nixos-modules: move tap/macvtap-up/down from host to microvm

Author: astro

lib/runner.nix

@@ -6,7 +6,7 @@
 let
   inherit (pkgs) lib;
 
-  inherit (microvmConfig) virtiofsdScripts;
+  inherit (microvmConfig) virtiofsdScripts tapScripts macvtapScripts;
 
   inherit (import ./. { inherit lib; }) createVolumesScript makeMacvtap;
   inherit (makeMacvtap {
@@ -58,6 +58,7 @@ pkgs.buildPackages.runCommand "microvm-${microvmConfig.hypervisor}-${microvmConf
   passthru = {
     inherit canShutdown supportsNotifySocket tapMultiQueue;
     inherit (microvmConfig) hypervisor;
+    inherit (hypervisorConfig) tapMultiQueue;
   };
 } ''
   mkdir -p $out/bin
@@ -79,6 +80,18 @@ pkgs.buildPackages.runCommand "microvm-${microvmConfig.hypervisor}-${microvmConf
   ${lib.optionalString (virtiofsdScripts.shutdown != null) ''
     ln -s ${lib.getExe virtiofsdScripts.shutdown} $out/bin/virtiofsd-shutdown
   ''}
+  ${lib.optionalString (tapScripts.up != null) ''
+    ln -s ${lib.getExe tapScripts.up} $out/bin/tap-up
+  ''}
+  ${lib.optionalString (tapScripts.down != null) ''
+    ln -s ${lib.getExe tapScripts.down} $out/bin/tap-down
+  ''}
+  ${lib.optionalString (macvtapScripts.up != null) ''
+    ln -s ${lib.getExe macvtapScripts.up} $out/bin/macvtap-up
+  ''}
+  ${lib.optionalString (macvtapScripts.down != null) ''
+    ln -s ${lib.getExe macvtapScripts.down} $out/bin/macvtap-down
+  ''}
 
   mkdir -p $out/share/microvm
   ln -s ${toplevel} $out/share/microvm/system

nixos-modules/host/default.nix

@@ -130,82 +130,30 @@ in
         description = "Setup MicroVM '%i' TAP interfaces";
         before = [ "microvm@%i.service" ];
         partOf = [ "microvm@%i.service" ];
-        unitConfig.ConditionPathExists = "${stateDir}/%i/current/share/microvm/tap-interfaces";
+        unitConfig.ConditionPathExists = "${stateDir}/%i/current/bin/tap-up";
         restartIfChanged = false;
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
-          ExecStop =
-            let
-              stopScript = pkgs.writeShellScript "stop-microvm-tap-interfaces" ''
-                cd ${stateDir}/$1
-                for id in $(cat current/share/microvm/tap-interfaces); do
-                  ${pkgs.iproute2}/bin/ip tuntap del name $id mode tap
-                done
-              '';
-            in "${stopScript} %i";
           SyslogIdentifier = "microvm-tap-interfaces@%i";
+          ExecStart = "${stateDir}/%i/current/bin/tap-up";
+          ExecStop = "${stateDir}/%i/booted/bin/tap-down";
         };
-        # `ExecStart`
-        scriptArgs = "%i";
-        script = ''
-          cd ${stateDir}/$1
-          TAP_FLAGS="$(cat current/share/microvm/tap-flags)"
-
-          for id in $(cat current/share/microvm/tap-interfaces); do
-            if [ -e /sys/class/net/$id ]; then
-              ${pkgs.iproute2}/bin/ip tuntap del name $id mode tap $TAP_FLAGS
-            fi
-
-            ${pkgs.iproute2}/bin/ip tuntap add name $id mode tap user ${user} $TAP_FLAGS
-            ${config.microvm.host.tapScript}
-          done
-        '';
       };
 
       "microvm-macvtap-interfaces@" = {
         description = "Setup MicroVM '%i' MACVTAP interfaces";
         before = [ "microvm@%i.service" ];
         partOf = [ "microvm@%i.service" ];
-        unitConfig.ConditionPathExists = "${stateDir}/%i/current/share/microvm/macvtap-interfaces";
+        unitConfig.ConditionPathExists = "${stateDir}/%i/current/bin/macvtap-up";
         restartIfChanged = false;
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
-          ExecStop =
-            let
-              stopScript = pkgs.writeShellScript "stop-microvm-tap-interfaces" ''
-                cd ${stateDir}/$1
-                cat current/share/microvm/macvtap-interfaces | while read -r line;do
-                  opts=( $line )
-                  id="''${opts[0]}"
-                  ${pkgs.iproute2}/bin/ip link del name $id
-                done
-              '';
-            in "${stopScript} %i";
           SyslogIdentifier = "microvm-macvtap-interfaces@%i";
+          ExecStart = "${stateDir}/%i/current/bin/macvtap-up";
+          ExecStop = "${stateDir}/%i/booted/bin/macvtap-down";
         };
-        # `ExecStart`
-        scriptArgs = "%i";
-        script = ''
-          cd ${stateDir}/$1
-          i=0
-          cat current/share/microvm/macvtap-interfaces | while read -r line;do
-            opts=( $line )
-            id="''${opts[0]}"
-            mac="''${opts[1]}"
-            link="''${opts[2]}"
-            mode="''${opts[3]:+" mode ''${opts[3]}"}"
-            if [ -e /sys/class/net/$id ]; then
-              ${pkgs.iproute2}/bin/ip link del name $id
-            fi
-            ${pkgs.iproute2}/bin/ip link add link $link name $id address $mac type macvtap ''${mode[@]}
-            ${pkgs.iproute2}/bin/ip link set $id allmulticast on
-            echo 1 > /proc/sys/net/ipv6/conf/$id/disable_ipv6
-            ${pkgs.iproute2}/bin/ip link set $id up
-            ${pkgs.coreutils-full}/bin/chown ${user}:${group} /dev/tap$(< /sys/class/net/$id/ifindex)
-          done
-        '';
       };
 
