 219 219 - } 220 220 - chmod 0644 "$NIX_EFI_VARS" 221 221 - fi 222 222 - ''} 168 168 + echo \$NIX_SSL_CERT_FILE should point to a valid file if virtualisation.useHostCerts is enabled. 169 169 + fi 170 170 + ''} 223 171 224 224 - ${lib.optionalString cfg.tpm.enable '' 225 225 - NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}") 226 226 - mkdir -p "$NIX_SWTPM_DIR" 227 227 - ${lib.getExe cfg.tpm.package} \ 228 228 - socket \ 229 229 - --tpmstate dir="$NIX_SWTPM_DIR" \ 230 230 - --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket,terminate \ 231 231 - --pid file="$NIX_SWTPM_DIR"/pid --daemon \ 232 232 - --tpm2 \ 233 233 - --log file="$NIX_SWTPM_DIR"/stdout,level=6 172 172 + ${lib.optionalString cfg.useEFIBoot 173 173 + '' 174 174 + # Expose EFI variables, it's useful even when we are not using a bootloader (!). 175 175 + # We might be interested in having EFI variable storage present even if we aren't booting via UEFI, hence 176 176 + # no guard against `useBootLoader`. Examples: 177 177 + # - testing PXE boot or other EFI applications 178 178 + # - directbooting LinuxBoot, which `kexec()s` into a UEFI environment that can boot e.g. Windows 179 179 + NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${config.system.name}-efi-vars.fd}") 180 180 + # VM needs writable EFI vars 181 181 + if ! test -e "$NIX_EFI_VARS"; then 182 182 + ${if cfg.efi.keepVariables then 183 183 + # We still need the EFI var from the make-disk-image derivation 184 184 + # because our "switch-to-configuration" process might 185 185 + # write into it and we want to keep this data. 186 186 + ''cp ${systemImage}/efi-vars.fd "$NIX_EFI_VARS"'' 187 187 + else 188 188 + ''cp ${cfg.efi.variables} "$NIX_EFI_VARS"'' 189 189 + } 190 190 + chmod 0644 "$NIX_EFI_VARS" 191 191 + fi 192 192 + ''} 234 193 235 235 - # Enable `fdflags` builtin in Bash 236 236 - # We will need it to perform surgical modification of the file descriptor 237 237 - # passed in the coprocess to remove `FD_CLOEXEC`, i.e. close the file descriptor 238 238 - # on exec. 239 239 - # If let alone, it will trigger the coprocess to read EOF when QEMU is `exec` 240 240 - # at the end of this script. To work around that, we will just clear 241 241 - # the `FD_CLOEXEC` bits as a first step. 242 242 - enable -f ${hostPkgs.bash}/lib/bash/fdflags fdflags 243 243 - # leave a dangling subprocess because the swtpm ctrl socket has 244 244 - # "terminate" when the last connection disconnects, it stops swtpm. 245 245 - # When qemu stops, or if the main shell process ends, the coproc will 246 246 - # get signaled by virtue of the pipe between main and coproc ending. 247 247 - # Which in turns triggers a socat connect-disconnect to swtpm which 248 248 - # will stop it. 249 249 - coproc waitingswtpm { 250 250 - read || : 251 251 - echo "" | ${lib.getExe hostPkgs.socat} STDIO UNIX-CONNECT:"$NIX_SWTPM_DIR"/socket 252 252 - } 253 253 - # Clear `FD_CLOEXEC` on the coprocess' file descriptor stdin. 254 254 - fdflags -s-cloexec ''${waitingswtpm[1]} 255 255 - ''} 194 194 + ${lib.optionalString cfg.tpm.enable '' 195 195 + NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}") 196 196 + mkdir -p "$NIX_SWTPM_DIR" 197 197 + ${lib.getExe cfg.tpm.package} \ 198 198 + socket \ 199 199 + --tpmstate dir="$NIX_SWTPM_DIR" \ 200 200 + --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket,terminate \ 201 201 + --pid file="$NIX_SWTPM_DIR"/pid --daemon \ 202 202 + --tpm2 \ 203 203 + --log file="$NIX_SWTPM_DIR"/stdout,level=6 256 204 257 257 - cd "$TMPDIR" 205 205 + # Enable `fdflags` builtin in Bash 206 206 + # We will need it to perform surgical modification of the file descriptor 207 207 + # passed in the coprocess to remove `FD_CLOEXEC`, i.e. close the file descriptor 208 208 + # on exec. 209 209 + # If let alone, it will trigger the coprocess to read EOF when QEMU is `exec` 210 210 + # at the end of this script. To work around that, we will just clear 211 211 + # the `FD_CLOEXEC` bits as a first step. 212 212 + enable -f ${hostPkgs.bash}/lib/bash/fdflags fdflags 213 213 + # leave a dangling subprocess because the swtpm ctrl socket has 214 214 + # "terminate" when the last connection disconnects, it stops swtpm. 215 215 + # When qemu stops, or if the main shell process ends, the coproc will 216 216 + # get signaled by virtue of the pipe between main and coproc ending. 217 217 + # Which in turns triggers a socat connect-disconnect to swtpm which 218 218 + # will stop it. 219 219 + coproc waitingswtpm { 220 220 + read || : 221 221 + echo "" | ${lib.getExe hostPkgs.socat} STDIO UNIX-CONNECT:"$NIX_SWTPM_DIR"/socket 222 222 + } 223 223 + # Clear `FD_CLOEXEC` on the coprocess' file descriptor stdin. 224 224 + fdflags -s-cloexec ''${waitingswtpm[1]} 225 225 + ''} 258 226 259 259 - ${lib.optionalString (cfg.emptyDiskImages != [ ]) "idx=0"} 260 260 - ${flip concatMapStrings cfg.emptyDiskImages (size: '' 261 261 - if ! test -e "empty$idx.qcow2"; then 262 262 - ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" 263 263 - fi 264 264 - idx=$((idx + 1)) 265 265 - '')} 227 227 + cd "$TMPDIR" 228 228 + 229 229 + ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} 230 230 + ${flip concatMapStrings cfg.emptyDiskImages (size: '' 231 231 + if ! test -e "empty$idx.qcow2"; then 232 232 + ${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" 233 233 + fi 234 234 + idx=$((idx + 1)) 235 235 + '')} 236 236 + 237 237 + # Start QEMU. 238 238 + exec ${qemu-common.qemuBinary qemu} \ 239 239 + -name ${config.system.name} \ 240 240 + -m ${toString config.virtualisation.memorySize} \ 241 241 + -smp ${toString config.virtualisation.cores} \ 242 242 + -device virtio-rng-pci \ 243 243 + ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ 244 244 + ${concatStringsSep " \\\n " 245 245 + (mapAttrsToList 246 246 + (tag: share: "-virtfs local,path=${share.source},security_model=${share.securityModel},mount_tag=${tag}") 247 247 + config.virtualisation.sharedDirectories)} \ 248 248 + ${drivesCmdLine config.virtualisation.qemu.drives} \ 249 249 + ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ 250 250 + $QEMU_OPTS \ 251 251 + "$@" 252 252 + ''; 266 253 267 267 - # Start QEMU. 268 268 - exec ${qemu-common.qemuBinary qemu} \ 269 269 - -name ${config.system.name} \ 270 270 - -m ${toString config.virtualisation.memorySize} \ 271 271 - -smp ${toString config.virtualisation.cores} \ 272 272 - -device virtio-rng-pci \ 273 273 - ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ 274 274 - ${ 275 275 - concatStringsSep " \\\n " ( 276 276 - mapAttrsToList ( 277 277 - tag: share: 278 278 - "-virtfs local,path=${share.source},security_model=${share.securityModel},mount_tag=${tag}" 279 279 - ) config.virtualisation.sharedDirectories 280 280 - ) 281 281 - } \ 282 282 - ${drivesCmdLine config.virtualisation.qemu.drives} \ 283 283 - ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ 284 284 - $QEMU_OPTS \ 285 285 - "$@" 286 286 - ''; 287 254 288 255 regInfo = hostPkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; }; 289 256 ··· 325 292 OVMF = cfg.efi.OVMF; 326 293 }; 327 294 328 328 - virtualisationOptions = import ./virtualisation-options.nix; 329 329 - 330 295 in 331 296 332 297 { 333 298 imports = [ 334 334 - ./virtualisation-options.nix 335 299 ../profiles/qemu-guest.nix 336 336 - virtualisationOptions.diskSize 337 337 - (mkRenamedOptionModule 338 338 - [ 339 339 - "virtualisation" 340 340 - "pathsInNixDB" 341 341 - ] 342 342 - [ 343 343 - "virtualisation" 344 344 - "additionalPaths" 345 345 - ] 346 346 - ) 347 347 - (mkRemovedOptionModule 348 348 - [ 349 349 - "virtualisation" 350 350 - "bootDevice" 351 351 - ] 352 352 - "This option was renamed to `virtualisation.rootDevice`, as it was incorrectly named and misleading. Take the time to review what you want to do and look at the new options like `virtualisation.{bootLoaderDevice, bootPartition}`, open an issue in case of issues." 353 353 - ) 354 354 - (mkRemovedOptionModule 355 355 - [ 356 356 - "virtualisation" 357 357 - "efiVars" 358 358 - ] 359 359 - "This option was removed, it is possible to provide a template UEFI variable with `virtualisation.efi.variables` ; if this option is important to you, open an issue" 360 360 - ) 361 361 - (mkRemovedOptionModule 362 362 - [ 363 363 - "virtualisation" 364 364 - "persistBootDevice" 365 365 - ] 366 366 - "Boot device is always persisted if you use a bootloader through the root disk image ; if this does not work for your usecase, please examine carefully what `virtualisation.{bootDevice, rootDevice, bootPartition}` options offer you and open an issue explaining your need.`" 367 367 - ) 300 300 + (mkRenamedOptionModule [ "virtualisation" "pathsInNixDB" ] [ "virtualisation" "additionalPaths" ]) 301 301 + (mkRemovedOptionModule [ "virtualisation" "bootDevice" ] "This option was renamed to `virtualisation.rootDevice`, as it was incorrectly named and misleading. Take the time to review what you want to do and look at the new options like `virtualisation.{bootLoaderDevice, bootPartition}`, open an issue in case of issues.") 302 302 + (mkRemovedOptionModule [ "virtualisation" "efiVars" ] "This option was removed, it is possible to provide a template UEFI variable with `virtualisation.efi.variables` ; if this option is important to you, open an issue") 303 303 + (mkRemovedOptionModule [ "virtualisation" "persistBootDevice" ] "Boot device is always persisted if you use a bootloader through the root disk image ; if this does not work for your usecase, please examine carefully what `virtualisation.{bootDevice, rootDevice, bootPartition}` options offer you and open an issue explaining your need.`") 368 304 ]; 369 305 370 306 options = { 371 307 372 308 virtualisation.fileSystems = options.fileSystems; 373 309 374 374 - virtualisation.memorySize = mkOption { 375 375 - type = types.ints.positive; 376 376 - default = 1024; 377 377 - description = '' 378 378 - The memory size in megabytes of the virtual machine. 379 379 - ''; 380 380 - }; 310 310 + virtualisation.memorySize = 311 311 + mkOption { 312 312 + type = types.ints.positive; 313 313 + default = 1024; 314 314 + description = '' 315 315 + The memory size in megabytes of the virtual machine. 316 316 + ''; 317 317 + }; 381 318 382 382 - virtualisation.msize = mkOption { 383 383 - type = types.ints.positive; 384 384 - default = 16384; 385 385 - description = '' 386 386 - The msize (maximum packet size) option passed to 9p file systems, in 387 387 - bytes. Increasing this should increase performance significantly, 388 388 - at the cost of higher RAM usage. 389 389 - ''; 390 390 - }; 319 319 + virtualisation.msize = 320 320 + mkOption { 321 321 + type = types.ints.positive; 322 322 + default = 16384; 323 323 + description = '' 324 324 + The msize (maximum packet size) option passed to 9p file systems, in 325 325 + bytes. Increasing this should increase performance significantly, 326 326 + at the cost of higher RAM usage. 327 327 + ''; 328 328 + }; 391 329 392 392 - virtualisation.diskImage = mkOption { 393 393 - type = types.nullOr types.str; 394 394 - default = "./${config.system.name}.qcow2"; 395 395 - defaultText = literalExpression ''"./''${config.system.name}.qcow2"''; 396 396 - description = '' 397 397 - Path to the disk image containing the root filesystem. 398 398 - The image will be created on startup if it does not 399 399 - exist. 330 330 + virtualisation.diskSize = 331 331 + mkOption { 332 332 + type = types.ints.positive; 333 333 + default = 1024; 334 334 + description = '' 335 335 + The disk size in megabytes of the virtual machine. 336 336 + ''; 337 337 + }; 400 338 401 401 - If null, a tmpfs will be used as the root filesystem and 402 402 - the VM's state will not be persistent. 403 403 - ''; 404 404 - }; 339 339 + virtualisation.diskImage = 340 340 + mkOption { 341 341 + type = types.nullOr types.str; 342 342 + default = "./${config.system.name}.qcow2"; 343 343 + defaultText = literalExpression ''"./''${config.system.name}.qcow2"''; 344 344 + description = '' 345 345 + Path to the disk image containing the root filesystem. 346 346 + The image will be created on startup if it does not 347 347 + exist. 405 348 406 406 - virtualisation.bootLoaderDevice = mkOption { 407 407 - type = types.path; 408 408 - default = "/dev/disk/by-id/virtio-${rootDriveSerialAttr}"; 409 409 - defaultText = literalExpression ''/dev/disk/by-id/virtio-${rootDriveSerialAttr}''; 410 410 - example = "/dev/disk/by-id/virtio-boot-loader-device"; 411 411 - description = '' 412 412 - The path (inside th VM) to the device to boot from when legacy booting. 413 413 - ''; 414 414 - }; 349 349 + If null, a tmpfs will be used as the root filesystem and 350 350 + the VM's state will not be persistent. 351 351 + ''; 352 352 + }; 415 353 416 416 - virtualisation.bootPartition = mkOption { 417 417 - type = types.nullOr types.path; 418 418 - default = if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null; 419 419 - defaultText = literalExpression ''if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null''; 420 420 - example = "/dev/disk/by-label/esp"; 421 421 - description = '' 422 422 - The path (inside the VM) to the device containing the EFI System Partition (ESP). 354 354 + virtualisation.bootLoaderDevice = 355 355 + mkOption { 356 356 + type = types.path; 357 357 + default = "/dev/disk/by-id/virtio-${rootDriveSerialAttr}"; 358 358 + defaultText = literalExpression ''/dev/disk/by-id/virtio-${rootDriveSerialAttr}''; 359 359 + example = "/dev/disk/by-id/virtio-boot-loader-device"; 360 360 + description = '' 361 361 + The path (inside th VM) to the device to boot from when legacy booting. 362 362 + ''; 363 363 + }; 423 364 424 424 - If you are *not* booting from a UEFI firmware, this value is, by 425 425 - default, `null`. The ESP is mounted to `boot.loader.efi.efiSysMountpoint`. 426 426 - ''; 427 427 - }; 365 365 + virtualisation.bootPartition = 366 366 + mkOption { 367 367 + type = types.nullOr types.path; 368 368 + default = if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null; 369 369 + defaultText = literalExpression ''if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null''; 370 370 + example = "/dev/disk/by-label/esp"; 371 371 + description = '' 372 372 + The path (inside the VM) to the device containing the EFI System Partition (ESP). 428 373 429 429 - virtualisation.rootDevice = mkOption { 430 430 - type = types.nullOr types.path; 431 431 - default = "/dev/disk/by-label/${rootFilesystemLabel}"; 432 432 - defaultText = literalExpression ''/dev/disk/by-label/${rootFilesystemLabel}''; 433 433 - example = "/dev/disk/by-label/nixos"; 434 434 - description = '' 435 435 - The path (inside the VM) to the device containing the root filesystem. 436 436 - ''; 437 437 - }; 374 374 + If you are *not* booting from a UEFI firmware, this value is, by 375 375 + default, `null`. The ESP is mounted to `boot.loader.efi.efiSysMountpoint`. 376 376 + ''; 377 377 + }; 438 378 439 439 - virtualisation.emptyDiskImages = mkOption { 440 440 - type = types.listOf types.ints.positive; 441 441 - default = [ ]; 442 442 - description = '' 443 443 - Additional disk images to provide to the VM. The value is 444 444 - a list of size in megabytes of each disk. These disks are 445 445 - writeable by the VM. 446 446 - ''; 447 447 - }; 379 379 + virtualisation.rootDevice = 380 380 + mkOption { 381 381 + type = types.nullOr types.path; 382 382 + default = "/dev/disk/by-label/${rootFilesystemLabel}"; 383 383 + defaultText = literalExpression ''/dev/disk/by-label/${rootFilesystemLabel}''; 384 384 + example = "/dev/disk/by-label/nixos"; 385 385 + description = '' 386 386 + The path (inside the VM) to the device containing the root filesystem. 387 387 + ''; 388 388 + }; 448 389 449 449 - virtualisation.graphics = mkOption { 450 450 - type = types.bool; 451 451 - default = true; 452 452 - description = '' 453 453 - Whether to run QEMU with a graphics window, or in nographic mode. 454 454 - Serial console will be enabled on both settings, but this will 455 455 - change the preferred console. 456 456 - ''; 457 457 - }; 390 390 + virtualisation.emptyDiskImages = 391 391 + mkOption { 392 392 + type = types.listOf types.ints.positive; 393 393 + default = []; 394 394 + description = '' 395 395 + Additional disk images to provide to the VM. The value is 396 396 + a list of size in megabytes of each disk. These disks are 397 397 + writeable by the VM. 398 398 + ''; 399 399 + }; 458 400 459 459 - virtualisation.resolution = mkOption { 460 460 - type = options.services.xserver.resolutions.type.nestedTypes.elemType; 461 461 - default = { 462 462 - x = 1024; 463 463 - y = 768; 401 401 + virtualisation.graphics = 402 402 + mkOption { 403 403 + type = types.bool; 404 404 + default = true; 405 405 + description = '' 406 406 + Whether to run QEMU with a graphics window, or in nographic mode. 407 407 + Serial console will be enabled on both settings, but this will 408 408 + change the preferred console. 409 409 + ''; 464 410 }; 465 465 - description = '' 466 466 - The resolution of the virtual machine display. 467 467 - ''; 468 468 - }; 469 411 470 470 - virtualisation.cores = mkOption { 471 471 - type = types.ints.positive; 472 472 - default = 1; 473 473 - description = '' 474 474 - Specify the number of cores the guest is permitted to use. 475 475 - The number can be higher than the available cores on the 476 476 - host system. 477 477 - ''; 478 478 - }; 412 412 + virtualisation.resolution = 413 413 + mkOption { 414 414 + type = options.services.xserver.resolutions.type.nestedTypes.elemType; 415 415 + default = { x = 1024; y = 768; }; 416 416 + description = '' 417 417 + The resolution of the virtual machine display. 418 418 + ''; 419 419 + }; 479 420 480 480 - virtualisation.sharedDirectories = mkOption { 481 481 - type = types.attrsOf ( 482 482 - types.submodule { 483 483 - options.source = mkOption { 484 484 - type = types.str; 485 485 - description = "The path of the directory to share, can be a shell variable"; 486 486 - }; 487 487 - options.target = mkOption { 488 488 - type = types.path; 489 489 - description = "The mount point of the directory inside the virtual machine"; 490 490 - }; 491 491 - options.securityModel = mkOption { 492 492 - type = types.enum [ 493 493 - "passthrough" 494 494 - "mapped-xattr" 495 495 - "mapped-file" 496 496 - "none" 497 497 - ]; 498 498 - default = "mapped-xattr"; 499 499 - description = '' 500 500 - The security model to use for this share: 421 421 + virtualisation.cores = 422 422 + mkOption { 423 423 + type = types.ints.positive; 424 424 + default = 1; 425 425 + description = '' 426 426 + Specify the number of cores the guest is permitted to use. 427 427 + The number can be higher than the available cores on the 428 428 + host system. 429 429 + ''; 430 430 + }; 501 431 502 502 - - `passthrough`: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root) 503 503 - - `mapped-xattr`: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes 504 504 - - `mapped-file`: the attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools 505 505 - - `none`: same as "passthrough" except the sever won't report failures if it fails to set file attributes like ownership 506 506 - ''; 507 507 - }; 508 508 - } 509 509 - ); 510 510 - default = { }; 511 511 - example = { 512 512 - my-share = { 513 513 - source = "/path/to/be/shared"; 514 514 - target = "/mnt/shared"; 432 432 + virtualisation.sharedDirectories = 433 433 + mkOption { 434 434 + type = types.attrsOf 435 435 + (types.submodule { 436 436 + options.source = mkOption { 437 437 + type = types.str; 438 438 + description = "The path of the directory to share, can be a shell variable"; 439 439 + }; 440 440 + options.target = mkOption { 441 441 + type = types.path; 442 442 + description = "The mount point of the directory inside the virtual machine"; 443 443 + }; 444 444 + options.securityModel = mkOption { 445 445 + type = types.enum [ "passthrough" "mapped-xattr" "mapped-file" "none" ]; 446 446 + default = "mapped-xattr"; 447 447 + description = '' 448 448 + The security model to use for this share: 449 449 + 450 450 + - `passthrough`: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root) 451 451 + - `mapped-xattr`: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes 452 452 + - `mapped-file`: the attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools 453 453 + - `none`: same as "passthrough" except the sever won't report failures if it fails to set file attributes like ownership 454 454 + ''; 455 455 + }; 456 456 + }); 457 457 + default = { }; 458 458 + example = { 459 459 + my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; }; 515 460 }; 461 461 + description = '' 462 462 + An attributes set of directories that will be shared with the 463 463 + virtual machine using VirtFS (9P filesystem over VirtIO). 464 464 + The attribute name will be used as the 9P mount tag. 465 465 + ''; 516 466 }; 517 517 - description = '' 518 518 - An attributes set of directories that will be shared with the 519 519 - virtual machine using VirtFS (9P filesystem over VirtIO). 520 520 - The attribute name will be used as the 9P mount tag. 521 521 - ''; 522 522 - }; 523 467 524 524 - virtualisation.additionalPaths = mkOption { 525 525 - type = types.listOf types.path; 526 526 - default = [ ]; 527 527 - description = '' 528 528 - A list of paths whose closure should be made available to 529 529 - the VM. 468 468 + virtualisation.additionalPaths = 469 469 + mkOption { 470 470 + type = types.listOf types.path; 471 471 + default = []; 472 472 + description = '' 473 473 + A list of paths whose closure should be made available to 474 474 + the VM. 530 475 531 531 - When 9p is used, the closure is registered in the Nix 532 532 - database in the VM. All other paths in the host Nix store 533 533 - appear in the guest Nix store as well, but are considered 534 534 - garbage (because they are not registered in the Nix 535 535 - database of the guest). 476 476 + When 9p is used, the closure is registered in the Nix 477 477 + database in the VM. All other paths in the host Nix store 478 478 + appear in the guest Nix store as well, but are considered 479 479 + garbage (because they are not registered in the Nix 480 480 + database of the guest). 