cab404
commented
4 years ago Did you use configuration module and virtualization.appvm.enable?
If so, I would like to see your config.
Closed msm-code closed 3 years ago
cab404
commented
4 years ago Did you use configuration module and virtualization.appvm.enable?
If so, I would like to see your config.
msm-code
commented
4 years ago Sure,
this is the complete config (tiny changes marked with [edited out]):
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
/home/msm/opt/appvm/nixos
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
version = 2;
efiSupport = true;
enableCryptodisk = true;
device = "nodev";
};
boot.initrd.luks.devices = {
crypted = {
device = "/dev/disk/by-uuid/[edited out]";
preLVM = true;
};
};
virtualisation.appvm = {
enable = true;
user = "msm";
};
security.sudo.extraConfig = ''
%wheel ALL=(ALL:ALL) NOPASSWD: SETENV: ALL
'';
networking.hostName = "nixos"; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.[edited out].useDHCP = true;
programs.fish.enable = true;
networking.networkmanager.enable = true;
environment.systemPackages = with pkgs; [
vim
];
services.xserver.enable = true;
services.xserver.layout = "[edited out]";
services.xserver.desktopManager = {
xterm.enable = false;
};
services.xserver.displayManager = {
defaultSession = "none+i3";
};
services.xserver.windowManager.i3 = {
enable = true;
extraPackages = with pkgs; [
dmenu
tmux
i3status
i3lock
i3blocks
st
];
};
users.users.msm = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
};
system.stateVersion = "20.03";
}I'll try to debug this problem a bit more, if I find anything (or discover a solution) I'll share in this thread (edit: no luck so far).
msm-code
commented
4 years ago FWIW I've solved it temporarily by patching appvm.go from:
c, err := net.DialTimeout(
"unix",
"/var/run/libvirt/libvirt-sock",
time.Second,
)to:
c, err := net.DialTimeout(
"tcp",
"127.0.0.1:16509",
time.Second,
)And starting appropriate systemd service (libvirtd-tcp.socket). This is a temporary hack, but this clearly shows that the problem is with the polkit's socket authentication. I'm not experienced enough with polkit to understand why it doesn't work yet (it definitely should work, but here I am. There are no logs, even with my custom polkit logging rules, as if libvirt didn't even try to check permissions - but this is just my uninformed guess).
Hopefully I'll try to debug it and post a proper fix later, for today I'll leave this to others and maybe to simplify debugging later.
cab404
commented
4 years ago Just a sanity check — did you relogin after nixos-rebuild?
msm-code
commented
4 years ago Yes, I even tried a reboot just to be sure (it never actually helped me on nixos so far, but old habits die hard).
I did a fresh install of nixos today, and I'm currently a bit out of ideas. I followed the installation procedure without problems, but later:
results in:
The error is thrown at that line:
https://github.com/jollheef/appvm/blob/d9c651987bfcd65f89d762b5587cdc4f933b725a/appvm.go#L507
I've tried to tweak libvirt and polkit configuration, but to no avail (usual advice on the internet is to change unix_sock_group, but it doesn't help here. Nixos uses polkit auth by default, but polkit should allow my user too. My user is a member of libvirtd as it should). Does anyone know why (apparently) appvm can't read libvirt's socket?
I can run
virsh -c qemu:///system listas my user and it works correctly.When I use sudo:
It has no permission problems and almost works correctly, except it has a different error (
trace: Duplicate uid 0). I could probably work around it, but I suppose sudo is not the solution to everything and I prefer to find the underlying problem.