 

nixos-modules/microvm/default.nix

@@ -15,6 +15,7 @@ in
     ./asserts.nix
     ./system.nix
     ./mounts.nix
+    ./interfaces.nix
     ./virtiofsd
     ./graphics.nix
     ./optimization.nix

nixos-modules/microvm/interfaces.nix

@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (config.networking) hostName;
+
+  interfacesByType = wantedType:
+    builtins.filter ({ type, ... }: type == wantedType)
+      config.microvm.interfaces;
+
+  tapInterfaces = interfacesByType "tap";
+  macvtapInterfaces = interfacesByType "macvtap";
+
+  tapFlags = lib.concatStringsSep " " (
+    [ "vnet_hdr" ] ++
+    lib.optional config.microvm.declaredRunner.passthru.tapMultiQueue "multi_queue"
+  );
+
+  # TODO: don't hardcode but obtain from host config
+  user = "microvm";
+  group = "kvm";
+in
+{
+  microvm.tapScripts = lib.mkIf (tapInterfaces != []) {
+    up = pkgs.writeShellScriptBin "microvm-${hostName}-tap-up" (''
+      set -eou pipefail
+    '' + lib.concatMapStrings ({ id, mac, ... }: ''
+      if [ -e /sys/class/net/${id} ]; then
+        ${pkgs.iproute2}/bin/ip tuntap del name '${id}' mode tap ${tapFlags}
+      fi
+
+      ${pkgs.iproute2}/bin/ip tuntap add name '${id}' mode tap user '${user}' ${tapFlags}
+    '') tapInterfaces);
+
+    down = pkgs.writeShellScriptBin "microvm-${hostName}-tap-down" (''
+      set -ou pipefail
+    '' + lib.concatMapStrings ({ id, mac, ... }: ''
+      ${pkgs.iproute2}/bin/ip tuntap del name '${id}' mode tap ${tapFlags}
+    '') tapInterfaces);
+  };
+
+  microvm.macvtapScripts = lib.mkIf (macvtapInterfaces != []) {
+    up = pkgs.writeShellScriptBin "microvm-${hostName}-macvtap-up" (''
+      set -eou pipefail
+    '' + lib.concatMapStrings ({ id, mac, macvtap, ... }: ''
+      if [ -e /sys/class/net/${id} ]; then
+        ${pkgs.iproute2}/bin/ip link del name '${id}'
+      fi
+      ${pkgs.iproute2}/bin/ip link add link '${macvtap.link}' name '${id}' address '${mac}' type macvtap '${macvtap.mode}'
+      ${pkgs.iproute2}/bin/ip link set '${id}' allmulticast on
+      echo 1 > "/proc/sys/net/ipv6/conf/${id}/disable_ipv6"
+      ${pkgs.iproute2}/bin/ip link set '${id}' up
+      ${pkgs.coreutils-full}/bin/chown '${user}:${group}' /dev/tap$(< "/sys/class/net/${id}/ifindex")
+    '') macvtapInterfaces);
+
+    down = pkgs.writeShellScriptBin "microvm-${hostName}-macvtap-down" (''
+      set -ou pipefail
+    '' + lib.concatMapStrings ({ id, mac, ... }: ''
+      ${pkgs.iproute2}/bin/ip link del name '${id}'
+    '') macvtapInterfaces);
+  };
+}

nixos-modules/microvm/options.nix

@@ -6,6 +6,19 @@ let
 
   hostName = config.networking.hostName or "$HOSTNAME";
 
+  interfaceScriptOptions = type: with lib; {
+    up = mkOption {
+      description = "Generated script to create ${type} interfaces";
+      type = with types; nullOr package;
+      default = null;
+    };
+    down = mkOption {
+      description = "Generated script to delete ${type} interfaces";
+      type = with types; nullOr package;
+      default = null;
+    };
+  };
+
 in
 {
   options.microvm = with lib; {
@@ -516,6 +529,7 @@ in
       defaultText = literalExpression ''"config.microvm.runner.''${config.microvm.hypervisor}"'';
     };
 
+    # TODO: just scripts
     virtiofsdScripts = {
       run = mkOption {
         description = "Generated script to run required virtiofsd instances";
@@ -535,6 +549,9 @@ in
         default = null;
       };
     };
+
+    tapScripts = interfaceScriptOptions "tap";
+    macvtapScripts = interfaceScriptOptions "macvtap";
   };
 
   config = lib.mkMerge [ {