536 481 537 537 - When {option}`virtualisation.useNixStoreImage` is 538 538 - set, the closure is copied to the Nix store image. 539 539 - ''; 540 540 - }; 482 482 + When {option}`virtualisation.useNixStoreImage` is 483 483 + set, the closure is copied to the Nix store image. 484 484 + ''; 485 485 + }; 541 486 542 487 virtualisation.forwardPorts = mkOption { 543 543 - type = types.listOf ( 544 544 - types.submodule { 488 488 + type = types.listOf 489 489 + (types.submodule { 545 490 options.from = mkOption { 546 546 - type = types.enum [ 547 547 - "host" 548 548 - "guest" 549 549 - ]; 491 491 + type = types.enum [ "host" "guest" ]; 550 492 default = "host"; 551 493 description = '' 552 552 - Controls the direction in which the ports are mapped: 494 494 + Controls the direction in which the ports are mapped: 553 495 554 554 - - `"host"` means traffic from the host ports 555 555 - is forwarded to the given guest port. 556 556 - - `"guest"` means traffic from the guest ports 557 557 - is forwarded to the given host port. 558 558 - ''; 496 496 + - `"host"` means traffic from the host ports 497 497 + is forwarded to the given guest port. 498 498 + - `"guest"` means traffic from the guest ports 499 499 + is forwarded to the given host port. 500 500 + ''; 559 501 }; 560 502 options.proto = mkOption { 561 561 - type = types.enum [ 562 562 - "tcp" 563 563 - "udp" 564 564 - ]; 503 503 + type = types.enum [ "tcp" "udp" ]; 565 504 default = "tcp"; 566 505 description = "The protocol to forward."; 567 506 }; ··· 583 522 type = types.port; 584 523 description = "The guest port to be mapped."; 585 524 }; 586 586 - } 587 587 - ); 588 588 - default = [ ]; 589 589 - example = lib.literalExpression '' 525 525 + }); 526 526 + default = []; 527 527 + example = lib.literalExpression 528 528 + '' 590 529 [ # forward local port 2222 -> 22, to ssh into the VM 591 530 { from = "host"; host.port = 2222; guest.port = 22; } 592 531 ··· 596 535 host.address = "127.0.0.1"; host.port = 80; 597 536 } 598 537 ] 599 599 - ''; 538 538 + ''; 600 539 description = '' 601 601 - When using the SLiRP user networking (default), this option allows to 602 602 - forward ports to/from the host/guest. 540 540 + When using the SLiRP user networking (default), this option allows to 541 541 + forward ports to/from the host/guest. 603 542 604 604 - ::: {.warning} 605 605 - If the NixOS firewall on the virtual machine is enabled, you also 606 606 - have to open the guest ports to enable the traffic between host and 607 607 - guest. 608 608 - ::: 543 543 + ::: {.warning} 544 544 + If the NixOS firewall on the virtual machine is enabled, you also 545 545 + have to open the guest ports to enable the traffic between host and 546 546 + guest. 547 547 + ::: 609 548 610 610 - ::: {.note} 611 611 - Currently QEMU supports only IPv4 forwarding. 612 612 - ::: 613 613 - ''; 549 549 + ::: {.note} 550 550 + Currently QEMU supports only IPv4 forwarding. 551 551 + ::: 552 552 + ''; 614 553 }; 615 554 616 616 - virtualisation.restrictNetwork = mkOption { 617 617 - type = types.bool; 618 618 - default = false; 619 619 - example = true; 620 620 - description = '' 621 621 - If this option is enabled, the guest will be isolated, i.e. it will 622 622 - not be able to contact the host and no guest IP packets will be 623 623 - routed over the host to the outside. This option does not affect 624 624 - any explicitly set forwarding rules. 625 625 - ''; 626 626 - }; 555 555 + virtualisation.restrictNetwork = 556 556 + mkOption { 557 557 + type = types.bool; 558 558 + default = false; 559 559 + example = true; 560 560 + description = '' 561 561 + If this option is enabled, the guest will be isolated, i.e. it will 562 562 + not be able to contact the host and no guest IP packets will be 563 563 + routed over the host to the outside. This option does not affect 564 564 + any explicitly set forwarding rules. 565 565 + ''; 566 566 + }; 627 567 628 628 - virtualisation.vlans = mkOption { 629 629 - type = types.listOf types.ints.unsigned; 630 630 - default = if config.virtualisation.interfaces == { } then [ 1 ] else [ ]; 631 631 - defaultText = lib.literalExpression ''if config.virtualisation.interfaces == {} then [ 1 ] else [ ]''; 632 632 - example = [ 633 633 - 1 634 634 - 2 635 635 - ]; 636 636 - description = '' 637 637 - Virtual networks to which the VM is connected. Each 638 638 - number «N» in this list causes 639 639 - the VM to have a virtual Ethernet interface attached to a 640 640 - separate virtual network on which it will be assigned IP 641 641 - address 642 642 - `192.168.«N».«M»`, 643 643 - where «M» is the index of this VM 644 644 - in the list of VMs. 645 645 - ''; 646 646 - }; 568 568 + virtualisation.vlans = 569 569 + mkOption { 570 570 + type = types.listOf types.ints.unsigned; 571 571 + default = if config.virtualisation.interfaces == {} then [ 1 ] else [ ]; 572 572 + defaultText = lib.literalExpression ''if config.virtualisation.interfaces == {} then [ 1 ] else [ ]''; 573 573 + example = [ 1 2 ]; 574 574 + description = '' 575 575 + Virtual networks to which the VM is connected. Each 576 576 + number «N» in this list causes 577 577 + the VM to have a virtual Ethernet interface attached to a 578 578 + separate virtual network on which it will be assigned IP 579 579 + address 580 580 + `192.168.«N».«M»`, 581 581 + where «M» is the index of this VM 582 582 + in the list of VMs. 583 583 + ''; 584 584 + }; 647 585 648 586 virtualisation.interfaces = mkOption { 649 649 - default = { }; 587 587 + default = {}; 650 588 example = { 651 589 enp1s0.vlan = 1; 652 590 }; 653 591 description = '' 654 592 Network interfaces to add to the VM. 655 593 ''; 656 656 - type = 657 657 - with types; 658 658 - attrsOf (submodule { 659 659 - options = { 660 660 - vlan = mkOption { 661 661 - type = types.ints.unsigned; 662 662 - description = '' 663 663 - VLAN to which the network interface is connected. 664 664 - ''; 665 665 - }; 594 594 + type = with types; attrsOf (submodule { 595 595 + options = { 596 596 + vlan = mkOption { 597 597 + type = types.ints.unsigned; 598 598 + description = '' 599 599 + VLAN to which the network interface is connected. 600 600 + ''; 601 601 + }; 666 602 667 667 - assignIP = mkOption { 668 668 - type = types.bool; 669 669 - default = false; 670 670 - description = '' 671 671 - Automatically assign an IP address to the network interface using the same scheme as 672 672 - virtualisation.vlans. 673 673 - ''; 674 674 - }; 603 603 + assignIP = mkOption { 604 604 + type = types.bool; 605 605 + default = false; 606 606 + description = '' 607 607 + Automatically assign an IP address to the network interface using the same scheme as 608 608 + virtualisation.vlans. 609 609 + ''; 675 610 }; 676 676 - }); 611 611 + }; 612 612 + }); 677 613 }; 678 614 679 679 - virtualisation.writableStore = mkOption { 680 680 - type = types.bool; 681 681 - default = cfg.mountHostNixStore; 682 682 - defaultText = literalExpression "cfg.mountHostNixStore"; 683 683 - description = '' 684 684 - If enabled, the Nix store in the VM is made writable by 685 685 - layering an overlay filesystem on top of the host's Nix 686 686 - store. 615 615 + virtualisation.writableStore = 616 616 + mkOption { 617 617 + type = types.bool; 618 618 + default = cfg.mountHostNixStore; 619 619 + defaultText = literalExpression "cfg.mountHostNixStore"; 620 620 + description = '' 621 621 + If enabled, the Nix store in the VM is made writable by 622 622 + layering an overlay filesystem on top of the host's Nix 623 623 + store. 687 624 688 688 - By default, this is enabled if you mount a host Nix store. 689 689 - ''; 690 690 - }; 625 625 + By default, this is enabled if you mount a host Nix store. 626 626 + ''; 627 627 + }; 691 628 692 692 - virtualisation.writableStoreUseTmpfs = mkOption { 693 693 - type = types.bool; 694 694 - default = true; 695 695 - description = '' 696 696 - Use a tmpfs for the writable store instead of writing to the VM's 697 697 - own filesystem. 698 698 - ''; 699 699 - }; 629 629 + virtualisation.writableStoreUseTmpfs = 630 630 + mkOption { 631 631 + type = types.bool; 632 632 + default = true; 633 633 + description = '' 634 634 + Use a tmpfs for the writable store instead of writing to the VM's 635 635 + own filesystem. 636 636 + ''; 637 637 + }; 700 638 701 701 - networking.primaryIPAddress = mkOption { 702 702 - type = types.str; 703 703 - default = ""; 704 704 - internal = true; 705 705 - description = "Primary IP address used in /etc/hosts."; 706 706 - }; 639 639 + networking.primaryIPAddress = 640 640 + mkOption { 641 641 + type = types.str; 642 642 + default = ""; 643 643 + internal = true; 644 644 + description = "Primary IP address used in /etc/hosts."; 645 645 + }; 707 646 708 708 - networking.primaryIPv6Address = mkOption { 709 709 - type = types.str; 710 710 - default = ""; 711 711 - internal = true; 712 712 - description = "Primary IPv6 address used in /etc/hosts."; 713 713 - }; 647 647 + networking.primaryIPv6Address = 648 648 + mkOption { 649 649 + type = types.str; 650 650 + default = ""; 651 651 + internal = true; 652 652 + description = "Primary IPv6 address used in /etc/hosts."; 653 653 + }; 714 654 715 655 virtualisation.host.pkgs = mkOption { 716 656 type = options.nixpkgs.pkgs.type; ··· 726 666 }; 727 667 728 668 virtualisation.qemu = { 729 729 - package = mkOption { 730 730 - type = types.package; 731 731 - default = 732 732 - if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then 733 733 - hostPkgs.qemu_kvm 734 734 - else 735 735 - hostPkgs.qemu; 736 736 - defaultText = literalExpression "if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then config.virtualisation.host.pkgs.qemu_kvm else config.virtualisation.host.pkgs.qemu"; 737 737 - example = literalExpression "pkgs.qemu_test"; 738 738 - description = "QEMU package to use."; 739 739 - }; 669 669 + package = 670 670 + mkOption { 671 671 + type = types.package; 672 672 + default = if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then hostPkgs.qemu_kvm else hostPkgs.qemu; 673 673 + defaultText = literalExpression "if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then config.virtualisation.host.pkgs.qemu_kvm else config.virtualisation.host.pkgs.qemu"; 674 674 + example = literalExpression "pkgs.qemu_test"; 675 675 + description = "QEMU package to use."; 676 676 + }; 740 677 741 741 - options = mkOption { 742 742 - type = types.listOf types.str; 743 743 - default = [ ]; 744 744 - example = [ "-vga std" ]; 745 745 - description = '' 746 746 - Options passed to QEMU. 747 747 - See [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for a complete list. 748 748 - ''; 749 749 - }; 678 678 + options = 679 679 + mkOption { 680 680 + type = types.listOf types.str; 681 681 + default = []; 682 682 + example = [ "-vga std" ]; 683 683 + description = '' 684 684 + Options passed to QEMU. 685 685 + See [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for a complete list. 686 686 + ''; 687 687 + }; 750 688 751 689 consoles = mkOption { 752 690 type = types.listOf types.str; 753 753 - default = 754 754 - let 755 755 - consoles = [ 756 756 - "${qemu-common.qemuSerialDevice},115200n8" 757 757 - "tty0" 758 758 - ]; 759 759 - in 760 760 - if cfg.graphics then consoles else reverseList consoles; 691 691 + default = let 692 692 + consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ]; 693 693 + in if cfg.graphics then consoles else reverseList consoles; 761 694 example = [ "console=tty1" ]; 762 695 description = '' 763 696 The output console devices to pass to the kernel command line via the ··· 770 703 ''; 771 704 }; 772 705 773 773 - networkingOptions = mkOption { 774 774 - type = types.listOf types.str; 775 775 - default = [ ]; 776 776 - example = [ 777 777 - "-net nic,netdev=user.0,model=virtio" 778 778 - "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" 779 779 - ]; 780 780 - description = '' 781 781 - Networking-related command-line options that should be passed to qemu. 782 782 - The default is to use userspace networking (SLiRP). 783 783 - See the [QEMU Wiki on Networking](https://wiki.qemu.org/Documentation/Networking) for details. 706 706 + networkingOptions = 707 707 + mkOption { 708 708 + type = types.listOf types.str; 709 709 + default = [ ]; 710 710 + example = [ 711 711 + "-net nic,netdev=user.0,model=virtio" 712 712 + "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" 713 713 + ]; 714 714 + description = '' 715 715 + Networking-related command-line options that should be passed to qemu. 716 716 + The default is to use userspace networking (SLiRP). 717 717 + See the [QEMU Wiki on Networking](https://wiki.qemu.org/Documentation/Networking) for details. 784 718 785 785 - If you override this option, be advised to keep 786 786 - `''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}` (as seen in the example) 787 787 - to keep the default runtime behaviour. 788 788 - ''; 789 789 - }; 719 719 + If you override this option, be advised to keep 720 720 + `''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}` (as seen in the example) 721 721 + to keep the default runtime behaviour. 722 722 + ''; 723 723 + }; 790 724 791 791 - drives = mkOption { 792 792 - type = types.listOf (types.submodule driveOpts); 793 793 - description = "Drives passed to qemu."; 794 794 - }; 725 725 + drives = 726 726 + mkOption { 727 727 + type = types.listOf (types.submodule driveOpts); 728 728 + description = "Drives passed to qemu."; 729 729 + }; 795 730 796 796 - diskInterface = mkOption { 797 797 - type = types.enum [ 798 798 - "virtio" 799 799 - "scsi" 800 800 - "ide" 801 801 - ]; 802 802 - default = "virtio"; 803 803 - example = "scsi"; 804 804 - description = "The interface used for the virtual hard disks."; 805 805 - }; 731 731 + diskInterface = 732 732 + mkOption { 733 733 + type = types.enum [ "virtio" "scsi" "ide" ]; 734 734 + default = "virtio"; 735 735 + example = "scsi"; 736 736 + description = "The interface used for the virtual hard disks."; 737 737 + }; 738 738 + 739 739 + guestAgent.enable = 740 740 + mkOption { 741 741 + type = types.bool; 742 742 + default = true; 743 743 + description = '' 744 744 + Enable the Qemu guest agent. 745 745 + ''; 746 746 + }; 806 747 807 807 - guestAgent.enable = mkOption { 748 748 + virtioKeyboard = 749 749 + mkOption { 750 750 + type = types.bool; 751 751 + default = true; 752 752 + description = '' 753 753 + Enable the virtio-keyboard device. 754 754 + ''; 755 755 + }; 756 756 + }; 757 757 + 758 758 + virtualisation.useNixStoreImage = 759 759 + mkOption { 808 760 type = types.bool; 809 809 - default = true; 761 761 + default = false; 810 762 description = '' 811 811 - Enable the Qemu guest agent. 763 763 + Build and use a disk image for the Nix store, instead of 764 764 + accessing the host's one through 9p. 765 765 + 766 766 + For applications which do a lot of reads from the store, 767 767 + this can drastically improve performance, but at the cost of 768 768 + disk space and image build time. 769 769 + 770 770 + The Nix store image is built just-in-time right before the VM is 771 771 + started. Because it does not produce another derivation, the image is 772 772 + not cached between invocations and never lands in the store or binary 773 773 + cache. 774 774 + 775 775 + If you want a full disk image with a partition table and a root 776 776 + filesystem instead of only a store image, enable 777 777 + {option}`virtualisation.useBootLoader` instead. 812 778 ''; 813 779 }; 814 780 815 815 - virtioKeyboard = mkOption { 781 781 + virtualisation.mountHostNixStore = 782 782 + mkOption { 816 783 type = types.bool; 817 817 - default = true; 784 784 + default = !cfg.useNixStoreImage && !cfg.useBootLoader; 785 785 + defaultText = literalExpression "!cfg.useNixStoreImage && !cfg.useBootLoader"; 818 786 description = '' 819 819 - Enable the virtio-keyboard device. 787 787 + Mount the host Nix store as a 9p mount. 820 788 ''; 821 789 }; 822 822 - }; 823 790 824 824 - virtualisation.useNixStoreImage = mkOption { 825 825 - type = types.bool; 826 826 - default = false; 827 827 - description = '' 828 828 - Build and use a disk image for the Nix store, instead of 829 829 - accessing the host's one through 9p. 791 791 + virtualisation.directBoot = { 792 792 + enable = 793 793 + mkOption { 794 794 + type = types.bool; 795 795 + default = !cfg.useBootLoader; 796 796 + defaultText = "!cfg.useBootLoader"; 797 797 + description = '' 798 798 + If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader. 799 799 + Read more about this feature in the [QEMU documentation on Direct Linux Boot](https://qemu-project.gitlab.io/qemu/system/linuxboot.html) 830 800 831 831 - For applications which do a lot of reads from the store, 832 832 - this can drastically improve performance, but at the cost of 833 833 - disk space and image build time. 801 801 + This is enabled by default. 802 802 + If you want to test netboot, consider disabling this option. 803 803 + Enable a bootloader with {option}`virtualisation.useBootLoader` if you need. 834 804 835 835 - The Nix store image is built just-in-time right before the VM is 836 836 - started. Because it does not produce another derivation, the image is 837 837 - not cached between invocations and never lands in the store or binary 838 838 - cache. 805 805 + Relevant parameters such as those set in `boot.initrd` and `boot.kernelParams` are also passed to QEMU. 806 806 + Additional parameters can be supplied on invocation through the environment variable `$QEMU_KERNEL_PARAMS`. 807 807 + They are added to the `-append` option, see [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for details 808 808 + For example, to let QEMU use the parent terminal as the serial console, set `QEMU_KERNEL_PARAMS="console=ttyS0"`. 839 809 840 840 - If you want a full disk image with a partition table and a root 841 841 - filesystem instead of only a store image, enable 842 842 - {option}`virtualisation.useBootLoader` instead. 843 843 - ''; 844 844 - }; 810 810 + This will not (re-)boot correctly into a system that has switched to a different configuration on disk. 811 811 + ''; 812 812 + }; 813 813 + initrd = 814 814 + mkOption { 815 815 + type = types.str; 816 816 + default = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 817 817 + defaultText = "\${config.system.build.initialRamdisk}/\${config.system.boot.loader.initrdFile}"; 818 818 + description = '' 819 819 + In direct boot situations, you may want to influence the initrd to load 820 820 + to use your own customized payload. 845 821 846 846 - virtualisation.mountHostNixStore = mkOption { 847 847 - type = types.bool; 848 848 - default = !cfg.useNixStoreImage && !cfg.useBootLoader; 849 849 - defaultText = literalExpression "!cfg.useNixStoreImage && !cfg.useBootLoader"; 850 850 - description = '' 851 851 - Mount the host Nix store as a 9p mount. 852 852 - ''; 822 822 + This is useful if you want to test the netboot image without 823 823 + testing the firmware or the loading part. 824 824 + ''; 825 825 + }; 853 826 }; 854 827 855 855 - virtualisation.directBoot = { 856 856 - enable = mkOption { 828 828 + virtualisation.useBootLoader = 829 829 + mkOption { 857 830 type = types.bool; 858 858 - default = !cfg.useBootLoader; 859 859 - defaultText = "!cfg.useBootLoader"; 831 831 + default = false; 860 832 description = '' 861 861 - If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader. 862 862 - Read more about this feature in the [QEMU documentation on Direct Linux Boot](https://qemu-project.gitlab.io/qemu/system/linuxboot.html) 833 833 + Use a boot loader to boot the system. 834 834 + This allows, among other things, testing the boot loader. 863 835 864 864 - This is enabled by default. 865 865 - If you want to test netboot, consider disabling this option. 866 866 - Enable a bootloader with {option}`virtualisation.useBootLoader` if you need. 867 867 - 868 868 - Relevant parameters such as those set in `boot.initrd` and `boot.kernelParams` are also passed to QEMU. 869 869 - Additional parameters can be supplied on invocation through the environment variable `$QEMU_KERNEL_PARAMS`. 870 870 - They are added to the `-append` option, see [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for details 871 871 - For example, to let QEMU use the parent terminal as the serial console, set `QEMU_KERNEL_PARAMS="console=ttyS0"`. 836 836 + If disabled, the kernel and initrd are directly booted, 837 837 + forgoing any bootloader. 872 838 873 873 - This will not (re-)boot correctly into a system that has switched to a different configuration on disk. 874 874 - ''; 839 839 + Check the documentation on {option}`virtualisation.directBoot.enable` for details. 840 840 + ''; 875 841 }; 876 876 - initrd = mkOption { 877 877 - type = types.str; 878 878 - default = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 879 879 - defaultText = "\${config.system.build.initialRamdisk}/\${config.system.boot.loader.initrdFile}"; 842 842 + 843 843 + virtualisation.useEFIBoot = 844 844 + mkOption { 845 845 + type = types.bool; 846 846 + default = false; 880 847 description = '' 881 881 - In direct boot situations, you may want to influence the initrd to load 882 882 - to use your own customized payload. 883 883 - 884 884 - This is useful if you want to test the netboot image without 885 885 - testing the firmware or the loading part. 886 886 - ''; 887 887 - }; 888 888 - }; 889 889 - 890 890 - virtualisation.useBootLoader = mkOption { 891 891 - type = types.bool; 892 892 - default = false; 893 893 - description = '' 894 894 - Use a boot loader to boot the system. 895 895 - This allows, among other things, testing the boot loader. 896 896 - 897 897 - If disabled, the kernel and initrd are directly booted, 898 898 - forgoing any bootloader. 899 899 - 900 900 - Check the documentation on {option}`virtualisation.directBoot.enable` for details. 901 901 - ''; 902 902 - }; 903 903 - 904 904 - virtualisation.useEFIBoot = mkOption { 905 905 - type = types.bool; 906 906 - default = false; 907 907 - description = '' 908 908 - If enabled, the virtual machine will provide a EFI boot 909 909 - manager. 910 910 - useEFIBoot is ignored if useBootLoader == false. 911 911 - ''; 912 912 - }; 848 848 + If enabled, the virtual machine will provide a EFI boot 849 849 + manager. 