Adds support xen domU lightweight containers #33922
Conversation
When runnign nixOS in a xen setup without it's own kernel (the kernel and initrd are provided by the host) we need to use init-scripts (/sbin/init) instead of grub and have no kernel. This adds support to run nixOS on DomainFactorys (df.eu) JiffyBoxs with the "PV-Kernel".
|
btw. we also have a section in our wiki on how to install nixos on different providers: https://nixos.wiki/wiki/NixOS_friendly_hosters |
| # When being booted in as a xen domU | ||
| # with a provided kernel and initrd, | ||
| # we need the /sbin/init script. | ||
| default = config.boot.usePvKernel; |
There was a problem hiding this comment.
Every user with PV Kernel would now have to regenerate the manual when you override the default option.
I would rather override this in a module or profile using mkOverride.
We also have nixos/modules/virtualisation/xen-domU.nix file, how is this related to your property?
There was a problem hiding this comment.
I did this here because the same was done for grub and isContainer in
https://github.com/angerman/nixpkgs/blob/608eaeaeab10593a3f661e9e1012286febbaeb45/nixos/modules/system/boot/loader/grub/grub.nix#L92-L98
The xen-domU.nix sets up a xen guest, but expects it to have a boot loader. The situation I am in is in between what xen-domU offers and what the isContainer flags does. However the isContainer flag expects to be a container on a nixOS host.
There was a problem hiding this comment.
isContainer probably was also not the best design decision, because it clutters every module.
There was a problem hiding this comment.
I’ll need some guidance here. How do I set initScripts.enabled to true if usePvKernel is set to true? Unless the user configured usePvKernel = true; initScripts.enabled = false;
usePvKernel basically implies that initScripts are used as the kernels initrd will very likely expect to find /sbin/init as the standard common entry point for the guest.
There was a problem hiding this comment.
The key being that nixOS has no control over the kernel or initrd; and the host has no idea about the system and as such treats it as a generic linux.
There was a problem hiding this comment.
I opened that issue here to discuss the problem: #33940
There was a problem hiding this comment.
We would need for each module where isContainer is set a local option to disable this aspect and then set the same option in your pv-kernel module or in a generic container profile. In the linked issue, where I propose a kernel-less module.
There was a problem hiding this comment.
That seems to open up another whole can worms. This feels a bit outside of this PR.
Right. domainfactory is not listed. And I'm not sure I would advise to use domainfactory with nixOS right now. With the missing PV Kernel support, and their only active Xen and PV kernel offerings for their JiffyBox's it's more of a challenge to get NixOS working. I just happen to have a JiffyBox already, otherwise I would likely have chosen digital ocean or similar. That is not to say, that the PV Kernel support make exclusive sense for domainfactory only. It's basically what any hoster running xen without a bootloader would require. |
|
What's the status of this? As we are tracking the "optimization" in #33940, can we in the meantime accept and merge this? |
|
#33940 (comment) looks easy to implement to me. |
|
I've sine stopped using that host. |
When runnign nixOS in a xen setup without it's own
kernel (the kernel and initrd are provided by the host)
we need to use init-scripts (/sbin/init) instead of grub
and have no kernel.
Motivation for this change
This adds support to run nixOS on DomainFactorys
(df.eu) JiffyBoxs with the "PV-Kernel". It should also
allow to run nixOS on similar setups xen guest setups
where the host provides the kernel.
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)