I'm disappointed that it doesn't work. :(
When it's fixed, it can replace this module.
squashfs for the VM's /nix/store that contains only the VM's dependencies
(like the installer has) rather than a virtio mount of the host's entire
/nix/store.
squashfs for the VM's /nix/store that contains only the VM's dependencies
(like the installer has) rather than a virtio mount of the host's entire
/nix/store.
+
+**Update:** `virtualisation.useNixStoreImage` exists now! But it doesn't
+work! :( See the note in `checks/mount-grep.nix`
name = "qemu-private-store-mount-grep";
nodes = {
shared = _: { };
private = _: { imports = [ ../modules/qemu-vm-isolation.nix ]; };
name = "qemu-private-store-mount-grep";
nodes = {
shared = _: { };
private = _: { imports = [ ../modules/qemu-vm-isolation.nix ]; };
+ useNixStoreImage = {
+ virtualisation = {
+ sharedDirectories = lib.mkForce { };
+ useNixStoreImage = true;
+ };
+ };
};
testScript = ''
start_all()
shared.wait_for_unit("multi-user.target")
private.wait_for_unit("multi-user.target")
};
testScript = ''
start_all()
shared.wait_for_unit("multi-user.target")
private.wait_for_unit("multi-user.target")
+ useNixStoreImage.wait_for_unit("multi-user.target")
shared.succeed("[[ $(mount | grep -c virt) -gt 0 ]]")
private.succeed("[[ $(mount | grep -c virt) -eq 0 ]]")
shared.succeed("[[ $(mount | grep -c virt) -gt 0 ]]")
private.succeed("[[ $(mount | grep -c virt) -eq 0 ]]")
+ useNixStoreImage.succeed("[[ $(mount | grep -c virt) -eq 0 ]]")
shared.succeed("[[ -e ${pkgs.pv} ]]")
private.fail("[[ -e ${pkgs.pv} ]]")
shared.succeed("[[ -e ${pkgs.pv} ]]")
private.fail("[[ -e ${pkgs.pv} ]]")
+
+ # useNixStoreImage isn't ready until this works:
+ # useNixStoreImage.fail("[[ -e ${pkgs.pv} ]]")
projects / nixos-qemu-vm-isolation / commitdiff