850 850 + useEFIBoot is ignored if useBootLoader == false. 851 851 + ''; 852 852 + }; 913 853 914 854 virtualisation.efi = { 915 855 OVMF = mkOption { 916 856 type = types.package; 917 917 - default = 918 918 - (pkgs.OVMF.override { 919 919 - secureBoot = cfg.useSecureBoot; 920 920 - }).fd; 921 921 - defaultText = '' 922 922 - (pkgs.OVMF.override { 923 923 - secureBoot = cfg.useSecureBoot; 924 924 - }).fd''; 857 857 + default = (pkgs.OVMF.override { 858 858 + secureBoot = cfg.useSecureBoot; 859 859 + }).fd; 860 860 + defaultText = ''(pkgs.OVMF.override { 861 861 + secureBoot = cfg.useSecureBoot; 862 862 + }).fd''; 925 863 description = "OVMF firmware package, defaults to OVMF configured with secure boot if needed."; 926 864 }; 927 865 ··· 930 868 default = cfg.efi.OVMF.firmware; 931 869 defaultText = literalExpression "cfg.efi.OVMF.firmware"; 932 870 description = '' 933 933 - Firmware binary for EFI implementation, defaults to OVMF. 934 934 - ''; 871 871 + Firmware binary for EFI implementation, defaults to OVMF. 872 872 + ''; 935 873 }; 936 874 937 875 variables = mkOption { ··· 939 877 default = cfg.efi.OVMF.variables; 940 878 defaultText = literalExpression "cfg.efi.OVMF.variables"; 941 879 description = '' 942 942 - Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware. 943 943 - Defaults to OVMF. 944 944 - ''; 880 880 + Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware. 881 881 + Defaults to OVMF. 882 882 + ''; 945 883 }; 946 884 947 885 keepVariables = mkOption { ··· 959 897 960 898 deviceModel = mkOption { 961 899 type = types.str; 962 962 - default = ( 963 963 - { 964 964 - "i686-linux" = "tpm-tis"; 965 965 - "x86_64-linux" = "tpm-tis"; 966 966 - "ppc64-linux" = "tpm-spapr"; 967 967 - "armv7-linux" = "tpm-tis-device"; 968 968 - "aarch64-linux" = "tpm-tis-device"; 969 969 - } 970 970 - .${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU") 971 971 - ); 900 900 + default = ({ 901 901 + "i686-linux" = "tpm-tis"; 902 902 + "x86_64-linux" = "tpm-tis"; 903 903 + "ppc64-linux" = "tpm-spapr"; 904 904 + "armv7-linux" = "tpm-tis-device"; 905 905 + "aarch64-linux" = "tpm-tis-device"; 906 906 + }.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU")); 972 907 defaultText = '' 973 908 Based on the guest platform Linux system: 974 909 ··· 981 916 }; 982 917 }; 983 918 984 984 - virtualisation.useDefaultFilesystems = mkOption { 985 985 - type = types.bool; 986 986 - default = true; 987 987 - description = '' 988 988 - If enabled, the boot disk of the virtual machine will be 989 989 - formatted and mounted with the default filesystems for 990 990 - testing. Swap devices and LUKS will be disabled. 919 919 + virtualisation.useDefaultFilesystems = 920 920 + mkOption { 921 921 + type = types.bool; 922 922 + default = true; 923 923 + description = '' 924 924 + If enabled, the boot disk of the virtual machine will be 925 925 + formatted and mounted with the default filesystems for 926 926 + testing. Swap devices and LUKS will be disabled. 991 927 992 992 - If disabled, a root filesystem has to be specified and 993 993 - formatted (for example in the initial ramdisk). 994 994 - ''; 995 995 - }; 928 928 + If disabled, a root filesystem has to be specified and 929 929 + formatted (for example in the initial ramdisk). 930 930 + ''; 931 931 + }; 996 932 997 997 - virtualisation.useSecureBoot = mkOption { 998 998 - type = types.bool; 999 999 - default = false; 1000 1000 - description = '' 1001 1001 - Enable Secure Boot support in the EFI firmware. 1002 1002 - ''; 1003 1003 - }; 933 933 + virtualisation.useSecureBoot = 934 934 + mkOption { 935 935 + type = types.bool; 936 936 + default = false; 937 937 + description = '' 938 938 + Enable Secure Boot support in the EFI firmware. 939 939 + ''; 940 940 + }; 1004 941 1005 1005 - virtualisation.bios = mkOption { 1006 1006 - type = types.nullOr types.package; 1007 1007 - default = null; 1008 1008 - description = '' 1009 1009 - An alternate BIOS (such as `qboot`) with which to start the VM. 1010 1010 - Should contain a file named `bios.bin`. 1011 1011 - If `null`, QEMU's builtin SeaBIOS will be used. 1012 1012 - ''; 1013 1013 - }; 942 942 + virtualisation.bios = 943 943 + mkOption { 944 944 + type = types.nullOr types.package; 945 945 + default = null; 946 946 + description = '' 947 947 + An alternate BIOS (such as `qboot`) with which to start the VM. 948 948 + Should contain a file named `bios.bin`. 949 949 + If `null`, QEMU's builtin SeaBIOS will be used. 950 950 + ''; 951 951 + }; 1014 952 1015 1015 - virtualisation.useHostCerts = mkOption { 1016 1016 - type = types.bool; 1017 1017 - default = false; 1018 1018 - description = '' 1019 1019 - If enabled, when `NIX_SSL_CERT_FILE` is set on the host, 1020 1020 - pass the CA certificates from the host to the VM. 1021 1021 - ''; 1022 1022 - }; 953 953 + virtualisation.useHostCerts = 954 954 + mkOption { 955 955 + type = types.bool; 956 956 + default = false; 957 957 + description = '' 958 958 + If enabled, when `NIX_SSL_CERT_FILE` is set on the host, 959 959 + pass the CA certificates from the host to the VM. 960 960 + ''; 961 961 + }; 1023 962 1024 963 }; 1025 964 1026 965 config = { 1027 966 1028 967 assertions = 1029 1029 - lib.concatLists ( 1030 1030 - lib.flip lib.imap cfg.forwardPorts ( 1031 1031 - i: rule: [ 1032 1032 - { 1033 1033 - assertion = rule.from == "guest" -> rule.proto == "tcp"; 1034 1034 - message = '' 968 968 + lib.concatLists (lib.flip lib.imap cfg.forwardPorts (i: rule: 969 969 + [ 970 970 + { assertion = rule.from == "guest" -> rule.proto == "tcp"; 971 971 + message = 972 972 + '' 1035 973 Invalid virtualisation.forwardPorts.<entry ${toString i}>.proto: 1036 974 Guest forwarding supports only TCP connections. 1037 975 ''; 1038 1038 - } 1039 1039 - { 1040 1040 - assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address; 1041 1041 - message = '' 976 976 + } 977 977 + { assertion = rule.from == "guest" -> lib.hasPrefix "10.0.2." rule.guest.address; 978 978 + message = 979 979 + '' 1042 980 Invalid virtualisation.forwardPorts.<entry ${toString i}>.guest.address: 1043 981 The address must be in the default VLAN (10.0.2.0/24). 1044 982 ''; 1045 1045 - } 1046 1046 - ] 1047 1047 - ) 1048 1048 - ) 1049 1049 - ++ [ 1050 1050 - { 1051 1051 - assertion = pkgs.stdenv.hostPlatform.is32bit -> cfg.memorySize < 2047; 1052 1052 - message = '' 1053 1053 - virtualisation.memorySize is above 2047, but qemu is only able to allocate 2047MB RAM on 32bit max. 1054 1054 - ''; 1055 1055 - } 1056 1056 - { 1057 1057 - assertion = 1058 1058 - cfg.directBoot.enable || cfg.directBoot.initrd == options.virtualisation.directBoot.initrd.default; 1059 1059 - message = '' 1060 1060 - You changed the default of `virtualisation.directBoot.initrd` but you are not 1061 1061 - using QEMU direct boot. This initrd will not be used in your current 1062 1062 - boot configuration. 983 983 + } 984 984 + ])) ++ [ 985 985 + { assertion = pkgs.stdenv.hostPlatform.is32bit -> cfg.memorySize < 2047; 986 986 + message = '' 987 987 + virtualisation.memorySize is above 2047, but qemu is only able to allocate 2047MB RAM on 32bit max. 988 988 + ''; 989 989 + } 990 990 + { assertion = cfg.directBoot.enable || cfg.directBoot.initrd == options.virtualisation.directBoot.initrd.default; 991 991 + message = 992 992 + '' 993 993 + You changed the default of `virtualisation.directBoot.initrd` but you are not 994 994 + using QEMU direct boot. This initrd will not be used in your current 995 995 + boot configuration. 1063 996 1064 1064 - Either do not mutate `virtualisation.directBoot.initrd` or enable direct boot. 997 997 + Either do not mutate `virtualisation.directBoot.initrd` or enable direct boot. 1065 998 1066 1066 - If you have a more advanced usecase, please open an issue or a pull request. 1067 1067 - ''; 1068 1068 - } 1069 1069 - ]; 999 999 + If you have a more advanced usecase, please open an issue or a pull request. 1000 1000 + ''; 1001 1001 + } 1002 1002 + ]; 1070 1003 1071 1071 - warnings = optional (cfg.directBoot.enable && cfg.useBootLoader) '' 1072 1072 - You enabled direct boot and a bootloader, QEMU will not boot your bootloader, rendering 1073 1073 - `useBootLoader` useless. You might want to disable one of those options. 1074 1074 - ''; 1004 1004 + warnings = 1005 1005 + optional (cfg.directBoot.enable && cfg.useBootLoader) 1006 1006 + '' 1007 1007 + You enabled direct boot and a bootloader, QEMU will not boot your bootloader, rendering 1008 1008 + `useBootLoader` useless. You might want to disable one of those options. 1009 1009 + ''; 1075 1010 1076 1011 # In UEFI boot, we use a EFI-only partition table layout, thus GRUB will fail when trying to install 1077 1012 # legacy and UEFI. In order to avoid this, we have to put "nodev" to force UEFI-only installs. ··· 1089 1024 # allow `system.build.toplevel' to be included. (If we had a direct 1090 1025 # reference to ${regInfo} here, then we would get a cyclic 1091 1026 # dependency.) 1092 1092 - boot.postBootCommands = lib.mkIf config.nix.enable '' 1093 1093 - if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then 1094 1094 - ${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} 1095 1095 - fi 1096 1096 - ''; 1027 1027 + boot.postBootCommands = lib.mkIf config.nix.enable 1028 1028 + '' 1029 1029 + if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then 1030 1030 + ${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} 1031 1031 + fi 1032 1032 + ''; 1097 1033 1098 1034 boot.initrd.availableKernelModules = 1099 1035 optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx" ··· 1130 1066 1131 1067 virtualisation.qemu.networkingOptions = 1132 1068 let 1133 1133 - forwardingOptions = flip concatMapStrings cfg.forwardPorts ( 1134 1134 - { 1135 1135 - proto, 1136 1136 - from, 1137 1137 - host, 1138 1138 - guest, 1139 1139 - }: 1140 1140 - if from == "host" then 1141 1141 - "hostfwd=${proto}:${host.address}:${toString host.port}-" 1142 1142 - + "${guest.address}:${toString guest.port}," 1143 1143 - else 1144 1144 - "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" 1145 1145 - + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," 1146 1146 - ); 1069 1069 + forwardingOptions = flip concatMapStrings cfg.forwardPorts 1070 1070 + ({ proto, from, host, guest }: 1071 1071 + if from == "host" 1072 1072 + then "hostfwd=${proto}:${host.address}:${toString host.port}-" + 1073 1073 + "${guest.address}:${toString guest.port}," 1074 1074 + else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" + 1075 1075 + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," 1076 1076 + ); 1147 1077 restrictNetworkOption = lib.optionalString cfg.restrictNetwork "restrict=on,"; 1148 1078 in 1149 1079 [ ··· 1156 1086 "-device virtio-keyboard" 1157 1087 ]) 1158 1088 (mkIf pkgs.stdenv.hostPlatform.isx86 [ 1159 1159 - "-usb" 1160 1160 - "-device usb-tablet,bus=usb-bus.0" 1089 1089 + "-usb" "-device usb-tablet,bus=usb-bus.0" 1161 1090 ]) 1162 1091 (mkIf pkgs.stdenv.hostPlatform.isAarch [ 1163 1163 - "-device virtio-gpu-pci" 1164 1164 - "-device usb-ehci,id=usb0" 1165 1165 - "-device usb-kbd" 1166 1166 - "-device usb-tablet" 1092 1092 + "-device virtio-gpu-pci" "-device usb-ehci,id=usb0" "-device usb-kbd" "-device usb-tablet" 1167 1093 ]) 1168 1168 - ( 1169 1169 - let 1170 1170 - alphaNumericChars = lowerChars ++ upperChars ++ (map toString (range 0 9)); 1171 1171 - # Replace all non-alphanumeric characters with underscores 1172 1172 - sanitizeShellIdent = 1173 1173 - s: 1174 1174 - concatMapStrings (c: if builtins.elem c alphaNumericChars then c else "_") (stringToCharacters s); 1175 1175 - in 1176 1176 - mkIf cfg.directBoot.enable [ 1177 1177 - "-kernel \${NIXPKGS_QEMU_KERNEL_${sanitizeShellIdent config.system.name}:-${config.system.build.toplevel}/kernel}" 1178 1178 - "-initrd ${cfg.directBoot.initrd}" 1179 1179 - ''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"'' 1180 1180 - ] 1181 1181 - ) 1094 1094 + (let 1095 1095 + alphaNumericChars = lowerChars ++ upperChars ++ (map toString (range 0 9)); 1096 1096 + # Replace all non-alphanumeric characters with underscores 1097 1097 + sanitizeShellIdent = s: concatMapStrings (c: if builtins.elem c alphaNumericChars then c else "_") (stringToCharacters s); 1098 1098 + in mkIf cfg.directBoot.enable [ 1099 1099 + "-kernel \${NIXPKGS_QEMU_KERNEL_${sanitizeShellIdent config.system.name}:-${config.system.build.toplevel}/kernel}" 1100 1100 + "-initrd ${cfg.directBoot.initrd}" 1101 1101 + ''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"'' 1102 1102 + ]) 1182 1103 (mkIf cfg.useEFIBoot [ 1183 1104 "-drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}" 1184 1105 "-drive if=pflash,format=raw,unit=1,readonly=off,file=$NIX_EFI_VARS" ··· 1195 1116 "-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0" 1196 1117 ]) 1197 1118 (mkIf (pkgs.stdenv.hostPlatform.isx86 && cfg.efi.OVMF.systemManagementModeRequired) [ 1198 1198 - "-machine" 1199 1199 - "q35,smm=on" 1200 1200 - "-global" 1201 1201 - "driver=cfi.pflash01,property=secure,value=on" 1119 1119 + "-machine" "q35,smm=on" 1120 1120 + "-global" "driver=cfi.pflash01,property=secure,value=on" 1202 1121 ]) 1203 1122 ]; 1204 1123 1205 1124 virtualisation.qemu.drives = mkMerge [ 1206 1206 - (mkIf (cfg.diskImage != null) [ 1207 1207 - { 1208 1208 - name = "root"; 1209 1209 - file = ''"$NIX_DISK_IMAGE"''; 1210 1210 - driveExtraOpts.cache = "writeback"; 1211 1211 - driveExtraOpts.werror = "report"; 1212 1212 - deviceExtraOpts.bootindex = "1"; 1213 1213 - deviceExtraOpts.serial = rootDriveSerialAttr; 1214 1214 - } 1215 1215 - ]) 1216 1216 - (mkIf cfg.useNixStoreImage [ 1217 1217 - { 1218 1218 - name = "nix-store"; 1219 1219 - file = ''"$TMPDIR"/store.img''; 1220 1220 - deviceExtraOpts.bootindex = "2"; 1221 1221 - driveExtraOpts.format = "raw"; 1222 1222 - } 1223 1223 - ]) 1125 1125 + (mkIf (cfg.diskImage != null) [{ 1126 1126 + name = "root"; 1127 1127 + file = ''"$NIX_DISK_IMAGE"''; 1128 1128 + driveExtraOpts.cache = "writeback"; 1129 1129 + driveExtraOpts.werror = "report"; 1130 1130 + deviceExtraOpts.bootindex = "1"; 1131 1131 + deviceExtraOpts.serial = rootDriveSerialAttr; 1132 1132 + }]) 1133 1133 + (mkIf cfg.useNixStoreImage [{ 1134 1134 + name = "nix-store"; 1135 1135 + file = ''"$TMPDIR"/store.img''; 1136 1136 + deviceExtraOpts.bootindex = "2"; 1137 1137 + driveExtraOpts.format = "raw"; 1138 1138 + }]) 1224 1139 (imap0 (idx: _: { 1225 1140 file = "$(pwd)/empty${toString idx}.qcow2"; 1226 1141 driveExtraOpts.werror = "report"; ··· 1234 1149 # override by setting `virtualisation.fileSystems = lib.mkForce { };`. 1235 1150 fileSystems = lib.mkIf (cfg.fileSystems != { }) (mkVMOverride cfg.fileSystems); 1236 1151 1237 1237 - virtualisation.diskSizeAutoSupported = false; 1238 1238 - 1239 1239 - virtualisation.fileSystems = 1240 1240 - let 1241 1241 - mkSharedDir = tag: share: { 1152 1152 + virtualisation.fileSystems = let 1153 1153 + mkSharedDir = tag: share: 1154 1154 + { 1242 1155 name = share.target; 1243 1156 value.device = tag; 1244 1157 value.fsType = "9p"; 1245 1158 value.neededForBoot = true; 1246 1246 - value.options = [ 1247 1247 - "trans=virtio" 1248 1248 - "version=9p2000.L" 1249 1249 - "msize=${toString cfg.msize}" 1250 1250 - ] ++ lib.optional (tag == "nix-store") "cache=loose"; 1159 1159 + value.options = 1160 1160 + [ "trans=virtio" "version=9p2000.L" "msize=${toString cfg.msize}" ] 1161 1161 + ++ lib.optional (tag == "nix-store") "cache=loose"; 1162 1162 + }; 1163 1163 + in lib.mkMerge [ 1164 1164 + (lib.mapAttrs' mkSharedDir cfg.sharedDirectories) 1165 1165 + { 1166 1166 + "/" = lib.mkIf cfg.useDefaultFilesystems (if cfg.diskImage == null then { 1167 1167 + device = "tmpfs"; 1168 1168 + fsType = "tmpfs"; 1169 1169 + } else { 1170 1170 + device = cfg.rootDevice; 1171 1171 + fsType = "ext4"; 1172 1172 + }); 1173 1173 + "/tmp" = lib.mkIf config.boot.tmp.useTmpfs { 1174 1174 + device = "tmpfs"; 1175 1175 + fsType = "tmpfs"; 1176 1176 + neededForBoot = true; 1177 1177 + # Sync with systemd's tmp.mount; 1178 1178 + options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmp.tmpfsSize}" ]; 1251 1179 }; 1252 1252 - in 1253 1253 - lib.mkMerge [ 1254 1254 - (lib.mapAttrs' mkSharedDir cfg.sharedDirectories) 1255 1255 - { 1256 1256 - "/" = lib.mkIf cfg.useDefaultFilesystems ( 1257 1257 - if cfg.diskImage == null then 1258 1258 - { 1259 1259 - device = "tmpfs"; 1260 1260 - fsType = "tmpfs"; 1261 1261 - } 1262 1262 - else 1263 1263 - { 1264 1264 - device = cfg.rootDevice; 1265 1265 - fsType = "ext4"; 1266 1266 - } 1267 1267 - ); 1268 1268 - "/tmp" = lib.mkIf config.boot.tmp.useTmpfs { 1269 1269 - device = "tmpfs"; 1270 1270 - fsType = "tmpfs"; 1271 1271 - neededForBoot = true; 1272 1272 - # Sync with systemd's tmp.mount; 1273 1273 - options = [ 1274 1274 - "mode=1777" 1275 1275 - "strictatime" 1276 1276 - "nosuid" 1277 1277 - "nodev" 1278 1278 - "size=${toString config.boot.tmp.tmpfsSize}" 1279 1279 - ]; 1180 1180 + "/nix/store" = lib.mkIf (cfg.useNixStoreImage || cfg.mountHostNixStore) (if cfg.writableStore then { 1181 1181 + overlay = { 1182 1182 + lowerdir = [ "/nix/.ro-store" ]; 1183 1183 + upperdir = "/nix/.rw-store/upper"; 1184 1184 + workdir = "/nix/.rw-store/work"; 1280 1185 }; 1281 1281 - "/nix/store" = lib.mkIf (cfg.useNixStoreImage || cfg.mountHostNixStore) ( 1282 1282 - if cfg.writableStore then 1283 1283 - { 1284 1284 - overlay = { 1285 1285 - lowerdir = [ "/nix/.ro-store" ]; 1286 1286 - upperdir = "/nix/.rw-store/upper"; 1287 1287 - workdir = "/nix/.rw-store/work"; 1288 1288 - }; 1289 1289 - } 1290 1290 - else 1291 1291 - { 1292 1292 - device = "/nix/.ro-store"; 1293 1293 - options = [ "bind" ]; 1294 1294 - } 1295 1295 - ); 1296 1296 - "/nix/.ro-store" = lib.mkIf cfg.useNixStoreImage { 1297 1297 - device = "/dev/disk/by-label/${nixStoreFilesystemLabel}"; 1298 1298 - fsType = "erofs"; 1299 1299 - neededForBoot = true; 1300 1300 - options = [ "ro" ]; 1301 1301 - }; 1302 1302 - "/nix/.rw-store" = lib.mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) { 1303 1303 - fsType = "tmpfs"; 1304 1304 - options = [ "mode=0755" ]; 1305 1305 - neededForBoot = true; 1306 1306 - }; 1307 1307 - "${config.boot.loader.efi.efiSysMountPoint}" = 1308 1308 - lib.mkIf (cfg.useBootLoader && cfg.bootPartition != null) 1309 1309 - { 1310 1310 - device = cfg.bootPartition; 1311 1311 - fsType = "vfat"; 1312 1312 - }; 1313 1313 - } 1314 1314 - ]; 1186 1186 + } else { 1187 1187 + device = "/nix/.ro-store"; 1188 1188 + options = [ "bind" ]; 1189 1189 + }); 1190 1190 + "/nix/.ro-store" = lib.mkIf cfg.useNixStoreImage { 1191 1191 + device = "/dev/disk/by-label/${nixStoreFilesystemLabel}"; 1192 1192 + fsType = "erofs"; 1193 1193 + neededForBoot = true; 1194 1194 + options = [ "ro" ]; 1195 1195 + }; 1196 1196 + "/nix/.rw-store" = lib.mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) { 1197 1197 + fsType = "tmpfs"; 1198 1198 + options = [ "mode=0755" ]; 1199 1199 + neededForBoot = true; 1200 1200 + }; 1201 1201 + "${config.boot.loader.efi.efiSysMountPoint}" = lib.mkIf (cfg.useBootLoader && cfg.bootPartition != null) { 1202 1202 + device = cfg.bootPartition; 1203 1203 + fsType = "vfat"; 1204 1204 + }; 1205 1205 + } 1206 1206 + ]; 1315 1207 1316 1208 swapDevices = (if cfg.useDefaultFilesystems then mkVMOverride else mkDefault) [ ]; 1317 1317 - boot.initrd.luks.devices = (if cfg.useDefaultFilesystems then mkVMOverride else mkDefault) { }; 1209 1209 + boot.initrd.luks.devices = (if cfg.useDefaultFilesystems then mkVMOverride else mkDefault) {}; 1318 1210 1319 1211 # Don't run ntpd in the guest. It should get the correct time from KVM. 1320 1212 services.timesyncd.enable = false; 1321 1213 1322 1214 services.qemuGuest.enable = cfg.qemu.guestAgent.enable; 1323 1215 1324 1324 - system.build.vm = 1325 1325 - hostPkgs.runCommand "nixos-vm" 1326 1326 - { 1327 1327 - preferLocalBuild = true; 1328 1328 - meta.mainProgram = "run-${config.system.name}-vm"; 1329 1329 - } 1330 1330 - '' 1331 1331 - mkdir -p $out/bin 1332 1332 - ln -s ${config.system.build.toplevel} $out/system 1333 1333 - ln -s ${hostPkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${config.system.name}-vm 1334 1334 - ''; 1216 1216 + system.build.vm = hostPkgs.runCommand "nixos-vm" { 1217 1217 + preferLocalBuild = true; 1218 1218 + meta.mainProgram = "run-${config.system.name}-vm"; 1219 1219 + } 1220 1220 + '' 1221 1221 + mkdir -p $out/bin 1222 1222 + ln -s ${config.system.build.toplevel} $out/system 1223 1223 + ln -s ${hostPkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${config.system.name}-vm 1224 1224 + ''; 1335 1225 1336 1226 # When building a regular system configuration, override whatever 1337 1227 # video driver the host uses. 1338 1228 services.xserver.videoDrivers = mkVMOverride [ "modesetting" ]; 1339 1229 services.xserver.defaultDepth = mkVMOverride 0; 1340 1230 services.xserver.resolutions = mkVMOverride [ cfg.resolution ]; 1341 1341 - services.xserver.monitorSection = '' 1342 1342 - # Set a higher refresh rate so that resolutions > 800x600 work. 1343 1343 - HorizSync 30-140 1344 1344 - VertRefresh 50-160 1345 1345 - ''; 1231 1231 + services.xserver.monitorSection = 1232 1232 + '' 1233 1233 + # Set a higher refresh rate so that resolutions > 800x600 work. 1234 1234 + HorizSync 30-140 1235 1235 + VertRefresh 50-160 1236 1236 + ''; 1346 1237 1347 1238 # Wireless won't work in the VM. 1348 1239 networking.wireless.enable = mkVMOverride false; ··· 1353 1244 1354 1245 networking.usePredictableInterfaceNames = false; 1355 1246 1356 1356 - system.requiredKernelConfig = 1357 1357 - with config.lib.kernelConfig; 1358 1358 - [ 1359 1359 - (isEnabled "VIRTIO_BLK") 1247 1247 + system.requiredKernelConfig = with config.lib.kernelConfig; 1248 1248 + [ (isEnabled "VIRTIO_BLK") 1360 1249 (isEnabled "VIRTIO_PCI") 1361 1250 (isEnabled "VIRTIO_NET") 1362 1251 (isEnabled "EXT4_FS") ··· 1368 1257 (isYes "NET_CORE") 1369 1258 (isYes "INET") 1370 1259 (isYes "NETWORK_FILESYSTEMS") 1371 1371 - ] 1372 1372 - ++ optionals (!cfg.graphics) [ 1260 1260 + ] ++ optionals (!cfg.graphics) [ 1373 1261 (isYes "SERIAL_8250_CONSOLE") 1374 1262 (isYes "SERIAL_8250") 1375 1375 - ] 1376 1376 - ++ optionals (cfg.writableStore) [ 1263 1263 + ] ++ optionals (cfg.writableStore) [ 1377 1264 (isEnabled "OVERLAY_FS") 1378 1265 ]; 1379 1266

