search

astro / microvm.nix

NixOS MicroVMs
https://astro.github.io/microvm.nix/
MIT License
1.44k stars 103 forks source link

Leftover systemd VM service after removal from host configuration #181

Closed groulot closed 10 months ago

groulot commented 10 months ago

Hello

I used the declarative microvm approach to deploy a microvm on a host, so far so good. I stopped the MicroVM. Removed it from the host's configuration. And deleted it's /var/lib/microvms directory. But the service for the microVM remains (VM name is "firewall") :

#systemctl status microvm@firewall.service
○ microvm@firewall.service - MicroVM 'firewall'
     Loaded: loaded (/etc/systemd/system/microvm@.service; static)
     Active: inactive (dead)
  Condition: start condition unmet at Sat 2024-01-06 16:35:26 CET; 27min ago
             └─ ConditionPathExists=/var/lib/microvms/firewall/current/bin/microvm-run was not met

Jan 06 16:35:26 jean systemd[1]: MicroVM 'firewall' was skipped because of an unmet condition check (ConditionPathExists=/var/lib/microvms/firewall/current/bin/microvm-run).

#find -L /etc/ -iname "*firewall*"
/etc/systemd/system/sysinit.target.wants/firewall.service
/etc/systemd/system/firewall.service
/etc/static/systemd/system/sysinit.target.wants/firewall.service
/etc/static/systemd/system/firewall.service

The service is skipped, but I'd like it to be absent. Did I mess up somewhere ? The systemd files related to the setup of the TAP interfaces of the microvm disapeared correctly, as expected.

I uses Nixops to deploy the host, could it interfere in the removal of the service ?

My flake.nix with microvm present:

{
  description = "A basic flake with a shell";

  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
  inputs.microvm.url = "github:astro/microvm.nix";
  inputs.microvm.inputs.nixpkgs.follows = "nixpkgs";
  inputs.flake-utils.url = "github:numtide/flake-utils";

  outputs = { self, nixpkgs, flake-utils, microvm, ... }: {

    nixopsConfigurations.default = {
      inherit nixpkgs; 

      network.description = "Infra";
      network.storage.legacy = {};

      ### Machines ###
      jean = { pkgs, ... }@args: {
        deployment.targetHost = "X.X.X.X";
        deployment.targetEnv = "none";
        deployment.provisionSSHKey = false;

        imports = [ 
          microvm.nixosModules.host
          ./microvm/firewall-host.nix        # <- I removed this when I remove the microvm
          ./jean/configuration.nix
          ./jean/hardware-configuration.nix
        ];
      };
    };
  };
}

microvm/firewall-host.nix :

 config, lib, pkgs, ... }:
{
  microvm.autostart = [ "firewall" ];
}

jean/configuration.nix:

{ config, lib, modulesPath, pkgs, specialArgs, options, microvm, ... }:

{
...

  # I removed this microvm.vms block  when I removed the microvm
  microvm.vms = {
    firewall = import ../microvm/firewall-config.nix { inherit microvm;};
  };
...

microvm/firewall-config.nix : 

{ microvm, ... }: {

  config = {
    networking.hostName = "firewall";
    users.users.root.password = "";
    microvm = {
      mem = 512;
      shares = [ {
        proto = "9p";
        tag = "ro-store";
        source = "/nix/store";
        mountPoint = "/nix/.ro-store";
      } ];
      volumes = [ {
        mountPoint = "/var";
        image = "var.img";
        size = 256;
      } ];
      interfaces = [
        { id = "vm-wan-firewall"; type = "tap"; mac = "02:00:00:b7:12:64"; }
        { id = "vm-lan-firewall"; type = "tap"; mac = "02:00:00:0c:40:fe"; }
      ];
      hypervisor = "qemu";
      socket = "control.socket";
    };
    ...
    system.stateVersion = "23.11"; # Did you read the comment?
  };
astro commented 10 months ago

For microvm@.service et al to go away, remove the microvm.nixosModules.microvm module from your host. Indicated by the trailing @, this service is a template which means that microvm@firewall.service does not exist in a concrete file.