+90 -135

nixos/modules/virtualisation/virtualbox-image.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - lib, 4 4 - pkgs, 5 5 - ... 6 6 - }: 1 1 + { config, lib, pkgs, ... }: 7 2 8 3 with lib; 9 4 10 5 let 11 6 12 7 cfg = config.virtualbox; 13 13 - virtualisationOptions = import ./virtualisation-options.nix; 14 8 15 15 - in 16 16 - { 17 17 - imports = [ 18 18 - virtualisationOptions.diskSize 19 19 - (lib.mkRenamedOptionModuleWith { 20 20 - sinceRelease = 2411; 21 21 - from = [ 22 22 - "virtualisation" 23 23 - "virtualbox" 24 24 - "baseImageSize" 25 25 - ]; 26 26 - to = [ 27 27 - "virtualisation" 28 28 - "diskSize" 29 29 - ]; 30 30 - }) 31 31 - ]; 9 9 + in { 32 10 33 11 options = { 34 12 virtualbox = { 13 13 + baseImageSize = mkOption { 14 14 + type = with types; either (enum [ "auto" ]) int; 15 15 + default = "auto"; 16 16 + example = 50 * 1024; 17 17 + description = '' 18 18 + The size of the VirtualBox base image in MiB. 19 19 + ''; 20 20 + }; 35 21 baseImageFreeSpace = mkOption { 36 22 type = with types; int; 37 23 default = 30 * 1024; ··· 68 54 ''; 69 55 }; 70 56 params = mkOption { 71 71 - type = 72 72 - with types; 73 73 - attrsOf (oneOf [ 74 74 - str 75 75 - int 76 76 - bool 77 77 - (listOf str) 78 78 - ]); 57 57 + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); 79 58 example = { 80 59 audio = "alsa"; 81 60 rtcuseutc = "on"; ··· 88 67 ''; 89 68 }; 90 69 exportParams = mkOption { 91 91 - type = 92 92 - with types; 93 93 - listOf (oneOf [ 94 94 - str 95 95 - int 96 96 - bool 97 97 - (listOf str) 98 98 - ]); 70 70 + type = with types; listOf (oneOf [ str int bool (listOf str) ]); 99 71 example = [ 100 100 - "--vsys" 101 101 - "0" 102 102 - "--vendor" 103 103 - "ACME Inc." 72 72 + "--vsys" "0" "--vendor" "ACME Inc." 104 73 ]; 105 105 - default = [ ]; 74 74 + default = []; 106 75 description = '' 107 76 Parameters passed to the Virtualbox export command. 108 77 ··· 120 89 mountPoint = "/home/demo/storage"; 121 90 size = 100 * 1024; 122 91 }; 123 123 - type = types.nullOr ( 124 124 - types.submodule { 125 125 - options = { 126 126 - size = mkOption { 127 127 - type = types.int; 128 128 - description = "Size in MiB"; 129 129 - }; 130 130 - label = mkOption { 131 131 - type = types.str; 132 132 - default = "vm-extra-storage"; 133 133 - description = "Label for the disk partition"; 134 134 - }; 135 135 - mountPoint = mkOption { 136 136 - type = types.str; 137 137 - description = "Path where to mount this disk."; 138 138 - }; 92 92 + type = types.nullOr (types.submodule { 93 93 + options = { 94 94 + size = mkOption { 95 95 + type = types.int; 96 96 + description = "Size in MiB"; 139 97 }; 140 140 - } 141 141 - ); 98 98 + label = mkOption { 99 99 + type = types.str; 100 100 + default = "vm-extra-storage"; 101 101 + description = "Label for the disk partition"; 102 102 + }; 103 103 + mountPoint = mkOption { 104 104 + type = types.str; 105 105 + description = "Path where to mount this disk."; 106 106 + }; 107 107 + }; 108 108 + }); 142 109 }; 143 110 postExportCommands = mkOption { 144 111 type = types.lines; ··· 158 125 ''; 159 126 }; 160 127 storageController = mkOption { 161 161 - type = 162 162 - with types; 163 163 - attrsOf (oneOf [ 164 164 - str 165 165 - int 166 166 - bool 167 167 - (listOf str) 168 168 - ]); 128 128 + type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); 169 129 example = { 170 130 name = "SCSI"; 171 131 add = "scsi"; ··· 192 152 193 153 config = { 194 154 195 195 - virtualisation.diskSize = lib.mkDefault (50 * 1024); 196 196 - 197 155 virtualbox.params = mkMerge [ 198 156 (mapAttrs (name: mkDefault) { 199 157 acpi = "on"; ··· 217 175 218 176 inherit pkgs lib config; 219 177 partitionTableType = "legacy"; 220 220 - inherit (config.virtualisation) diskSize; 178 178 + diskSize = cfg.baseImageSize; 221 179 additionalSpace = "${toString cfg.baseImageFreeSpace}M"; 222 180 223 223 - postVM = '' 224 224 - export HOME=$PWD 225 225 - export PATH=${pkgs.virtualbox}/bin:$PATH 181 181 + postVM = 182 182 + '' 183 183 + export HOME=$PWD 184 184 + export PATH=${pkgs.virtualbox}/bin:$PATH 226 185 227 227 - echo "converting image to VirtualBox format..." 228 228 - VBoxManage convertfromraw $diskImage disk.vdi 186 186 + echo "converting image to VirtualBox format..." 187 187 + VBoxManage convertfromraw $diskImage disk.vdi 229 188 230 230 - ${optionalString (cfg.extraDisk != null) '' 231 231 - echo "creating extra disk: data-disk.raw" 232 232 - dataDiskImage=data-disk.raw 233 233 - truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage 189 189 + ${optionalString (cfg.extraDisk != null) '' 190 190 + echo "creating extra disk: data-disk.raw" 191 191 + dataDiskImage=data-disk.raw 192 192 + truncate -s ${toString cfg.extraDisk.size}M $dataDiskImage 234 193 235 235 - parted --script $dataDiskImage -- \ 236 236 - mklabel msdos \ 237 237 - mkpart primary ext4 1MiB -1 238 238 - eval $(partx $dataDiskImage -o START,SECTORS --nr 1 --pairs) 239 239 - mkfs.ext4 -F -L ${cfg.extraDisk.label} $dataDiskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K 240 240 - echo "creating extra disk: data-disk.vdi" 241 241 - VBoxManage convertfromraw $dataDiskImage data-disk.vdi 242 242 - ''} 194 194 + parted --script $dataDiskImage -- \ 195 195 + mklabel msdos \ 196 196 + mkpart primary ext4 1MiB -1 197 197 + eval $(partx $dataDiskImage -o START,SECTORS --nr 1 --pairs) 198 198 + mkfs.ext4 -F -L ${cfg.extraDisk.label} $dataDiskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K 199 199 + echo "creating extra disk: data-disk.vdi" 200 200 + VBoxManage convertfromraw $dataDiskImage data-disk.vdi 201 201 + ''} 243 202 244 244 - echo "creating VirtualBox VM..." 245 245 - vmName="${cfg.vmName}"; 246 246 - VBoxManage createvm --name "$vmName" --register \ 247 247 - --ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"} 248 248 - VBoxManage modifyvm "$vmName" \ 249 249 - --memory ${toString cfg.memorySize} \ 250 250 - ${lib.cli.toGNUCommandLineShell { } cfg.params} 251 251 - VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController} 252 252 - VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \ 253 253 - --medium disk.vdi 254 254 - ${optionalString (cfg.extraDisk != null) '' 255 255 - VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \ 256 256 - --medium data-disk.vdi 257 257 - ''} 203 203 + echo "creating VirtualBox VM..." 204 204 + vmName="${cfg.vmName}"; 205 205 + VBoxManage createvm --name "$vmName" --register \ 206 206 + --ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"} 207 207 + VBoxManage modifyvm "$vmName" \ 208 208 + --memory ${toString cfg.memorySize} \ 209 209 + ${lib.cli.toGNUCommandLineShell { } cfg.params} 210 210 + VBoxManage storagectl "$vmName" ${lib.cli.toGNUCommandLineShell { } cfg.storageController} 211 211 + VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 0 --device 0 --type hdd \ 212 212 + --medium disk.vdi 213 213 + ${optionalString (cfg.extraDisk != null) '' 214 214 + VBoxManage storageattach "$vmName" --storagectl ${cfg.storageController.name} --port 1 --device 0 --type hdd \ 215 215 + --medium data-disk.vdi 216 216 + ''} 258 217 259 259 - echo "exporting VirtualBox VM..." 260 260 - mkdir -p $out 261 261 - fn="$out/${cfg.vmFileName}" 262 262 - VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams} 263 263 - ${cfg.postExportCommands} 218 218 + echo "exporting VirtualBox VM..." 219 219 + mkdir -p $out 220 220 + fn="$out/${cfg.vmFileName}" 221 221 + VBoxManage export "$vmName" --output "$fn" --options manifest ${escapeShellArgs cfg.exportParams} 222 222 + ${cfg.postExportCommands} 264 223 265 265 - rm -v $diskImage 224 224 + rm -v $diskImage 266 225 267 267 - mkdir -p $out/nix-support 268 268 - echo "file ova $fn" >> $out/nix-support/hydra-build-products 269 269 - ''; 226 226 + mkdir -p $out/nix-support 227 227 + echo "file ova $fn" >> $out/nix-support/hydra-build-products 228 228 + ''; 270 229 }; 271 230 272 272 - fileSystems = 273 273 - { 274 274 - "/" = { 275 275 - device = "/dev/disk/by-label/nixos"; 276 276 - autoResize = true; 277 277 - fsType = "ext4"; 278 278 - }; 279 279 - } 280 280 - // (lib.optionalAttrs (cfg.extraDisk != null) { 281 281 - ${cfg.extraDisk.mountPoint} = { 282 282 - device = "/dev/disk/by-label/" + cfg.extraDisk.label; 283 283 - autoResize = true; 284 284 - fsType = "ext4"; 285 285 - }; 286 286 - }); 231 231 + fileSystems = { 232 232 + "/" = { 233 233 + device = "/dev/disk/by-label/nixos"; 234 234 + autoResize = true; 235 235 + fsType = "ext4"; 236 236 + }; 237 237 + } // (lib.optionalAttrs (cfg.extraDisk != null) { 238 238 + ${cfg.extraDisk.mountPoint} = { 239 239 + device = "/dev/disk/by-label/" + cfg.extraDisk.label; 240 240 + autoResize = true; 241 241 + fsType = "ext4"; 242 242 + }; 243 243 + }); 287 244 288 245 boot.growPartition = true; 289 246 boot.loader.grub.device = "/dev/sda"; 290 247 291 291 - swapDevices = [ 292 292 - { 293 293 - device = "/var/swap"; 294 294 - size = 2048; 295 295 - } 296 296 - ]; 248 248 + swapDevices = [{ 249 249 + device = "/var/swap"; 250 250 + size = 2048; 251 251 + }]; 297 252 298 253 virtualisation.virtualbox.guest.enable = true; 299 254

-60

nixos/modules/virtualisation/virtualisation-options.nix

reviewed

··· 1 1 - # This modules declares shared options for virtual machines, 2 2 - # containers and anything else in `virtualisation`. 3 3 - # 4 4 - # This is useful to declare e.g. defaults for 5 5 - # `virtualisation.diskSize` once, while building multiple 6 6 - # different image formats of a NixOS configuration. 7 7 - # 8 8 - # Additional options can be migrated over time from 9 9 - # `modules/virtualisation/qemu-vm.nix` and others. 10 10 - # Please keep defaults and descriptions here generic 11 11 - # and independent of i.e. hypervisor-specific notes 12 12 - # and defaults where. 13 13 - # Those can be added in the consuming modules where needed. 14 14 - # needed. 15 15 - let 16 16 - _file = ./virtualisation-options.nix; 17 17 - key = _file; 18 18 - in 19 19 - { 20 20 - diskSize = 21 21 - { lib, config, ... }: 22 22 - let 23 23 - t = lib.types; 24 24 - in 25 25 - { 26 26 - inherit _file key; 27 27 - 28 28 - options = { 29 29 - virtualisation.diskSizeAutoSupported = lib.mkOption { 30 30 - type = t.bool; 31 31 - default = true; 32 32 - description = '' 33 33 - Whether the current image builder or vm runner supports `virtualisation.diskSize = "auto".` 34 34 - ''; 35 35 - internal = true; 36 36 - }; 37 37 - 38 38 - virtualisation.diskSize = lib.mkOption { 39 39 - type = t.either (t.enum [ "auto" ]) t.ints.positive; 40 40 - default = "auto"; 41 41 - description = '' 42 42 - The disk size in megabytes of the virtual machine. 43 43 - ''; 44 44 - }; 45 45 - }; 46 46 - 47 47 - config = 48 48 - let 49 49 - inherit (config.virtualisation) diskSize diskSizeAutoSupported; 50 50 - in 51 51 - { 52 52 - assertions = [ 53 53 - { 54 54 - assertion = diskSize != "auto" || diskSizeAutoSupported; 55 55 - message = "Setting virtualisation.diskSize to `auto` is not supported by the current image build or vm runner; use an explicit size."; 56 56 - } 57 57 - ]; 58 58 - }; 59 59 - }; 60 60 - }

+1 -1

nixos/release.nix

reviewed

··· 312 312 [ configuration 313 313 versionModule 314 314 ./maintainers/scripts/ec2/amazon-image.nix 315 315 - ({ ... }: { amazonImage.virtualisation.diskSize = "auto"; }) 315 315 + ({ ... }: { amazonImage.sizeMB = "auto"; }) 316 316 ]; 317 317 }).config.system.build.amazonImage) 318 318

+3 -2

nixos/tests/prometheus-exporters.nix

reviewed

··· 482 482 json = { 483 483 exporterConfig = { 484 484 enable = true; 485 485 - url = "http://localhost"; 486 485 configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON { 487 486 modules = { 488 487 default = { ··· 932 931 pgbouncer = { 933 932 exporterConfig = { 934 933 enable = true; 935 935 - connectionStringFile = pkgs.writeText "connection.conf" "postgres://admin:@localhost:6432/pgbouncer?sslmode=disable"; 934 934 + connectionEnvFile = "${pkgs.writeText "connstr-env" '' 935 935 + PGBOUNCER_EXPORTER_CONNECTION_STRING=postgres://admin@localhost:6432/pgbouncer?sslmode=disable 936 936 + ''}"; 936 937 }; 937 938 938 939 metricProvider = {

+3 -3

pkgs/applications/networking/browsers/vivaldi/default.nix

reviewed

··· 24 24 vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi"; 25 25 in stdenv.mkDerivation rec { 26 26 pname = "vivaldi"; 27 27 - version = "6.9.3447.37"; 27 27 + version = "6.9.3447.41"; 28 28 29 29 suffix = { 30 30 aarch64-linux = "arm64"; ··· 34 34 src = fetchurl { 35 35 url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb"; 36 36 hash = { 37 37 - aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s="; 38 38 - x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg="; 37 37 + aarch64-linux = "sha256-Up2n7G3vatsQC9JKF1A1jAIBbdWm9UhL/75AXuxDCsg="; 38 38 + x86_64-linux = "sha256-Hcd8W8bDlRUT/zPYP+aiJnUmepS38KuK0wRFYB3uW1Y="; 39 39 }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); 40 40 }; 41 41

+10 -4

pkgs/applications/networking/cluster/kubectl-gadget/default.nix pkgs/by-name/ku/kubectl-gadget/package.nix

reviewed

··· 1 1 - { lib, buildGoModule, fetchFromGitHub }: 1 1 + { lib, buildGoModule, fetchFromGitHub, kubectl-gadget, testers }: 2 2 3 3 buildGoModule rec { 4 4 pname = "kubectl-gadget"; 5 5 - version = "0.31.0"; 5 5 + version = "0.32.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "inspektor-gadget"; 9 9 repo = "inspektor-gadget"; 10 10 rev = "v${version}"; 11 11 - hash = "sha256-f93PdSA3OGiUUXSQn0aUP3o5xfvjiq/3L3Bz9k4OigI="; 11 11 + hash = "sha256-c6hy7B8zaU/LnTMAohc9KPzu1ocOVFJ9wL4GOIwxqkw="; 12 12 }; 13 13 14 14 - vendorHash = "sha256-lBfz0tzCWKEAAmpvjB2kUJ3aLjlzAjniIu/1aNE80Xg="; 14 14 + vendorHash = "sha256-7HfYCHxQUapDo33IAzxCp2iaL4G7oOqK0KyjqbmbR/w="; 15 15 16 16 CGO_ENABLED = 0; 17 17 ··· 27 27 ]; 28 28 29 29 subPackages = [ "cmd/kubectl-gadget" ]; 30 30 + 31 31 + passthru.tests.version = testers.testVersion { 32 32 + package = kubectl-gadget; 33 33 + command = "kubectl-gadget version || true"; # mask non-zero return code if no kubeconfig present 34 34 + version = "v${version}"; 35 35 + }; 30 36 31 37 meta = with lib; { 32 38 description = "Collection of gadgets for troubleshooting Kubernetes applications using eBPF";

+2 -1

pkgs/applications/networking/cluster/terraform-providers/default.nix

reviewed

··· 1 1 { lib 2 2 , stdenv 3 3 , buildGoModule 4 4 + , buildGo123Module 4 5 , fetchFromGitHub 5 6 , fetchFromGitLab 6 7 , callPackage ··· 24 25 , deleteVendor ? false 25 26 , proxyVendor ? false 26 27 , mkProviderFetcher ? fetchFromGitHub 27 27 - , mkProviderGoModule ? buildGoModule 28 28 + , mkProviderGoModule ? buildGo123Module 28 29 # "https://registry.terraform.io/providers/vancluever/acme" 29 30 , homepage ? "" 30 31 # "registry.terraform.io/vancluever/acme"

+217 -217

pkgs/applications/networking/cluster/terraform-providers/providers.json

reviewed

··· 9 9 "vendorHash": null 10 10 }, 11 11 "acme": { 12 12 - "hash": "sha256-LlpPc3um4D2nNJFZRoXnw5ss0E0rrJN0wKKmuV0S6NU=", 12 12 + "hash": "sha256-RboEWeTUgEZShZ9NrR9yuUzbGPq9wauTyoFiHXZS2oI=", 13 13 "homepage": "https://registry.terraform.io/providers/vancluever/acme", 14 14 "owner": "vancluever", 15 15 "repo": "terraform-provider-acme", 16 16 - "rev": "v2.24.2", 16 16 + "rev": "v2.26.0", 17 17 "spdx": "MPL-2.0", 18 18 - "vendorHash": "sha256-ptZ14WWarYeKT8gIcUDi4LmCFkpoTwAhSwMXmLPlWxs=" 18 18 + "vendorHash": "sha256-pJlt35kPV3CYOE4RiIjHLT9YEwSreQHgzRuY3ba9oBk=" 19 19 }, 20 20 "age": { 21 21 "hash": "sha256-bJrzjvkrCX93bNqCA+FdRibHnAw6cb61StqtwUY5ok4=", ··· 27 27 "vendorHash": "sha256-jK7JuARpoxq7hvq5+vTtUwcYot0YqlOZdtDwq4IqKvk=" 28 28 }, 29 29 "aiven": { 30 30 - "hash": "sha256-X3KtT4Thsf7bYeZJEUphRiXAlNamabFE0rjS636dJSY=", 30 30 + "hash": "sha256-cNcF8pyqRR1YEc2RuKhOtcpFDkdFU8OFCYHRhefdHHk=", 31 31 "homepage": "https://registry.terraform.io/providers/aiven/aiven", 32 32 "owner": "aiven", 33 33 "repo": "terraform-provider-aiven", 34 34 - "rev": "v4.20.0", 34 34 + "rev": "v4.24.0", 35 35 "spdx": "MIT", 36 36 - "vendorHash": "sha256-QzbtTp78tROVj8kPYzjP5kBRHASlvqK6xpmRnJF6jsw=" 36 36 + "vendorHash": "sha256-ENH/TfC/Yv+jjn4giiThfj9SatFxkfwR/Xj3W+FT/Lg=" 37 37 }, 38 38 "akamai": { 39 39 - "hash": "sha256-jDCrNDJ6O9dXE6bG4GAMFytlVbEe/Z8mb6vx4DG355U=", 39 39 + "hash": "sha256-d4unurf1WYmVx5z698kAeqKslkVH+tM8G4hrCofDtUs=", 40 40 "homepage": "https://registry.terraform.io/providers/akamai/akamai", 41 41 "owner": "akamai", 42 42 "repo": "terraform-provider-akamai", 43 43 - "rev": "v6.2.0", 43 43 + "rev": "v6.4.0", 44 44 "spdx": "MPL-2.0", 45 45 - "vendorHash": "sha256-QQaLUJJs/7hfLTIOIkG9WF7XmkLXsJP9MOQAvQoDQOw=" 45 45 + "vendorHash": "sha256-qnKpQpK/AoFOxPiGHkUMqcF5loc0hVbqOuPaDLzj1Es=" 46 46 }, 47 47 "alicloud": { 48 48 - "hash": "sha256-WaMvv/NqyblA2rrauZ7p4pHCND6S6/kfBKS/2xIrcjI=", 48 48 + "hash": "sha256-lVQAkdwrnZrSZlBqNj2BBpQwzI0d5c+NGaKJxVpgQPg=", 49 49 "homepage": "https://registry.terraform.io/providers/aliyun/alicloud", 50 50 "owner": "aliyun", 51 51 "repo": "terraform-provider-alicloud", 52 52 - "rev": "v1.226.0", 52 52 + "rev": "v1.230.0", 53 53 "spdx": "MPL-2.0", 54 54 "vendorHash": null 55 55 }, ··· 63 63 "vendorHash": "sha256-OAd8SeTqTrH0kMoM2LsK3vM2PI23b3gl57FaJYM9hM0=" 64 64 }, 65 65 "archive": { 66 66 - "hash": "sha256-jkqbj7NGrTQeMQcg52JVurV3ce8iosxAJjBGdoQ3PLY=", 66 66 + "hash": "sha256-Xm9BT8O18aTIa1h166dElYaTq4PlC4u7TgFgCfcC6jI=", 67 67 "homepage": "https://registry.terraform.io/providers/hashicorp/archive", 68 68 "owner": "hashicorp", 69 69 "repo": "terraform-provider-archive", 70 70 - "rev": "v2.4.2", 70 70 + "rev": "v2.6.0", 71 71 "spdx": "MPL-2.0", 72 72 - "vendorHash": "sha256-buKYDNVCIcSDLCrCL4ZAKNQ7HqkH3+/7RHjyyR4dLmU=" 72 72 + "vendorHash": "sha256-b8yGtOUZezGRgURXigv8ySaxxHN/vCCDPgoDC5EBlok=" 73 73 }, 74 74 "argocd": { 75 75 "hash": "sha256-dHIvMFz5XIxxBvBFsEw8lqi6yVoYM9E4tLIoTY+mdiQ=", ··· 81 81 "vendorHash": "sha256-yyTU+D4zMDcJPZ9j7a2ZuPjGBCHvED5R0rvevCEaoAI=" 82 82 }, 83 83 "artifactory": { 84 84 - "hash": "sha256-j9TtO8dJltf7SZdlMZaiCWdJbcEPloPbDhYfWcCzgss=", 84 84 + "hash": "sha256-m6eRhNPxMa08OYYkFDt+Ew2iCkJdI/5aQth9qiE0v4o=", 85 85 "homepage": "https://registry.terraform.io/providers/jfrog/artifactory", 86 86 "owner": "jfrog", 87 87 "repo": "terraform-provider-artifactory", 88 88 - "rev": "v11.1.0", 88 88 + "rev": "v11.9.1", 89 89 "spdx": "Apache-2.0", 90 90 - "vendorHash": "sha256-nPEN1ee0RmNpgKIlz0jHcHkG6oYZn7LV/Gmmdd9krq8=" 90 90 + "vendorHash": "sha256-+3EemRl+rKoCg2HpHvjMPvN6ajrDOnO5C98NVGkYdo4=" 91 91 }, 92 92 "auth0": { 93 93 - "hash": "sha256-Ay/EPlAxpEehbDsOeOyOViwT3jDsd3FmpHB5sxnAxAs=", 93 93 + "hash": "sha256-Yltf+s1gEgP/dbX8EuK45VPBAEzelP+CAcllUaqvnAQ=", 94 94 "homepage": "https://registry.terraform.io/providers/auth0/auth0", 95 95 "owner": "auth0", 96 96 "repo": "terraform-provider-auth0", 97 97 - "rev": "v1.3.0", 97 97 + "rev": "v1.6.0", 98 98 "spdx": "MPL-2.0", 99 99 - "vendorHash": "sha256-oc6ZI5j7pqiiFgfbaTARb6sn+Ma/rqrupv/RPN05mrc=" 99 99 + "vendorHash": "sha256-76Uf6vQpQ6GlumPHd1uBi0gO5aGmm/HAhNY3I7WCr8k=" 100 100 }, 101 101 "avi": { 102 102 "hash": "sha256-OKUxIJO5WR8ZVkhst1xIgxKsAy+9PNHOmG2NsaRUxFY=", ··· 108 108 "vendorHash": "sha256-Sq304WOdKx4J1sD1+YA7uDi+uQtUiXa+BISs/j87dWw=" 109 109 }, 110 110 "aviatrix": { 111 111 - "hash": "sha256-84MtHPrDVaLMQQYnAfuP/pZuzruWxUTLpziwn3ny1oU=", 111 111 + "hash": "sha256-erBjyDX6xG8lpqcPq8iqgsanJKLuSgmiW/9PC8Xbyag=", 112 112 "homepage": "https://registry.terraform.io/providers/AviatrixSystems/aviatrix", 113 113 "owner": "AviatrixSystems", 114 114 "repo": "terraform-provider-aviatrix", 115 115 - "rev": "v3.1.4", 115 115 + "rev": "v3.1.5", 116 116 "spdx": "MPL-2.0", 117 117 "vendorHash": null 118 118 }, 119 119 "aws": { 120 120 - "hash": "sha256-DJ0mfqcWIs1iLSEfhlYEgHr1PKz8HchlgvHfEwIAnlA=", 120 120 + "hash": "sha256-Fmhb3mKRviYsl3qQfXuQMI6KBpmDN0rtwJxDjSkj4EM=", 121 121 "homepage": "https://registry.terraform.io/providers/hashicorp/aws", 122 122 "owner": "hashicorp", 123 123 "repo": "terraform-provider-aws", 124 124 - "rev": "v5.57.0", 124 124 + "rev": "v5.66.0", 125 125 "spdx": "MPL-2.0", 126 126 - "vendorHash": "sha256-NlFP7cRE+6PiGMSz2y/SDQas/TNWAJk/EBEqIeG2INY=" 126 126 + "vendorHash": "sha256-9DWxMDsyWl/bczvbPOmdRTwjIYAKTuNXyBzrCHExNUA=" 127 127 }, 128 128 "azuread": { 129 129 "hash": "sha256-UOaEfmhGPrqQBkodNYybYb5rnB3X8wpXKHlpKqZnnXU=", ··· 135 135 "vendorHash": null 136 136 }, 137 137 "azurerm": { 138 138 - "hash": "sha256-3EHm4fpeYJYzwrwaQLMdgFq1dgmV755WwAhKBG3f10M=", 138 138 + "hash": "sha256-tCZKDqMrmwAGqs4eoMWj4lty4aVOkzF16RpEl24GNPc=", 139 139 "homepage": "https://registry.terraform.io/providers/hashicorp/azurerm", 140 140 "owner": "hashicorp", 141 141 "repo": "terraform-provider-azurerm", 142 142 - "rev": "v3.111.0", 142 142 + "rev": "v4.1.0", 143 143 "spdx": "MPL-2.0", 144 144 "vendorHash": null 145 145 }, ··· 153 153 "vendorHash": null 154 154 }, 155 155 "baiducloud": { 156 156 - "hash": "sha256-uKIBimMMTManwztb4vdMCpsRWMr6GB8O7vK850sVI2g=", 156 156 + "hash": "sha256-kLEEbBQ1YdxJkvCCHzpGHBX2wC9JtLVY6chZEmAziSU=", 157 157 "homepage": "https://registry.terraform.io/providers/baidubce/baiducloud", 158 158 "owner": "baidubce", 159 159 "repo": "terraform-provider-baiducloud", 160 160 - "rev": "v1.21.8", 160 160 + "rev": "v1.21.9", 161 161 "spdx": "MPL-2.0", 162 162 "vendorHash": null 163 163 }, 164 164 "bigip": { 165 165 - "hash": "sha256-F7AD3Wb6R6exPRcEByOTuEQFdYSJB+V2cVotO2cabt0=", 165 165 + "hash": "sha256-jCQgjxGBSy2d9DIJeshLVdj6N/SXWEPcd5EpJ5GAXe4=", 166 166 "homepage": "https://registry.terraform.io/providers/F5Networks/bigip", 167 167 "owner": "F5Networks", 168 168 "repo": "terraform-provider-bigip", 169 169 - "rev": "v1.22.2", 169 169 + "rev": "v1.22.3", 170 170 "spdx": "MPL-2.0", 171 171 "vendorHash": null 172 172 }, ··· 180 180 "vendorHash": "sha256-oDMKf39uNMO9/kyiZ1IuZlj2yIF1q5Z3wewxEBh3yso=" 181 181 }, 182 182 "bitwarden": { 183 183 - "hash": "sha256-+zuKZBwoOSp3HIdxmK1FInE33/1D5nX2N7zYBCtRvHA=", 183 183 + "hash": "sha256-YB+9CWd3U6Yl33ZFbTxzjomrLCilpBPKLdn6Yv7LAUA=", 184 184 "homepage": "https://registry.terraform.io/providers/maxlaverse/bitwarden", 185 185 "owner": "maxlaverse", 186 186 "repo": "terraform-provider-bitwarden", 187 187 - "rev": "v0.8.0", 187 187 + "rev": "v0.8.1", 188 188 "spdx": "MPL-2.0", 189 189 - "vendorHash": "sha256-u9ICJtPZveRrK5BOthvFDGkNcUiA0/Hb39KM0eIhUVI=" 189 189 + "vendorHash": "sha256-BZ1+D0JQrGb6qE25+eTLSHIQdCmzucMPKUY/6x2LwT8=" 190 190 }, 191 191 "brightbox": { 192 192 "hash": "sha256-pwFbCP+qDL/4IUfbPRCkddkbsEEeAu7Wp12/mDL0ABA=", ··· 198 198 "vendorHash": "sha256-/dOiXO2aPkuZaFiwv/6AXJdIADgx8T7eOwvJfBBoqg8=" 199 199 }, 200 200 "buildkite": { 201 201 - "hash": "sha256-QS+JCFLYPvxwLIVzCS/gKZkBZQhOOxRfn7Vudgiox+E=", 201 201 + "hash": "sha256-kwrhIii1jGpIZBzT58UdgnDtX5279shW77HphLobaEI=", 202 202 "homepage": "https://registry.terraform.io/providers/buildkite/buildkite", 203 203 "owner": "buildkite", 204 204 "repo": "terraform-provider-buildkite", 205 205 - "rev": "v1.10.1", 205 205 + "rev": "v1.10.2", 206 206 "spdx": "MIT", 207 207 - "vendorHash": "sha256-gTJakGr9f9bzR5pbmgAMTJL54e2mS/h92TM4ft3ABdw=" 207 207 + "vendorHash": "sha256-PFeWgDw1hkW/ekQfubRSYlaD4d4wJ4GOohOJ00QcEqQ=" 208 208 }, 209 209 "checkly": { 210 210 - "hash": "sha256-qPlXaw8J2J7DPKJvfiTLalgMIWpttqbdMg2UB3rvt14=", 210 210 + "hash": "sha256-4J7pwtlAa920RXF6ZoSoi03qA15NBzUlXQCZRErI2Co=", 211 211 "homepage": "https://registry.terraform.io/providers/checkly/checkly", 212 212 "owner": "checkly", 213 213 "repo": "terraform-provider-checkly", 214 214 - "rev": "v1.8.0", 214 214 + "rev": "v1.8.2", 215 215 "spdx": null, 216 216 - "vendorHash": "sha256-+GirqFNV0eIC9CzpW53UOi9cDUzXs8ozSLX7dKQnOQ8=" 216 216 + "vendorHash": "sha256-DcRe3nBzKn8fC0Q8Dx/p0PXuUccX+4kmOMdZa3HuXNI=" 217 217 }, 218 218 "ciscoasa": { 219 219 "hash": "sha256-xzc44FEy2MPo51Faq/VFwg411JK9e0kQucpt0vdN8yg=", ··· 225 225 "vendorHash": null 226 226 }, 227 227 "cloudamqp": { 228 228 - "hash": "sha256-aEbGvGPYvW3NOO+Q89/ebcJWNrXIoNQkqAIbv9ikiI8=", 228 228 + "hash": "sha256-0lqVHIq37CebSVDR5Ni4kFyXeZZ+tOqpj8gN4h7OaA0=", 229 229 "homepage": "https://registry.terraform.io/providers/cloudamqp/cloudamqp", 230 230 "owner": "cloudamqp", 231 231 "repo": "terraform-provider-cloudamqp", 232 232 - "rev": "v1.29.4", 232 232 + "rev": "v1.32.0", 233 233 "spdx": "MPL-2.0", 234 234 - "vendorHash": "sha256-cI3brJwN+7FTceOMwR0HMbZCNHhwvm31OXqjAEvrzrs=" 234 234 + "vendorHash": "sha256-j3qdi19dxJL+R8Xa6MDag6KHMuBnzEZ9lUhuSAEZOAQ=" 235 235 }, 236 236 "cloudflare": { 237 237 - "hash": "sha256-7MdXh5SIQwFPL5APmdrkrh++shZRbRUAYrVIHDGjM68=", 237 237 + "hash": "sha256-9M7PQEBg0qDmyz2B35krNUF9dDo0g28JomFor7b/Nsc=", 238 238 "homepage": "https://registry.terraform.io/providers/cloudflare/cloudflare", 239 239 "owner": "cloudflare", 240 240 "repo": "terraform-provider-cloudflare", 241 241 - "rev": "v4.36.0", 241 241 + "rev": "v4.41.0", 242 242 "spdx": "MPL-2.0", 243 243 - "vendorHash": "sha256-og31UnUsXGgOm2dH0jlvEpvjOnxUlRy04s2TffiVX00=" 243 243 + "vendorHash": "sha256-uLkoG0m3v1vohXO03nCrfxEhvJYfJOvYSIHsgYCjKtc=" 244 244 }, 245 245 "cloudfoundry": { 246 246 "hash": "sha256-1nYncJLVU/f9WD6Quh9IieIXgixPzbPk4zbtI1zmf9g=", ··· 262 262 "vendorHash": "sha256-Hny481ihxllpoVPL5/0rTV9oCAmyoGKxCYiN986aKTk=" 263 263 }, 264 264 "cloudscale": { 265 265 - "hash": "sha256-O4Y8p5S5C4SldryndecoaX5d8nrX10nqurAkJ0Un2NY=", 265 265 + "hash": "sha256-4RU1CD0WwLMd3NsnJWl2Smc8XBYlP9K8Iev16uqsetE=", 266 266 "homepage": "https://registry.terraform.io/providers/cloudscale-ch/cloudscale", 267 267 "owner": "cloudscale-ch", 268 268 "repo": "terraform-provider-cloudscale", 269 269 - "rev": "v4.3.0", 269 269 + "rev": "v4.4.0", 270 270 "spdx": "MIT", 271 271 "vendorHash": null 272 272 }, 273 273 "constellix": { 274 274 "deleteVendor": true, 275 275 - "hash": "sha256-ecwXWYrs7XJM1web+kia2ccpvTjxAVFPzav6lLal4e4=", 275 275 + "hash": "sha256-yDXZ+lizDK+Ds8/Z3jfNLjO7fvlfRhx5y88bMLZCaj0=", 276 276 "homepage": "https://registry.terraform.io/providers/Constellix/constellix", 277 277 "owner": "Constellix", 278 278 "repo": "terraform-provider-constellix", 279 279 - "rev": "v0.4.5", 279 279 + "rev": "v0.4.6", 280 280 "spdx": "MPL-2.0", 281 281 "vendorHash": "sha256-UJHDX/vx3n/RTuQ50Y6TAhpEEFk9yBoaz8yK02E8Fhw=" 282 282 }, 283 283 "consul": { 284 284 - "hash": "sha256-Glgig56QdXZ9VNZx25/60YPChg9MtLq/S95nuAco3m0=", 284 284 + "hash": "sha256-QiVE1ezwViOjCNhTAfeR5G8hXAHCi19PqwWnBlwhPCc=", 285 285 "homepage": "https://registry.terraform.io/providers/hashicorp/consul", 286 286 "owner": "hashicorp", 287 287 "repo": "terraform-provider-consul", 288 288 - "rev": "v2.20.0", 288 288 + "rev": "v2.21.0", 289 289 "spdx": "MPL-2.0", 290 290 - "vendorHash": "sha256-OKKcyx5JAQGMoUMRxIbe3lg825vhwCcWcPNZqo+/gl4=" 290 290 + "vendorHash": "sha256-hR20+dRvS3tZ6aoTKCHs4zkyE5jWHEh62uLBkVJPA4M=" 291 291 }, 292 292 "ct": { 293 293 "hash": "sha256-c1cqTfMlZ5fXDNMYLsk4447X0p/qIQYvRTqVY8cSs+E=", ··· 299 299 "vendorHash": "sha256-ZCMSmOCPEMxCSpl3DjIUGPj1W/KNJgyjtHpmQ19JquA=" 300 300 }, 301 301 "datadog": { 302 302 - "hash": "sha256-sWcVMQiSRFyjwYIHUdKQm9sKX279pnA3FVLwUJ3kBKw=", 302 302 + "hash": "sha256-s1JCno9cpXk0RdovXjTue77Gv9cLX3lB46jYy2xgOOk=", 303 303 "homepage": "https://registry.terraform.io/providers/DataDog/datadog", 304 304 "owner": "DataDog", 305 305 "repo": "terraform-provider-datadog", 306 306 - "rev": "v3.40.0", 306 306 + "rev": "v3.44.0", 307 307 "spdx": "MPL-2.0", 308 308 - "vendorHash": "sha256-GEZmpCyqZCxsS5aFxEznNscs5CcgQiiPvJweA3mKkRY=" 308 308 + "vendorHash": "sha256-ZmOuk2uNnFQzXSfRp6Lz/1bplEm0AuB/M94+dRnqhHU=" 309 309 }, 310 310 "dexidp": { 311 311 - "hash": "sha256-XR8OI+Nf3PKNzZzM+jvylF8Itnapb9Xdztxq4OyXPVQ=", 311 311 + "hash": "sha256-ommpazPlY4dMAOB1pgI7942aGH6YYPn6WtaowucQpZY=", 312 312 "homepage": "https://registry.terraform.io/providers/marcofranssen/dexidp", 313 313 "owner": "marcofranssen", 314 314 "repo": "terraform-provider-dexidp", 315 315 - "rev": "v0.5.0", 315 315 + "rev": "v0.6.1", 316 316 "spdx": "MIT", 317 317 - "vendorHash": "sha256-xW0sPt2TGmoQXc5a2lp6471amBbDDPZbyc9YIIHP+M0=" 317 317 + "vendorHash": "sha256-3swcRmm+JZ4ZQX0hvXZosYDGwk0KSyZcqEdNGDYcyYE=" 318 318 }, 319 319 "dhall": { 320 320 "hash": "sha256-QjY5ZazQn4HiLQtdmw9X7o5tFw+27B2IISzmzMMHjHE=", ··· 327 327 "vendorHash": "sha256-quoFrJbB1vjz+MdV+jnr7FPACHuUe5Gx9POLubD2IaM=" 328 328 }, 329 329 "digitalocean": { 330 330 - "hash": "sha256-66bG22xNzJEjCZJ7pHY4OW1vj8qTJIXd0CF/0zLiyug=", 330 330 + "hash": "sha256-EpT0pL6JrQ9BKL7IyUmEYllRyIFbjJepVvVZdxQhFKs=", 331 331 "homepage": "https://registry.terraform.io/providers/digitalocean/digitalocean", 332 332 "owner": "digitalocean", 333 333 "repo": "terraform-provider-digitalocean", 334 334 - "rev": "v2.39.2", 334 334 + "rev": "v2.40.0", 335 335 "spdx": "MPL-2.0", 336 336 "vendorHash": null 337 337 }, ··· 354 354 "vendorHash": "sha256-yOuZcvaregVLf0O6Teuvv6FtapuQGgHjTkqiH2euV8U=" 355 355 }, 356 356 "dnsimple": { 357 357 - "hash": "sha256-xF0zvUKJgB67rKNkeHKyKU0k7INiCKzN+G6v0PIq204=", 357 357 + "hash": "sha256-19h4x+kxhFwlNUdTmTLjoLRQB7fNBh0CxxoQDGRPPiQ=", 358 358 "homepage": "https://registry.terraform.io/providers/dnsimple/dnsimple", 359 359 "owner": "dnsimple", 360 360 "repo": "terraform-provider-dnsimple", 361 361 - "rev": "v1.6.0", 361 361 + "rev": "v1.7.0", 362 362 "spdx": "MPL-2.0", 363 363 - "vendorHash": "sha256-Zl98s0+sgs+n/OkrJMsia0MxqO/AGWId8zzY+/n6LXM=" 363 363 + "vendorHash": "sha256-5445cUKxjNlZcQ6opJKgXgT7I9XUmqbPMB/iKuEBPwg=" 364 364 }, 365 365 "docker": { 366 366 "hash": "sha256-UyHOI8C0eDV5YllAi9clHp/CEldHjIp3FHHMPy1rK58=", ··· 372 372 "vendorHash": "sha256-XxltOTtCgmJ9wZX8Yw39HkwVVZb58kZjAH7jfKPhjKM=" 373 373 }, 374 374 "doppler": { 375 375 - "hash": "sha256-jDCmIHdfHi+gp3+HGo8Wh+xYiHVU2Zy0lxETKW2rvGA=", 375 375 + "hash": "sha256-yHWOMDhsqF+DXIKREyx8FftItZiWlWFoRhpub752UtU=", 376 376 "homepage": "https://registry.terraform.io/providers/DopplerHQ/doppler", 377 377 "owner": "DopplerHQ", 378 378 "repo": "terraform-provider-doppler", 379 379 - "rev": "v1.8.0", 379 379 + "rev": "v1.10.0", 380 380 "spdx": "Apache-2.0", 381 381 "vendorHash": "sha256-UvpSfCelEsV9gjRWHxdYvVe3HAnYWWY5KYLVYiqc/So=" 382 382 }, ··· 390 390 "vendorHash": "sha256-oVTanZpCWs05HwyIKW2ajiBPz1HXOFzBAt5Us+EtTRw=" 391 391 }, 392 392 "equinix": { 393 393 - "hash": "sha256-Ipl+POTZRKe9xKR08x/TPm2S7kv6w54im16pp56rWDE=", 393 393 + "hash": "sha256-Wj/qrc18/wJekWZdNgzheT1hsIlAPTAf/tAIrpw6N9Y=", 394 394 "homepage": "https://registry.terraform.io/providers/equinix/equinix", 395 395 "owner": "equinix", 396 396 "repo": "terraform-provider-equinix", 397 397 - "rev": "v2.0.1", 397 397 + "rev": "v2.4.1", 398 398 "spdx": "MIT", 399 399 - "vendorHash": "sha256-oxtFq1tejyqsY2uEkMjiub1CwdkFpuSVRb1Z2u3CebQ=" 399 399 + "vendorHash": "sha256-5M/ceHvcwAlIhjpYO1JTQVUmuBLa9pT5opwiC/tp6+8=" 400 400 }, 401 401 "exoscale": { 402 402 - "hash": "sha256-d6vdYtEBD34SPHDAlkpTb/T8D7TaLbVwMYjSefuNdr0=", 402 402 + "hash": "sha256-i7Lp3NhaxVR317vHfdE/2aXAxmKk7u7kETM7JTJr5BI=", 403 403 "homepage": "https://registry.terraform.io/providers/exoscale/exoscale", 404 404 "owner": "exoscale", 405 405 "repo": "terraform-provider-exoscale", 406 406 - "rev": "v0.59.1", 406 406 + "rev": "v0.59.2", 407 407 "spdx": "MPL-2.0", 408 408 "vendorHash": null 409 409 }, ··· 417 417 "vendorHash": "sha256-qeKXdjrDPJWO4xW8by6djJReeYbCjh8VzQmE5/65zII=" 418 418 }, 419 419 "fastly": { 420 420 - "hash": "sha256-FfdXMrGfz+JFEyWfZytIt1R0M/v7JUmkvu4VohF1vSA=", 420 420 + "hash": "sha256-NzuWXQtaobbkk4oKcs+aT6ONeIsmLZsyRhW3BP7+5Wg=", 421 421 "homepage": "https://registry.terraform.io/providers/fastly/fastly", 422 422 "owner": "fastly", 423 423 "repo": "terraform-provider-fastly", 424 424 - "rev": "v5.11.0", 424 424 + "rev": "v5.13.0", 425 425 "spdx": "MPL-2.0", 426 426 "vendorHash": null 427 427 }, ··· 453 453 "vendorHash": "sha256-EiTWJ4bw8IwsRTD9Lt28Up2DXH0oVneO2IaO8VqWtkw=" 454 454 }, 455 455 "github": { 456 456 - "hash": "sha256-6RAGc1UXebNm24d4+7S0LugvpSVgjIvqa7B6y+pozkA=", 456 456 + "hash": "sha256-8TP3iw/NeVjq49HhurCULXbAOvP2ye6mZsVe62FxSAE=", 457 457 "homepage": "https://registry.terraform.io/providers/integrations/github", 458 458 "owner": "integrations", 459 459 "repo": "terraform-provider-github", 460 460 - "rev": "v6.2.2", 460 460 + "rev": "v6.2.3", 461 461 "spdx": "MIT", 462 462 "vendorHash": null 463 463 }, 464 464 "gitlab": { 465 465 - "hash": "sha256-F73eY0m+KdzfAFCFPOZ0a29OOfgOm87WZvi8+mHwPek=", 465 465 + "hash": "sha256-F+ps7hpRm6+DHJwVOMe2qwVvKSL2o1JUl0Blgd8qFsA=", 466 466 "homepage": "https://registry.terraform.io/providers/gitlabhq/gitlab", 467 467 "owner": "gitlabhq", 468 468 "repo": "terraform-provider-gitlab", 469 469 - "rev": "v17.1.0", 469 469 + "rev": "v17.3.1", 470 470 "spdx": "MPL-2.0", 471 471 - "vendorHash": "sha256-FrmQsuLinm5Z4+GHC1PV19lt1rfxv3TwQiEUxTvlTtk=" 471 471 + "vendorHash": "sha256-vIGqb5+e9vZkJFsH7f1UU13V80XtQVcsQ1hYu5laV70=" 472 472 }, 473 473 "google": { 474 474 - "hash": "sha256-RJ01+OA3BXMNThRk9aGkYa2jrj3SYgOh9eA5al5wR/Q=", 474 474 + "hash": "sha256-RIBSJc5wmBXvd+NWaz3oCOClAOqXEOpSXIR8+wYKfk0=", 475 475 "homepage": "https://registry.terraform.io/providers/hashicorp/google", 476 476 "owner": "hashicorp", 477 477 "repo": "terraform-provider-google", 478 478 - "rev": "v5.36.0", 478 478 + "rev": "v6.2.0", 479 479 "spdx": "MPL-2.0", 480 480 - "vendorHash": "sha256-0SxftrOjmpYK4ud3RweYaW6qgdKwi43D1ZhN470rvVs=" 480 480 + "vendorHash": "sha256-iRN3qqJHmpLuuAbmaFCj9wFXAHTXK+farkFlkWt1hyU=" 481 481 }, 482 482 "google-beta": { 483 483 - "hash": "sha256-r9ndcNxiocRHH++zvEtuIwJ8U2fE5cgndPcYjdhLpEA=", 483 483 + "hash": "sha256-CxoWwoR4CVW5sVSOpOmfnn5xECKmbSuSpBWVAhW24D0=", 484 484 "homepage": "https://registry.terraform.io/providers/hashicorp/google-beta", 485 485 "owner": "hashicorp", 486 486 "repo": "terraform-provider-google-beta", 487 487 - "rev": "v5.36.0", 487 487 + "rev": "v6.2.0", 488 488 "spdx": "MPL-2.0", 489 489 - "vendorHash": "sha256-XkpLgFB/974WEbZe34uKrLSEWjinrkmpOFOG7uYDHhg=" 489 489 + "vendorHash": "sha256-RgquPp7hJQcgXZndl9kojAxunGA3KxSneYACru23WUk=" 490 490 }, 491 491 "googleworkspace": { 492 492 "hash": "sha256-dedYnsKHizxJZibuvJOMbJoux0W6zgKaK5fxIofKqCY=", ··· 498 498 "vendorHash": "sha256-fqVBnAivVekV+4tpkl+E6eNA3wi8mhLevJRCs3W7L2g=" 499 499 }, 500 500 "grafana": { 501 501 - "hash": "sha256-VEg95n7S4PDWjGPbuADOQWymGDlS4jupQAHo2OCkfAA=", 501 501 + "hash": "sha256-tUx6L+ESPsa9VWFztNoYAtspnPoNO8QX3AQk3i0VyNc=", 502 502 "homepage": "https://registry.terraform.io/providers/grafana/grafana", 503 503 "owner": "grafana", 504 504 "repo": "terraform-provider-grafana", 505 505 - "rev": "v3.2.1", 505 505 + "rev": "v3.7.0", 506 506 "spdx": "MPL-2.0", 507 507 - "vendorHash": "sha256-ykPnplAA7s6lVQ7M0We7irIxOM2Ie4zSdQQynIjLFWA=" 507 507 + "vendorHash": "sha256-d7ugVKmKQovewfeZF5k5KHbELwCSY9Krknow7q/7HWo=" 508 508 }, 509 509 "gridscale": { 510 510 - "hash": "sha256-pFBH3J61Bk3QSfYVtLx3NrAFqrAnvKjKzL8qpeH5cOw=", 510 510 + "hash": "sha256-GVOjkena3zRaOxO3YRYf+gfM2/CRm8VajpuWGTU0F1Y=", 511 511 "homepage": "https://registry.terraform.io/providers/gridscale/gridscale", 512 512 "owner": "gridscale", 513 513 "repo": "terraform-provider-gridscale", 514 514 - "rev": "v1.25.0", 514 514 + "rev": "v1.26.0", 515 515 "spdx": "MPL-2.0", 516 516 "vendorHash": null 517 517 }, 518 518 "harbor": { 519 519 - "hash": "sha256-dlAjbiSSgTuuZhTML66l4mSa3Rf14G86++RyXUJYbkw=", 519 519 + "hash": "sha256-JdCBeUYB6rkSNhfTTIoRV8Bz4FnlHJFJxEZZbqyzAyc=", 520 520 "homepage": "https://registry.terraform.io/providers/goharbor/harbor", 521 521 "owner": "goharbor", 522 522 "repo": "terraform-provider-harbor", 523 523 - "rev": "v3.10.12", 523 523 + "rev": "v3.10.15", 524 524 "spdx": "MIT", 525 525 "vendorHash": "sha256-TZxiDRVZPfg3jSflZsSbVaVcfUNqJ2U+ymHIm01pgkI=" 526 526 }, 527 527 "hcloud": { 528 528 - "hash": "sha256-2eCHgHh6SVSHqjf+h4tRaD1orzh1LRUNVJdNsfLtZMc=", 528 528 + "hash": "sha256-td1R2Xeo1QfsNJOwE7cCuzF5OjW4XUQJOVd0LPAXfuE=", 529 529 "homepage": "https://registry.terraform.io/providers/hetznercloud/hcloud", 530 530 "owner": "hetznercloud", 531 531 "repo": "terraform-provider-hcloud", 532 532 - "rev": "v1.47.0", 532 532 + "rev": "v1.48.1", 533 533 "spdx": "MPL-2.0", 534 534 - "vendorHash": "sha256-wCr9tYaA6Y1LgbhvWbRtqtDrviMu45WnXAB/WMWpkl0=" 534 534 + "vendorHash": "sha256-t9nXq30jRSlx9gMR+s8irDVdSE5tg9ZvMp47HZwEm7w=" 535 535 }, 536 536 "helm": { 537 537 - "hash": "sha256-SD5lUEkbn09S/fnQNyCE9ZZ2fkXbcFZfdE95GGEqHzE=", 537 537 + "hash": "sha256-82jM8XZF8X7tYbebMXPYNyhNGqQ51zl3WxYWX2ObD1g=", 538 538 "homepage": "https://registry.terraform.io/providers/hashicorp/helm", 539 539 "owner": "hashicorp", 540 540 "repo": "terraform-provider-helm", 541 541 - "rev": "v2.14.0", 541 541 + "rev": "v2.15.0", 542 542 "spdx": "MPL-2.0", 543 543 - "vendorHash": "sha256-p6VUNSJKJtPrawdsi8Lgmu0uYjRmsdP4nsOl2L6h3JA=" 543 543 + "vendorHash": "sha256-QERpwymuz45RiH9SMuAJPyl/z8r0a5Wd8NBMFKV6NjI=" 544 544 }, 545 545 "heroku": { 546 546 "hash": "sha256-B/NaFe8KOKGJJlF3vZnpdMnbD1VxBktqodPBk+4NZEc=", ··· 570 570 "vendorHash": "sha256-zo22ng+J9ItkptdgUt6Pekkd9T7hFTYdVAWnp2k2vrs=" 571 571 }, 572 572 "http": { 573 573 - "hash": "sha256-fGJBrgobtDAOPXnAIcmuepgCRVIdSCABQlP+dycAm+E=", 573 573 + "hash": "sha256-fYbOfsKTah+5pgJdSftZvVlYmBp75o/6ByJO+ayXDhQ=", 574 574 "homepage": "https://registry.terraform.io/providers/hashicorp/http", 575 575 "owner": "hashicorp", 576 576 "repo": "terraform-provider-http", 577 577 - "rev": "v3.4.3", 577 577 + "rev": "v3.4.4", 578 578 "spdx": "MPL-2.0", 579 579 - "vendorHash": "sha256-3yrcTs0QV2I4CX1TZgY9FimXC2G/p1s+xNsurH0n8e8=" 579 579 + "vendorHash": "sha256-+U6k+mAVdGWOKzopp0yfaMmKuhqG0Laut+jHap4hBWs=" 580 580 }, 581 581 "huaweicloud": { 582 582 - "hash": "sha256-p5vS7rnoBqE81Dhj35xeAs5ja/ekpeVEaNALtxw0/Tc=", 582 582 + "hash": "sha256-Qs5/bDIb2SkQn9oXYU0kgpHY2q2obf8h2bN4prsaNrs=", 583 583 "homepage": "https://registry.terraform.io/providers/huaweicloud/huaweicloud", 584 584 "owner": "huaweicloud", 585 585 "repo": "terraform-provider-huaweicloud", 586 586 - "rev": "v1.66.0", 586 586 + "rev": "v1.68.1", 587 587 "spdx": "MPL-2.0", 588 588 "vendorHash": null 589 589 }, ··· 606 606 "vendorHash": null 607 607 }, 608 608 "ibm": { 609 609 - "hash": "sha256-91EXK/8Kovq2yqyF5lFgWV/AJMvU6eHCnIBnLpzsQws=", 609 609 + "hash": "sha256-PgrC6k6xGfGR9DoTBLSbWDjfF5comrpLGxgUIeof1lI=", 610 610 "homepage": "https://registry.terraform.io/providers/IBM-Cloud/ibm", 611 611 "owner": "IBM-Cloud", 612 612 "repo": "terraform-provider-ibm", 613 613 - "rev": "v1.67.1", 613 613 + "rev": "v1.69.0", 614 614 "spdx": "MPL-2.0", 615 615 - "vendorHash": "sha256-ioyfsNgXoQOtzU1eBJkjMw4hgIo5ryFPIFKqOdn4fuk=" 615 615 + "vendorHash": "sha256-Ve0qfeuDU59W3jCXpNvcZbnLt7OLAreBbGam2Wp/3Ig=" 616 616 }, 617 617 "icinga2": { 618 618 "hash": "sha256-Y/Oq0aTzP+oSKPhHiHY9Leal4HJJm7TNDpcdqkUsCmk=", ··· 624 624 "vendorHash": null 625 625 }, 626 626 "incus": { 627 627 - "hash": "sha256-nyL8sWFgTlJjuAYhBuzThCm89UHwYmb+x+A39z2FCj0=", 627 627 + "hash": "sha256-VHoEUcFwsERC3EKfobTEoWOxuiOEBzEaWXL+mzlTe44=", 628 628 "homepage": "https://registry.terraform.io/providers/lxc/incus", 629 629 "owner": "lxc", 630 630 "repo": "terraform-provider-incus", 631 631 - "rev": "v0.1.2", 631 631 + "rev": "v0.1.4", 632 632 "spdx": "MPL-2.0", 633 633 - "vendorHash": "sha256-81ykw34Qj5qAAa06p7br94bvlIM4uNiKNUI8d+Gw07g=" 633 633 + "vendorHash": "sha256-7MQi9gJU0RAm9jTiY/YjkEU5QsxSX2lbUC7qvT20mes=" 634 634 }, 635 635 "infoblox": { 636 636 "hash": "sha256-x5WGCYvsXby2O8J15fvoRNsYnBCaYdjx6LuDkYAfIlU=", ··· 651 651 "vendorHash": "sha256-NEGjgtrn6ZowqSF6NAK1NnSjYVUvfWuH/4R5ZPdTZSs=" 652 652 }, 653 653 "kafka": { 654 654 - "hash": "sha256-bkZfgA/PgLWC3YXrIgoF2YRgOFQhoT+Seeifg1GvVFY=", 654 654 + "hash": "sha256-CIA+0BMVPOpsB83QD6QEVOhohzeEFjFYTQ5UE+9MMIY=", 655 655 "homepage": "https://registry.terraform.io/providers/Mongey/kafka", 656 656 "owner": "Mongey", 657 657 "repo": "terraform-provider-kafka", 658 658 - "rev": "v0.7.1", 658 658 + "rev": "v0.8.1", 659 659 "spdx": "MIT", 660 660 - "vendorHash": "sha256-Adfz3r3xWY7a4u9/m6a1rvQYGq+E8Q5pAuS/uMgZRQM=" 660 660 + "vendorHash": "sha256-wfN5tgW/Pqm6PqHLnuON4SQwd7U6DFj7e8HiTSrTGbo=" 661 661 }, 662 662 "kafka-connect": { 663 663 "hash": "sha256-3EUTte3txaDRz3jh0h23+Bf1tdLeCvPN9x8mYWY5VjI=", ··· 687 687 "vendorHash": "sha256-lXQHo66b9X0jZhoF+5Ix5qewQGyI82VPJ7gGzc2CHao=" 688 688 }, 689 689 "kubernetes": { 690 690 - "hash": "sha256-MlM7OEpzDOmM8BaaGYn6ZSDaIO8IswreOIkLOkbqQHo=", 690 690 + "hash": "sha256-SXHi6iW946P7EjNOtci2b0ioftxMHtqTIZmTBnHvmU4=", 691 691 "homepage": "https://registry.terraform.io/providers/hashicorp/kubernetes", 692 692 "owner": "hashicorp", 693 693 "repo": "terraform-provider-kubernetes", 694 694 - "rev": "v2.31.0", 694 694 + "rev": "v2.32.0", 695 695 "spdx": "MPL-2.0", 696 696 "vendorHash": "sha256-MfXuVZC7aroO83CJTNCh5YfbmMlUG1CiPeGgxhUFjN0=" 697 697 }, 698 698 "launchdarkly": { 699 699 - "hash": "sha256-ZJxtrDGUH/Ea07CwBX+om0Ccsg6oSUjoS9pKIOnl0GM=", 699 699 + "hash": "sha256-ke7o4I6d1JSsk+/6hk0EXUatnyCnXzb8xdgPX/cr4eM=", 700 700 "homepage": "https://registry.terraform.io/providers/launchdarkly/launchdarkly", 701 701 "owner": "launchdarkly", 702 702 "repo": "terraform-provider-launchdarkly", 703 703 - "rev": "v2.19.0", 703 703 + "rev": "v2.20.2", 704 704 "spdx": "MPL-2.0", 705 705 - "vendorHash": "sha256-pO9QTtqA+YG0i+o1+p3PYg8E/mUpzIV3II++CxQcuHE=" 705 705 + "vendorHash": "sha256-v9N7lj7bEgR5HZm1SO0+DSCmQFVnsRvHPMycYMfpYwo=" 706 706 }, 707 707 "libvirt": { 708 708 "hash": "sha256-yGlNBbixrQxjh7zgZoK3YXpUmr1vrLiLZhKpXvQULYg=", ··· 714 714 "vendorHash": "sha256-K/PH8DAi6Wj+isPx9xefQcLPKnrimfItZFSPfktTias=" 715 715 }, 716 716 "linode": { 717 717 - "hash": "sha256-X7Uslu8HjJg/Ikz48hg1aIaDNNcr3Xz4gBTPB+y949k=", 717 717 + "hash": "sha256-4uRKers66pbuft7lWKzBbsE3fFWTfyozWvGjmDke210=", 718 718 "homepage": "https://registry.terraform.io/providers/linode/linode", 719 719 "owner": "linode", 720 720 "repo": "terraform-provider-linode", 721 721 - "rev": "v2.23.1", 721 721 + "rev": "v2.27.0", 722 722 "spdx": "MPL-2.0", 723 723 - "vendorHash": "sha256-lQ1+MVErv0g2Q7PSrO95Qzs0o/0hpL6JKK9E5J1EGic=" 723 723 + "vendorHash": "sha256-bWyHzN+W3G83V8sjqn1bfLBuB71/O5DuUWsro58A2xs=" 724 724 }, 725 725 "linuxbox": { 726 726 "hash": "sha256-MzasMVtXO7ZeZ+qEx2Z+7881fOIA0SFzSvXVHeEROtg=", ··· 741 741 "vendorHash": "sha256-PpLqFek6FnD+xWF8QMS2PFUP7sXXVWWWosq6fpLRzxg=" 742 742 }, 743 743 "lxd": { 744 744 - "hash": "sha256-z7AjOKMSf2XnyCQiBcjFY0V9mDLF6Fj54Ck7971Ehio=", 744 744 + "hash": "sha256-LGho9iCjKn0OR8sbnkduZtLIxcnVwpedvVinA78791c=", 745 745 "homepage": "https://registry.terraform.io/providers/terraform-lxd/lxd", 746 746 "owner": "terraform-lxd", 747 747 "repo": "terraform-provider-lxd", 748 748 - "rev": "v2.1.0", 748 748 + "rev": "v2.3.0", 749 749 "spdx": "MPL-2.0", 750 750 - "vendorHash": "sha256-fu6EgUIw1rFswXM3xUi0DLSChhl2c3a70uJO7aZhX+I=" 750 750 + "vendorHash": "sha256-J1KWnU0IspjoosI5wIAc8ygOImXlc3tFkhV3yDXoDl4=" 751 751 }, 752 752 "mailgun": { 753 753 "hash": "sha256-Sj6iejtaSdAPg2tI5f0b88Lni431cervHxlQWwGl8Bo=", ··· 777 777 "vendorHash": "sha256-QxbZv6YMa5/I4bTeQBNdmG3EKtLEmstnH7HMiZzFJrI=" 778 778 }, 779 779 "migadu": { 780 780 - "hash": "sha256-EGVIk828DwYGMkRBGs3Lnt9goYb+biWoZcXmfuy/OPg=", 780 780 + "hash": "sha256-/VR2pko5ctH/Gz3zUMhmwlZOpxQPu1AgZ3wRddndf6c=", 781 781 "homepage": "https://registry.terraform.io/providers/metio/migadu", 782 782 "owner": "metio", 783 783 "repo": "terraform-provider-migadu", 784 784 - "rev": "2024.6.6", 784 784 + "rev": "2024.9.5", 785 785 "spdx": "0BSD", 786 786 - "vendorHash": "sha256-xUb3tRMG9Exth2d2/1hGVa3llFss99up1cnNaldwse0=" 786 786 + "vendorHash": "sha256-3pPRgmoC0eYFyu/kNpJty45MfIjBMN5uV8l7iQErAns=" 787 787 }, 788 788 "minio": { 789 789 - "hash": "sha256-P+rhDVmZl8DouSOTkBRE2MNG0ZcpLDveO3Npt1AIEGU=", 789 789 + "hash": "sha256-1f6T5sfrBPgwxKKZMknd3JJd7mv90zuGtXInDPKAg0M=", 790 790 "homepage": "https://registry.terraform.io/providers/aminueza/minio", 791 791 "owner": "aminueza", 792 792 "repo": "terraform-provider-minio", 793 793 - "rev": "v2.3.2", 793 793 + "rev": "v2.5.0", 794 794 "spdx": "AGPL-3.0", 795 795 "vendorHash": "sha256-Gn4P4NIksv8S4DmnuYArxdSQDQsyCeayJJAIkmm/I6A=" 796 796 }, 797 797 "mongodbatlas": { 798 798 - "hash": "sha256-8A2csdDMS5W0SzVRy7QATWUEDEZqR7gLRDpVAeROsZk=", 798 798 + "hash": "sha256-ZAgoC6HNBIQP3tCo3+kZh7TyMDi+caPstqB5HpjTa5g=", 799 799 "homepage": "https://registry.terraform.io/providers/mongodb/mongodbatlas", 800 800 "owner": "mongodb", 801 801 "repo": "terraform-provider-mongodbatlas", 802 802 - "rev": "v1.17.3", 802 802 + "rev": "v1.18.1", 803 803 "spdx": "MPL-2.0", 804 804 - "vendorHash": "sha256-idXan9/OGEKY+VT2dwWwj+P1fFQIrIs2ghkthz53j/g=" 804 804 + "vendorHash": "sha256-llbYJi3ghgh9y97ri03a7ZBXSUPMs7f3FLd4iLRRmmk=" 805 805 }, 806 806 "namecheap": { 807 807 "hash": "sha256-g3i7jZBOl2umsyRk1z7Radv8a9Ry6oQ8oorv3YbY7Xo=", ··· 822 822 "vendorHash": null 823 823 }, 824 824 "newrelic": { 825 825 - "hash": "sha256-hJKYz95+i1j1KhDuh5Jcm8cZzBAD3cK5+a5B1vCYBXM=", 825 825 + "hash": "sha256-Q1wY613U8cdAlHd+mVTKVNO4KBqVm2/HcKp66DTzbII=", 826 826 "homepage": "https://registry.terraform.io/providers/newrelic/newrelic", 827 827 "owner": "newrelic", 828 828 "repo": "terraform-provider-newrelic", 829 829 - "rev": "v3.39.1", 829 829 + "rev": "v3.45.0", 830 830 "spdx": "MPL-2.0", 831 831 - "vendorHash": "sha256-EHO78DEZ92WRDP8ZA0M9zdZ8KsPWMA2ljgFY6dX29YM=" 831 831 + "vendorHash": "sha256-C3dDWWmV7YrorPps0m0V9DQDraID57+vXWg8pBIYXIE=" 832 832 }, 833 833 "nomad": { 834 834 - "hash": "sha256-42QZfbbugxV6USCz0Urnhfcsf+DZKpOepC44Z37dGkw=", 834 834 + "hash": "sha256-OdttxZEY4fiLiK6ReoIFjN3VAvEgARQ9yBAqemVyheU=", 835 835 "homepage": "https://registry.terraform.io/providers/hashicorp/nomad", 836 836 "owner": "hashicorp", 837 837 "repo": "terraform-provider-nomad", 838 838 - "rev": "v2.3.0", 838 838 + "rev": "v2.3.1", 839 839 "spdx": "MPL-2.0", 840 840 - "vendorHash": "sha256-+4JU2z56W/uT+DW4+LRf1hwK0nLK9WARTY31bqMpHNM=" 840 840 + "vendorHash": "sha256-WTfhKSaSzXOsYH8Aso735y5fYCKEjwMtWto5oZ6lU4s=" 841 841 }, 842 842 "ns1": { 843 843 - "hash": "sha256-96q68P+d7K4UycCZ0Z5w3HWIcKwsC4/UD6WPU6yyC7M=", 843 843 + "hash": "sha256-3NDHEpvBlVb3IgkEjJ1g2Jpvy2MbgXSeabuCPlpKZmM=", 844 844 "homepage": "https://registry.terraform.io/providers/ns1-terraform/ns1", 845 845 "owner": "ns1-terraform", 846 846 "repo": "terraform-provider-ns1", 847 847 - "rev": "v2.3.1", 847 847 + "rev": "v2.4.1", 848 848 "spdx": "MPL-2.0", 849 849 - "vendorHash": "sha256-0RRZF7/NHo9y7SUKZbq8nNU+gFdCb0u4XJgsobNeWsk=" 849 849 + "vendorHash": "sha256-jTsjVhVEgtI3B+tLl9xLqQsGI2piQc6QA2EHqfVhDxg=" 850 850 }, 851 851 "null": { 852 852 "hash": "sha256-KOwJXGvMc9Xgq4Kbr72aW6RDwzldUrU1C3aDxpKO3qE=", ··· 868 868 "vendorHash": "sha256-LRIfxQGwG988HE5fftGl6JmBG7tTknvmgpm4Fu1NbWI=" 869 869 }, 870 870 "oci": { 871 871 - "hash": "sha256-yiHBWcOE2QxyhzKqjSPvgqAFu0hL13idWXbwkhAhNeE=", 871 871 + "hash": "sha256-LlRy0i4JGjaeHMQMWUYtKgJOUqm0RFwtyDO+KtQcCRI=", 872 872 "homepage": "https://registry.terraform.io/providers/oracle/oci", 873 873 "owner": "oracle", 874 874 "repo": "terraform-provider-oci", 875 875 - "rev": "v6.1.0", 875 875 + "rev": "v6.9.0", 876 876 "spdx": "MPL-2.0", 877 877 "vendorHash": null 878 878 }, 879 879 "okta": { 880 880 - "hash": "sha256-GHC2HhpyPBQ5gPg/HPmP+Bms6O5mLhdAysKW58FWhwA=", 880 880 + "hash": "sha256-lSZWAAZWkM2+fgLpbfsHLvu1m6R8LMrtc7hUPdwiioc=", 881 881 "homepage": "https://registry.terraform.io/providers/okta/okta", 882 882 "owner": "okta", 883 883 "repo": "terraform-provider-okta", 884 884 - "rev": "v4.9.1", 884 884 + "rev": "v4.10.0", 885 885 "spdx": "MPL-2.0", 886 886 - "vendorHash": "sha256-71z33jsQmNQoCVSQCiyjHnfUMtwY+KB5Mn2MHItwGa0=" 886 886 + "vendorHash": "sha256-8Wez4UkS0LsJTtgepdPpyZHhNZADxvGwOEVu6RLBI0o=" 887 887 }, 888 888 "oktaasa": { 889 889 "hash": "sha256-2LhxgowqKvDDDOwdznusL52p2DKP+UiXALHcs9ZQd0U=", ··· 895 895 "vendorHash": null 896 896 }, 897 897 "onepassword": { 898 898 - "hash": "sha256-rdS9Udzfc/U7E4CIyySnntOCVBBZL0/GuAiVCI5uMrc=", 898 898 + "hash": "sha256-u2nSzEKD0o/e0AzeHdKQj3+h7mAt6r5cxaKsPn6nRGo=", 899 899 "homepage": "https://registry.terraform.io/providers/1Password/onepassword", 900 900 "owner": "1Password", 901 901 "repo": "terraform-provider-onepassword", 902 902 - "rev": "v2.1.0", 902 902 + "rev": "v2.1.2", 903 903 "spdx": "MIT", 904 904 "vendorHash": null 905 905 }, ··· 913 913 "vendorHash": "sha256-Hd6vh4ihuR1rRk5yIu1mPuDMb4Not4soKld10MfOuGU=" 914 914 }, 915 915 "openstack": { 916 916 - "hash": "sha256-NSfKyXTuPiEYFE8guWsRcJsKiccMrHJRK4I5REzzIZQ=", 916 916 + "hash": "sha256-Vt6cFZBfM5sP62zWeyoCuEPU6vRucGG8z7zeQywDA40=", 917 917 "homepage": "https://registry.terraform.io/providers/terraform-provider-openstack/openstack", 918 918 "owner": "terraform-provider-openstack", 919 919 "repo": "terraform-provider-openstack", 920 920 - "rev": "v2.0.0", 920 920 + "rev": "v2.1.0", 921 921 "spdx": "MPL-2.0", 922 922 - "vendorHash": "sha256-TS1Zp9IMD+Mq91QhyRuDgzbwd61bASWLPft5JdNCcy4=" 922 922 + "vendorHash": "sha256-UH4LgC4UATpglZ2lYb92LvEeAgqXyDFzujNnaYCYN3g=" 923 923 }, 924 924 "opentelekomcloud": { 925 925 - "hash": "sha256-UhECzYRA9AaATeYdC68ALd3aoB8G0okWQm1U9VkgL5c=", 925 925 + "hash": "sha256-CXWaIISfDtT6jTdFKE67LiRPlGaq+9fRO77GqIMrZhs=", 926 926 "homepage": "https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud", 927 927 "owner": "opentelekomcloud", 928 928 "repo": "terraform-provider-opentelekomcloud", 929 929 - "rev": "v1.36.12", 929 929 + "rev": "v1.36.18", 930 930 "spdx": "MPL-2.0", 931 931 - "vendorHash": "sha256-PwYc9p8nRe0QkgLKLOeb7KYTLgFiT2JQGsmTfFLzBH4=" 931 931 + "vendorHash": "sha256-vsK74qZ20VOID5sg7kHjxBXiu1dkyJ961zFf0+QkqH0=" 932 932 }, 933 933 "opsgenie": { 934 934 - "hash": "sha256-ZssKhfwFrzCjvlebEmKAHWBInN5daVqxbmVFoA92dv8=", 934 934 + "hash": "sha256-+msy9kPAryR0Ll5jKOd47DMjeMxEdSIfKZZKVHohQGY=", 935 935 "homepage": "https://registry.terraform.io/providers/opsgenie/opsgenie", 936 936 "owner": "opsgenie", 937 937 "repo": "terraform-provider-opsgenie", 938 938 - "rev": "v0.6.35", 938 938 + "rev": "v0.6.37", 939 939 "spdx": "MPL-2.0", 940 940 "vendorHash": null 941 941 }, 942 942 "ovh": { 943 943 - "hash": "sha256-346lBl1AnEdZmLEfsPiTW7I6rhOv61t004DBx7gRkF8=", 943 943 + "hash": "sha256-XVNinT1kjvjrVLB4NXELw1Rf6UZEkX4el+dKzOO0QjY=", 944 944 "homepage": "https://registry.terraform.io/providers/ovh/ovh", 945 945 "owner": "ovh", 946 946 "repo": "terraform-provider-ovh", 947 947 - "rev": "v0.45.0", 947 947 + "rev": "v0.48.0", 948 948 "spdx": "MPL-2.0", 949 949 "vendorHash": null 950 950 }, 951 951 "pagerduty": { 952 952 - "hash": "sha256-sXFRN05mn5hMIqxhwIvYWlMgkrUGZqi+J29Sq9GRS90=", 952 952 + "hash": "sha256-+8Ar/PDGSSe9Xs2BoNndrBCXZpgqKHNXz7HNVvok1Eo=", 953 953 "homepage": "https://registry.terraform.io/providers/PagerDuty/pagerduty", 954 954 "owner": "PagerDuty", 955 955 "repo": "terraform-provider-pagerduty", 956 956 - "rev": "v3.14.5", 956 956 + "rev": "v3.15.6", 957 957 "spdx": "MPL-2.0", 958 958 "vendorHash": null 959 959 }, ··· 976 976 "vendorHash": "sha256-pbJk35O8EowCa2dgLCrPDgakR0EJVaAnEvePGnrl/YQ=" 977 977 }, 978 978 "postgresql": { 979 979 - "hash": "sha256-UNnAe5alro4dEZ9x2ZDsjybOgHq2IVs8w9rMcMJBm8w=", 979 979 + "hash": "sha256-v/88uUvILQT0uHRgfwMuLQWw0ma2ELT691kQ9GVjr/A=", 980 980 "homepage": "https://registry.terraform.io/providers/cyrilgdn/postgresql", 981 981 "owner": "cyrilgdn", 982 982 "repo": "terraform-provider-postgresql", 983 983 - "rev": "v1.22.0", 983 983 + "rev": "v1.23.0", 984 984 "spdx": "MPL-2.0", 985 985 - "vendorHash": "sha256-omJjWeCLIdHIySQW8tcDPQ1XPmfWbPDOGwPUedrb8Bw=" 985 985 + "vendorHash": "sha256-fHNXJGyOWGF7Dwfk14GWmLXSIENsshIHbxkF7iQJNuI=" 986 986 }, 987 987 "powerdns": { 988 988 "hash": "sha256-NtJs2oNJbjUYNFsbrfo2RYhqOlKA15GJt9gi1HuTIw0=", ··· 994 994 "vendorHash": null 995 995 }, 996 996 "project": { 997 997 - "hash": "sha256-CuUHTuq2ufSuolpvfkT4Q30tiIGkpuIoYCYqY9EOd9s=", 997 997 + "hash": "sha256-rxv1owtlc9P9uZDReH0lKFUUTSL+X+HlkWL5FWz3bHw=", 998 998 "homepage": "https://registry.terraform.io/providers/jfrog/project", 999 999 "owner": "jfrog", 1000 1000 "repo": "terraform-provider-project", 1001 1001 - "rev": "v1.6.2", 1001 1001 + "rev": "v1.7.2", 1002 1002 "spdx": "Apache-2.0", 1003 1003 - "vendorHash": "sha256-UcoTldBVqCPh1SVaZm2aKeRVCVfgE/zGOR7+feDEUM0=" 1003 1003 + "vendorHash": "sha256-ld52rPoG4bCfU+qizliuwmz6ncxrhcoAYOEZo5mnCYI=" 1004 1004 }, 1005 1005 "proxmox": { 1006 1006 "hash": "sha256-ikXLLNoAjrnGGGI3fHTKFXm8YwqNazE/U39JTjOBsW4=", ··· 1021 1021 "vendorHash": "sha256-j+3qtGlueKZgf0LuNps4Wc9G3EmpSgl8ZNSLqslyizI=" 1022 1022 }, 1023 1023 "rancher2": { 1024 1024 - "hash": "sha256-w9oAeE8KuD7kdBFOkNgifaELrxr3X1yKYXFiQLyaGY8=", 1024 1024 + "hash": "sha256-n4sEIew7C7tG19paaJjgtCwGt5KhUyoR/OGoLu4Kal8=", 1025 1025 "homepage": "https://registry.terraform.io/providers/rancher/rancher2", 1026 1026 "owner": "rancher", 1027 1027 "repo": "terraform-provider-rancher2", 1028 1028 - "rev": "v4.1.0", 1028 1028 + "rev": "v5.0.0", 1029 1029 "spdx": "MPL-2.0", 1030 1030 - "vendorHash": "sha256-kzOEHkVCHOwISXVPmKbJJ2BbBdIJ3G1JtA1nFGZYnG8=" 1030 1030 + "vendorHash": "sha256-uIyLOqabx8wQurxcG70LHm+jBga+bCNyf5XxGrt5OKA=" 1031 1031 }, 1032 1032 "random": { 1033 1033 "hash": "sha256-10SRHJx7h04qRH4XnBsqiwJ43nxTodj89kkik2UTI6E=", ··· 1057 1057 "vendorHash": null 1058 1058 }, 1059 1059 "scaleway": { 1060 1060 - "hash": "sha256-VTtS5iqeMzcaVveMlnJZDrXUSf0Ts/FG7STVix08mQs=", 1060 1060 + "hash": "sha256-h30SfKtx2l9zp9ZGy1KRoQRmb83B4e48R/URJ2I2J+U=", 1061 1061 "homepage": "https://registry.terraform.io/providers/scaleway/scaleway", 1062 1062 "owner": "scaleway", 1063 1063 "repo": "terraform-provider-scaleway", 1064 1064 - "rev": "v2.41.3", 1064 1064 + "rev": "v2.44.0", 1065 1065 "spdx": "MPL-2.0", 1066 1066 - "vendorHash": "sha256-eLQLozDXk83vjfTrsJHQqU3GMZToMwvjadqf+X7OeOU=" 1066 1066 + "vendorHash": "sha256-crp1XJRsWBEhRFC1CzLTgBTrTLaM2Y39Mwx+l1mg0Ks=" 1067 1067 }, 1068 1068 "secret": { 1069 1069 "hash": "sha256-MmAnA/4SAPqLY/gYcJSTnEttQTsDd2kEdkQjQj6Bb+A=", ··· 1075 1075 "vendorHash": null 1076 1076 }, 1077 1077 "selectel": { 1078 1078 - "hash": "sha256-yIQdxwkcpFKm2+woHW7yClWAwQr82XaCDFHh6KAOaQI=", 1078 1078 + "hash": "sha256-cLN0wNT8Yn+uiaGZFzdDg1ZN4pzm5VHriMgRGZv3ZpU=", 1079 1079 "homepage": "https://registry.terraform.io/providers/selectel/selectel", 1080 1080 "owner": "selectel", 1081 1081 "repo": "terraform-provider-selectel", 1082 1082 - "rev": "v5.1.1", 1082 1082 + "rev": "v5.3.0", 1083 1083 "spdx": "MPL-2.0", 1084 1084 - "vendorHash": "sha256-PyATpaCqu8csmpf83EODKgecZaquraFlh1bTYhhhBO4=" 1084 1084 + "vendorHash": "sha256-MP44e56j7rLyT4+TbFDfDb5GNc/LzZNLplm1/qqeGiw=" 1085 1085 }, 1086 1086 "sentry": { 1087 1087 "hash": "sha256-iTwl5FowrrhznO+Zr7QXy7/6HlYWCryZTMxNsBGSfWI=", ··· 1102 1102 "vendorHash": "sha256-MIO0VHofPtKPtynbvjvEukMNr5NXHgk7BqwIhbc9+u0=" 1103 1103 }, 1104 1104 "signalfx": { 1105 1105 - "hash": "sha256-JPL2VjYIg8qW9kk6QaT3+alWtMvKHXRlqLD6AZ2+cQ0=", 1105 1105 + "hash": "sha256-OmM3NvTnT/yZBgBYf15vITJSVOXQ7Vvqn6T6+LXOpbk=", 1106 1106 "homepage": "https://registry.terraform.io/providers/splunk-terraform/signalfx", 1107 1107 "owner": "splunk-terraform", 1108 1108 "repo": "terraform-provider-signalfx", 1109 1109 - "rev": "v9.1.5", 1109 1109 + "rev": "v9.1.6", 1110 1110 "spdx": "MPL-2.0", 1111 1111 - "vendorHash": "sha256-uPAWL2BigYiazZQSScM/J39dLDtYheq2P6l4A9M3rOA=" 1111 1111 + "vendorHash": "sha256-h+tusSFbu4jmfu0v1BwRrSoDEPYjXZwQ+YykRUoXlv4=" 1112 1112 }, 1113 1113 "skytap": { 1114 1114 "hash": "sha256-JII4czazo6Di2sad1uFHMKDO2gWgZlQE8l/+IRYHQHU=", ··· 1129 1129 "vendorHash": "sha256-F1AuO/dkldEDRvkwrbq2EjByxjg3K2rohZAM4DzKPUw=" 1130 1130 }, 1131 1131 "snowflake": { 1132 1132 - "hash": "sha256-3vC246+XoCfmnEdNFHW8iy0fy5aN+kmaZzgJot4hKs0=", 1132 1132 + "hash": "sha256-jIzLT2tQViOdNOQ462fM1SFt0E22QZbUdh33OjmUf+k=", 1133 1133 "homepage": "https://registry.terraform.io/providers/Snowflake-Labs/snowflake", 1134 1134 "owner": "Snowflake-Labs", 1135 1135 "repo": "terraform-provider-snowflake", 1136 1136 - "rev": "v0.92.0", 1136 1136 + "rev": "v0.95.0", 1137 1137 "spdx": "MIT", 1138 1138 - "vendorHash": "sha256-pxti3wXBke16zoEPaTbXrTc/LI1QbvKfBvbUSxnAIOk=" 1138 1138 + "vendorHash": "sha256-FPIqTXbGLui6QW1bFhwV4rGgo8IUw3XkmryqmjpM5Sw=" 1139 1139 }, 1140 1140 "sops": { 1141 1141 - "hash": "sha256-ZastswL5AVurQY3xn6yx3M1BMvQ9RjfcZdXX0S/oZqw=", 1141 1141 + "hash": "sha256-MdsWKV98kWpZpTK5qC7x6vN6cODxeeiVVc+gtlh1s88=", 1142 1142 "homepage": "https://registry.terraform.io/providers/carlpett/sops", 1143 1143 "owner": "carlpett", 1144 1144 "repo": "terraform-provider-sops", 1145 1145 - "rev": "v1.0.0", 1145 1145 + "rev": "v1.1.1", 1146 1146 "spdx": "MPL-2.0", 1147 1147 - "vendorHash": "sha256-8W1PK4T98iK1N6EB6AVjvr1P9Ja51+kSOmYAEosxrh8=" 1147 1147 + "vendorHash": "sha256-YFV+qXD78eajSeagJPgPu+qIktx1Vh/ZT0fUPOBuZyo=" 1148 1148 }, 1149 1149 "spacelift": { 1150 1150 - "hash": "sha256-xDkOngj8wPsqZhyYh0oVA9YVwMY+bRnpXL2yjpkN38M=", 1150 1150 + "hash": "sha256-kEfZ1ErNMdUGw1eRiX4SphreCCGMQj1Wj0DLFikTfxI=", 1151 1151 "homepage": "https://registry.terraform.io/providers/spacelift-io/spacelift", 1152 1152 "owner": "spacelift-io", 1153 1153 "repo": "terraform-provider-spacelift", 1154 1154 - "rev": "v1.14.0", 1154 1154 + "rev": "v1.15.0", 1155 1155 "spdx": "MIT", 1156 1156 "vendorHash": "sha256-m/J390su2nUpYMXrrYcOfKSjZb5Y23+g24rroLRss4U=" 1157 1157 }, 1158 1158 "spotinst": { 1159 1159 - "hash": "sha256-SOzaTZIBEC9se942ofYHURH8btw38upJtnlDDWmLcTM=", 1159 1159 + "hash": "sha256-ChtaZkztmyFPJvtoE+TUPzZyEEoZ6y3o1CgnKsnK6I4=", 1160 1160 "homepage": "https://registry.terraform.io/providers/spotinst/spotinst", 1161 1161 "owner": "spotinst", 1162 1162 "repo": "terraform-provider-spotinst", 1163 1163 - "rev": "v1.180.2", 1163 1163 + "rev": "v1.190.0", 1164 1164 "spdx": "MPL-2.0", 1165 1165 - "vendorHash": "sha256-mgDWGimTq7AODC+ojipWUgCDKpC/EP/W8x8kbey05mQ=" 1165 1165 + "vendorHash": "sha256-JGwBQMsMGxH5ceHOd5CbSQFQdL6u99lHpWFgJUyMYRQ=" 1166 1166 }, 1167 1167 "ssh": { 1168 1168 "hash": "sha256-1UN5QJyjCuxs2vQYlSuz2jsu/HgGTxOoWWRcv4qcwow=", ··· 1192 1192 "vendorHash": "sha256-9M1DsE/FPQK8TG7xCJWbU3HAJCK3p/7lxdzjO1oAfWs=" 1193 1193 }, 1194 1194 "sumologic": { 1195 1195 - "hash": "sha256-LPJwJ6j/eZzOliHH7Ci49c5CqDckaqSm7ikLKTVhuew=", 1195 1195 + "hash": "sha256-e/Vmu+odmn/IasHl6dSy5aYLRi/lTcVjpzJl+YYn1mg=", 1196 1196 "homepage": "https://registry.terraform.io/providers/SumoLogic/sumologic", 1197 1197 "owner": "SumoLogic", 1198 1198 "repo": "terraform-provider-sumologic", 1199 1199 - "rev": "v2.31.1", 1199 1199 + "rev": "v2.31.3", 1200 1200 "spdx": "MPL-2.0", 1201 1201 "vendorHash": "sha256-YdWs2orKhbwAZSQYC73t4e/vvVxk8LrBPG9ZC38VcZE=" 1202 1202 }, 1203 1203 "tailscale": { 1204 1204 - "hash": "sha256-hMcnHTdxxEfAU5cd0nlK2Bc+fxfrERk4wYaRidPM4mA=", 1204 1204 + "hash": "sha256-GflanQbIPpS0mxmw7LXeTfPly+CmgpsoLHBIMe6f7xM=", 1205 1205 "homepage": "https://registry.terraform.io/providers/tailscale/tailscale", 1206 1206 "owner": "tailscale", 1207 1207 "repo": "terraform-provider-tailscale", 1208 1208 - "rev": "v0.16.1", 1208 1208 + "rev": "v0.16.2", 1209 1209 "spdx": "MIT", 1210 1210 "vendorHash": "sha256-RAmAN57hIHvQvZ2pjbLbanixUk8Cart6a3PQPXhnx9U=" 1211 1211 }, ··· 1219 1219 "vendorHash": "sha256-939lQsdp0Ixj9FU7IqxbOAM93GwL+X6gC3kY5/0x+AE=" 1220 1220 }, 1221 1221 "temporalcloud": { 1222 1222 - "hash": "sha256-PIqsCdIaFob/C2b1Rem/JYl7bQVvdRecDQDkcAZutz0=", 1222 1222 + "hash": "sha256-OD3cCNRZG9wQSu/aFmnVzcUbJyASusM1rt2PdpWKXkI=", 1223 1223 "homepage": "https://registry.terraform.io/providers/temporalio/temporalcloud", 1224 1224 "owner": "temporalio", 1225 1225 "repo": "terraform-provider-temporalcloud", 1226 1226 - "rev": "v0.0.9", 1226 1226 + "rev": "v0.0.11", 1227 1227 "spdx": "MPL-2.0", 1228 1228 "vendorHash": "sha256-/yXPJgwpUCKRs3Sf2BbuHp3pfQiheTAh7Auxk3qkTFg=" 1229 1229 }, 1230 1230 "tencentcloud": { 1231 1231 - "hash": "sha256-PZWBVLUfWn13B7saz2XecMv6pWWqPMOfBzqr2pErnvs=", 1231 1231 + "hash": "sha256-HgBC+C7z15cdVUBOAaPE3ddhEKMfp7Ow+lWqS/EkD98=", 1232 1232 "homepage": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud", 1233 1233 "owner": "tencentcloudstack", 1234 1234 "repo": "terraform-provider-tencentcloud", 1235 1235 - "rev": "v1.81.107", 1235 1235 + "rev": "v1.81.120", 1236 1236 "spdx": "MPL-2.0", 1237 1237 "vendorHash": null 1238 1238 }, 1239 1239 "tfe": { 1240 1240 - "hash": "sha256-mfJtQs+fl7zfysWJO/EBM/DMYYOvR5nuOwDA6sei1PI=", 1240 1240 + "hash": "sha256-lXwdNtdbCwiotVCGBIiAPHUjNdj+srpBaW30GUWW0ao=", 1241 1241 "homepage": "https://registry.terraform.io/providers/hashicorp/tfe", 1242 1242 "owner": "hashicorp", 1243 1243 "repo": "terraform-provider-tfe", 1244 1244 - "rev": "v0.56.0", 1244 1244 + "rev": "v0.58.1", 1245 1245 "spdx": "MPL-2.0", 1246 1246 - "vendorHash": "sha256-heMfI1NLjOHSKondXY8mRCNWFedSYJqfn9nU2Ywj57c=" 1246 1246 + "vendorHash": "sha256-eeVkzZ+ATTyZCEq4loEbIb0XO/Ir1jejUaWi4Jd6nMo=" 1247 1247 }, 1248 1248 "thunder": { 1249 1249 - "hash": "sha256-ezolcZ652YUV/CDoNKNRZkiRpRoa5AMqHxeYLxluA5A=", 1249 1249 + "hash": "sha256-2i1DSOSt/vbFs0QCPogEBvADhLJFKbrQzwZ20ChCQMk=", 1250 1250 "homepage": "https://registry.terraform.io/providers/a10networks/thunder", 1251 1251 "owner": "a10networks", 1252 1252 "repo": "terraform-provider-thunder", 1253 1253 - "rev": "v1.4.1", 1253 1253 + "rev": "v1.4.2", 1254 1254 "spdx": "BSD-2-Clause", 1255 1255 "vendorHash": null 1256 1256 }, 1257 1257 "time": { 1258 1258 - "hash": "sha256-Uwe0VpY7CKXNy6RNS+yoIkyLmMQ2daJ5x7IhJV+KuxU=", 1258 1258 + "hash": "sha256-mAGBcBMd00r2URY/jqZQBLjo0mN+IMG5ONVKj0AwXNs=", 1259 1259 "homepage": "https://registry.terraform.io/providers/hashicorp/time", 1260 1260 "owner": "hashicorp", 1261 1261 "repo": "terraform-provider-time", 1262 1262 - "rev": "v0.11.2", 1262 1262 + "rev": "v0.12.0", 1263 1263 "spdx": "MPL-2.0", 1264 1264 - "vendorHash": "sha256-dmBCjbVmK4Qa07bcgUxKch5Vj7nylgNA7rzx+7ag3CY=" 1264 1264 + "vendorHash": "sha256-C40wkY1M9d5oPO6TOm/iu99Gcrnnin1ggn9mbOJ0YjY=" 1265 1265 }, 1266 1266 "tls": { 1267 1267 "hash": "sha256-2K18jY2+oPvelMtZ2o4WJcAPhc93nCvJdHq+VNfmWZI=", ··· 1283 1283 "vendorHash": "sha256-UuLHaOEG6jmOAgfdNOtLyUimlAr3g6K8n3Ehu64sKqk=" 1284 1284 }, 1285 1285 "turbot": { 1286 1286 - "hash": "sha256-OmhNZZcCw6tGsL3Ha4cdg76GHqMjKeRB6aOXfqkIOjQ=", 1286 1286 + "hash": "sha256-lVKJKMCAm8paXxfPo6YvJBnHdmV4iwaTYmwdN31s/e4=", 1287 1287 "homepage": "https://registry.terraform.io/providers/turbot/turbot", 1288 1288 "owner": "turbot", 1289 1289 "repo": "terraform-provider-turbot", 1290 1290 - "rev": "v1.10.1", 1290 1290 + "rev": "v1.11.1", 1291 1291 "spdx": "MPL-2.0", 1292 1292 "vendorHash": null 1293 1293 }, ··· 1301 1301 "vendorHash": null 1302 1302 }, 1303 1303 "utils": { 1304 1304 - "hash": "sha256-9a8K2Yl3hfmUG+/QgQJdXnW6lxkOJps1BskFto3tIwg=", 1304 1304 + "hash": "sha256-bxjEdmPgKPFpRM9Jz9nichDhXY+7x74WS6VjZGf9VUE=", 1305 1305 "homepage": "https://registry.terraform.io/providers/cloudposse/utils", 1306 1306 "owner": "cloudposse", 1307 1307 "repo": "terraform-provider-utils", 1308 1308 - "rev": "1.23.0", 1308 1308 + "rev": "v1.26.0", 1309 1309 "spdx": "Apache-2.0", 1310 1310 - "vendorHash": "sha256-oaVBYSH2ix9SUqvrFo+oBIS80/Sb3E7Z/Jpvznt+OtU=" 1310 1310 + "vendorHash": "sha256-zJtVKDaqOMQqyAzq4VtVv5MgXS999BwxeWhXQI6McC4=" 1311 1311 }, 1312 1312 "vault": { 1313 1313 - "hash": "sha256-tPRwdSwygypfgXAS3QmZNAb4GXe/8IFsRs8YGa4HDJg=", 1313 1313 + "hash": "sha256-EiCLz5Z0ztwWrn8yHG9JnuIizicpi3WtvDSGyBtzgSY=", 1314 1314 "homepage": "https://registry.terraform.io/providers/hashicorp/vault", 1315 1315 "owner": "hashicorp", 1316 1316 "repo": "terraform-provider-vault", 1317 1317 - "rev": "v4.3.0", 1317 1317 + "rev": "v4.4.0", 1318 1318 "spdx": "MPL-2.0", 1319 1319 - "vendorHash": "sha256-rS6tigtjTGG2c4FwSjn6dvblwqYtPQS/tl7qQ+P7uVM=" 1319 1319 + "vendorHash": "sha256-z9qg6NVKYIU2OQTW8g72t6B69aTL/BeLCUFeoII75cE=" 1320 1320 }, 1321 1321 "vcd": { 1322 1322 "hash": "sha256-4+7CblKeop9Uwpl7XxjmR33XE/mcmZfOuFJrJuqzZmw=", ··· 1364 1364 "vendorHash": null 1365 1365 }, 1366 1366 "vsphere": { 1367 1367 - "hash": "sha256-rF7gtZUPse6ewcawmxlIfCmVRKKNJMUwqVVEBaLvLbE=", 1367 1367 + "hash": "sha256-V13LeUNJ4LbP18CMRphU/w/7eytg49j5//gl/sZSV04=", 1368 1368 "homepage": "https://registry.terraform.io/providers/hashicorp/vsphere", 1369 1369 "owner": "hashicorp", 1370 1370 "repo": "terraform-provider-vsphere", 1371 1371 - "rev": "v2.8.2", 1371 1371 + "rev": "v2.9.1", 1372 1372 "spdx": "MPL-2.0", 1373 1373 - "vendorHash": "sha256-TxaYIJtEIgy0Q56Gk1JXqIUuVyVJNVH0gKmdzzDWW/E=" 1373 1373 + "vendorHash": "sha256-ozdbYuqz6ua1ubh48IkLxJZ6xAV2ho9mkhtnCTwzRIM=" 1374 1374 }, 1375 1375 "vultr": { 1376 1376 "hash": "sha256-gQwLGnYmB9bwpGrLNdbw+zY0MlPPrY/37rJPtindT1Q=", ··· 1391 1391 "vendorHash": "sha256-GRnVhGpVgFI83Lg34Zv1xgV5Kp8ioKTFV5uaqS80ATg=" 1392 1392 }, 1393 1393 "yandex": { 1394 1394 - "hash": "sha256-FwwjHWwUUtOwZZh0YeUbSnSLFH1Q80ALFHhd0tCAZNQ=", 1394 1394 + "hash": "sha256-47aAZuGLhiHLzk0mvHD48NfoSUs1Ec3R4DGEpbvPyj8=", 1395 1395 "homepage": "https://registry.terraform.io/providers/yandex-cloud/yandex", 1396 1396 "owner": "yandex-cloud", 1397 1397 "repo": "terraform-provider-yandex", 1398 1398 - "rev": "v0.123.0", 1398 1398 + "rev": "v0.128.0", 1399 1399 "spdx": "MPL-2.0", 1400 1400 - "vendorHash": "sha256-K6Khgg9sAG2S/onFUlVG5mZfMtvpvVJeU6YQOyA4Liw=" 1400 1400 + "vendorHash": "sha256-4uHYcg+dJg1bJQRsJWDT9VEsPs5JOvGIdrw8cj0IkrE=" 1401 1401 } 1402 1402 }

+3 -3

pkgs/by-name/do/dotenvx/package.nix

reviewed

··· 8 8 9 9 buildNpmPackage rec { 10 10 pname = "dotenvx"; 11 11 - version = "1.8.0"; 11 11 + version = "1.14.0"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "dotenvx"; 15 15 repo = "dotenvx"; 16 16 rev = "refs/tags/v${version}"; 17 17 - hash = "sha256-j30ZEYO8OBMhEPn+LDipZ/aciWrI9QWStz6tHq0uX7E="; 17 17 + hash = "sha256-UVev21LZ2y0C8BCSm6I8BTQziSDZUXP3A/ThOpKtsrQ="; 18 18 }; 19 19 20 20 - npmDepsHash = "sha256-ZSnrV1C9NX/Wq7cjKlM1w/m6T7snfnPru5g0pqFTGis="; 20 20 + npmDepsHash = "sha256-ehWHIKYkSAkdTLGpBOU7lJoWNa5uv9Zy0+2qwnCv0m8="; 21 21 22 22 dontNpmBuild = true; 23 23

+3 -3

pkgs/by-name/ki/kitex/package.nix

reviewed

··· 7 7 8 8 buildGoModule rec { 9 9 pname = "kitex"; 10 10 - version = "0.10.3"; 10 10 + version = "0.11.0"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "cloudwego"; 14 14 repo = "kitex"; 15 15 rev = "v${version}"; 16 16 - hash = "sha256-aSvN8yjCHxhzLHwQovWFMaoD6ljy8aikxI7jUoeRvDs="; 16 16 + hash = "sha256-SD898LbygIHL0X5YVSoJRdP1GQiB8NGfIAFAlx4Gfe8="; 17 17 }; 18 18 19 19 - vendorHash = "sha256-nscMcJGFZ1YPPynTV+Mp8tXndtlIcszDZm36zMbNBYs="; 19 19 + vendorHash = "sha256-tdtiG0jf7Ilvs1KZWggGyqBOQXAWs+zlF09AN80AoC0="; 20 20 21 21 subPackages = [ "tool/cmd/kitex" ]; 22 22

+61

pkgs/by-name/mo/monitorets/package.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + python3Packages, 4 4 + fetchFromGitHub, 5 5 + meson, 6 6 + ninja, 7 7 + pkg-config, 8 8 + gobject-introspection, 9 9 + wrapGAppsHook4, 10 10 + desktop-file-utils, 11 11 + libadwaita, 12 12 + }: 13 13 + 14 14 + python3Packages.buildPythonApplication rec { 15 15 + pname = "monitorets"; 16 16 + version = "0.10.1"; 17 17 + # built with meson, not a python format 18 18 + pyproject = false; 19 19 + 20 20 + src = fetchFromGitHub { 21 21 + owner = "jorchube"; 22 22 + repo = "monitorets"; 23 23 + rev = "refs/tags/${version}"; 24 24 + hash = "sha256-Y6cd9Wf2IzHwdxzLUP/U4rervlPUr8s2gKSW8y5I7bg="; 25 25 + }; 26 26 + 27 27 + nativeBuildInputs = [ 28 28 + meson 29 29 + ninja 30 30 + pkg-config 31 31 + gobject-introspection 32 32 + wrapGAppsHook4 33 33 + desktop-file-utils 34 34 + ]; 35 35 + 36 36 + buildInputs = [ libadwaita ]; 37 37 + 38 38 + dependencies = with python3Packages; [ 39 39 + pygobject3 40 40 + xdg 41 41 + psutil 42 42 + ]; 43 43 + 44 44 + dontWrapGApps = true; 45 45 + 46 46 + preFixup = '' 47 47 + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") 48 48 + ''; 49 49 + 50 50 + meta = { 51 51 + description = "Simple and quick view at the usage of your computer resources"; 52 52 + homepage = "https://github.com/jorchube/monitorets"; 53 53 + license = with lib.licenses; [ 54 54 + gpl3Plus 55 55 + cc0 56 56 + ]; 57 57 + mainProgram = "monitorets"; 58 58 + maintainers = with lib.maintainers; [ aleksana ]; 59 59 + platforms = lib.platforms.linux; 60 60 + }; 61 61 + }

+2 -2

pkgs/development/python-modules/ansible-compat/default.nix

reviewed

··· 16 16 17 17 buildPythonPackage rec { 18 18 pname = "ansible-compat"; 19 19 - version = "24.8.0"; 19 19 + version = "24.9.0"; 20 20 pyproject = true; 21 21 22 22 disabled = pythonOlder "3.10"; ··· 24 24 src = fetchPypi { 25 25 pname = "ansible_compat"; 26 26 inherit version; 27 27 - hash = "sha256-z6rcY/TYXcv0eI97zsLKhWPntcn9MFgAXv15iPHBciw="; 27 27 + hash = "sha256-xaQqVt0hJiXPyx0x5RpuD1JZNpG94f5KeIgeixt4prg="; 28 28 }; 29 29 30 30 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/etils/default.nix

reviewed

··· 29 29 30 30 buildPythonPackage rec { 31 31 pname = "etils"; 32 32 - version = "1.9.3"; 32 32 + version = "1.9.4"; 33 33 pyproject = true; 34 34 35 35 disabled = pythonOlder "3.10"; 36 36 37 37 src = fetchPypi { 38 38 inherit pname version; 39 39 - hash = "sha256-qjt6hF3jwbabMMoHBG6MT9LoXsvmBKpL8Y6pPnsxhPA="; 39 39 + hash = "sha256-+tlQQU8KHKWMcMcJFbABT5lT3ZvPiqlRoPdf+b7L6yQ="; 40 40 }; 41 41 42 42 nativeBuildInputs = [ flit-core ];

+2 -2

pkgs/development/python-modules/pytest-textual-snapshot/default.nix

reviewed

··· 13 13 14 14 buildPythonPackage rec { 15 15 pname = "pytest-textual-snapshot"; 16 16 - version = "0.4.0"; 16 16 + version = "1.0.0"; 17 17 pyproject = true; 18 18 19 19 disabled = pythonOlder "3.8"; ··· 22 22 owner = "Textualize"; 23 23 repo = "pytest-textual-snapshot"; 24 24 rev = "refs/tags/v${version}"; 25 25 - hash = "sha256-XkXeyodRdwWqCP63Onx82Z3IbNLDDR/Lvaw8xUY7fAg="; 25 25 + hash = "sha256-C8vL2kLOvVcDlTtNiG/pf7PwHzb/F0sWdkEcLvdGrd8="; 26 26 }; 27 27 28 28 nativeBuildInputs = [ poetry-core ];

+2 -2

pkgs/development/python-modules/rns/default.nix

reviewed

··· 13 13 14 14 buildPythonPackage rec { 15 15 pname = "rns"; 16 16 - version = "0.7.6"; 16 16 + version = "0.7.7"; 17 17 pyproject = true; 18 18 19 19 disabled = pythonOlder "3.7"; ··· 22 22 owner = "markqvist"; 23 23 repo = "Reticulum"; 24 24 rev = "refs/tags/${version}"; 25 25 - hash = "sha256-YSaabiCsSoG3BZ/0gM/fRIKQKdQ9MRtlHe+tPnzFJSw="; 25 25 + hash = "sha256-cNOVk7JCu4kMevH9MAWWvtLIzfbBBy+h7bhTBhkfrvI="; 26 26 }; 27 27 28 28 patches = [

+3 -3

pkgs/servers/monitoring/prometheus/pgbouncer-exporter.nix

reviewed

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "pgbouncer-exporter"; 5 5 - version = "0.8.0"; 5 5 + version = "0.9.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "prometheus-community"; 9 9 repo = "pgbouncer_exporter"; 10 10 rev = "v${version}"; 11 11 - hash = "sha256-QnA9H4qedCPZKqJQ1I2OJO42mCWcWqYxLmeF3+JXzTw="; 11 11 + hash = "sha256-fKoyRHYLwVefsZ014eazVCD5B9eV8/CUkuHE4mbUqVo="; 12 12 }; 13 13 14 14 - vendorHash = "sha256-NYiVW+CNrxFrEUl1nsTeNNgy7SmTYgqs1d50rCvyBcw="; 14 14 + vendorHash = "sha256-IxmxfF9WsF0Hbym4G0UecyW8hAvucoaCFUE1kXUljJs="; 15 15 16 16 meta = with lib; { 17 17 description = "Prometheus exporter for PgBouncer";

+3 -3

pkgs/tools/networking/nebula/default.nix

reviewed

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "nebula"; 9 9 - version = "1.9.3"; 9 9 + version = "1.9.4"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "slackhq"; 13 13 repo = pname; 14 14 rev = "refs/tags/v${version}"; 15 15 - hash = "sha256-+RferzOPlx7UuqpckQBY/RDO9gptknhuan+Es0Vf/yM="; 15 15 + hash = "sha256-Y8BTbvdSJ+xlxHuy0TzQEGiymJzAqlHe3PiXAlUddPs="; 16 16 }; 17 17 18 18 - vendorHash = "sha256-4BnFvA0dxsEK7ictDUZ6nol6PtM54kk9dwKPTQbRUR0="; 18 18 + vendorHash = "sha256-oXhq+s5gDKPVClZpOzYi7BaYwcDqbCLBEO5BNGy9LJA="; 19 19 20 20 subPackages = [ "cmd/nebula" "cmd/nebula-cert" ]; 21 21

+11 -3

pkgs/tools/package-management/nix/default.nix

reviewed

··· 184 184 self_attribute_name = "nix_2_23"; 185 185 }; 186 186 187 187 - nix_2_24 = (common { 187 187 + nix_2_24 = ((common { 188 188 version = "2.24.5"; 189 189 hash = "sha256-mYvdPwl4gcc17UAomkbbOJEgxBQpowmJDrRMWtlYzFY="; 190 190 self_attribute_name = "nix_2_24"; ··· 197 197 # allocation function Clang uses with this setting actually works 198 198 # all the way back to 10.6. 199 199 stdenv = overrideSDK stdenv { darwinMinVersion = "10.13"; }; 200 200 + })).overrideAttrs (o: { 201 201 + meta.knownVulnerabilities = [ 202 202 + "Nix >= 2.24.0 and master have a vulnerability. Please downgrade from nix_2_24 to nix_2_23" 203 203 + ]; 200 204 }); 201 205 202 202 - git = (common rec { 206 206 + git = ((common rec { 203 207 version = "2.25.0"; 204 208 suffix = "pre20240807_${lib.substring 0 8 src.rev}"; 205 209 src = fetchFromGitHub { ··· 218 222 # allocation function Clang uses with this setting actually works 219 223 # all the way back to 10.6. 220 224 stdenv = overrideSDK stdenv { darwinMinVersion = "10.13"; }; 225 225 + })).overrideAttrs (o: { 226 226 + meta.knownVulnerabilities = [ 227 227 + "Nix >= 2.24.0 and master have a vulnerability. Please downgrade from nixVersions.git to nixVersions.nix_2_23" 228 228 + ]; 221 229 }); 222 230 223 223 - latest = self.nix_2_24; 231 231 + latest = self.nix_2_23; 224 232 225 233 # The minimum Nix version supported by Nixpkgs 226 234 # Note that some functionality *might* have been backported into this Nix version,

-2

pkgs/top-level/all-packages.nix

reviewed

··· 31190 31190 31191 31191 kubectl-explore = callPackage ../applications/networking/cluster/kubectl-explore { }; 31192 31192 31193 31193 - kubectl-gadget = callPackage ../applications/networking/cluster/kubectl-gadget { }; 31194 31194 - 31195 31193 kubectl-images = callPackage ../applications/networking/cluster/kubectl-images { }; 31196 31194 31197 31195 kubectl-klock = callPackage ../applications/networking/cluster/kubectl-klock { };