Hello
I used the declarative microvm approach to deploy a microvm on a host, so far so good.
I stopped the MicroVM. Removed it from the host's configuration. And deleted it's /var/lib/microvms directory. But the service for the microVM remains (VM name is "firewall") :
#systemctl status microvm@firewall.service
○ microvm@firewall.service - MicroVM 'firewall'
Loaded: loaded (/etc/systemd/system/microvm@.service; static)
Active: inactive (dead)
Condition: start condition unmet at Sat 2024-01-06 16:35:26 CET; 27min ago
└─ ConditionPathExists=/var/lib/microvms/firewall/current/bin/microvm-run was not met
Jan 06 16:35:26 jean systemd[1]: MicroVM 'firewall' was skipped because of an unmet condition check (ConditionPathExists=/var/lib/microvms/firewall/current/bin/microvm-run).
#find -L /etc/ -iname "*firewall*"
/etc/systemd/system/sysinit.target.wants/firewall.service
/etc/systemd/system/firewall.service
/etc/static/systemd/system/sysinit.target.wants/firewall.service
/etc/static/systemd/system/firewall.service
The service is skipped, but I'd like it to be absent. Did I mess up somewhere ?
The systemd files related to the setup of the TAP interfaces of the microvm disapeared correctly, as expected.
I uses Nixops to deploy the host, could it interfere in the removal of the service ?
My flake.nix with microvm present:
{
description = "A basic flake with a shell";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
inputs.microvm.url = "github:astro/microvm.nix";
inputs.microvm.inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs = { self, nixpkgs, flake-utils, microvm, ... }: {
nixopsConfigurations.default = {
inherit nixpkgs;
network.description = "Infra";
network.storage.legacy = {};
### Machines ###
jean = { pkgs, ... }@args: {
deployment.targetHost = "X.X.X.X";
deployment.targetEnv = "none";
deployment.provisionSSHKey = false;
imports = [
microvm.nixosModules.host
./microvm/firewall-host.nix # <- I removed this when I remove the microvm
./jean/configuration.nix
./jean/hardware-configuration.nix
];
};
};
};
}
microvm/firewall-host.nix :
config, lib, pkgs, ... }:
{
microvm.autostart = [ "firewall" ];
}
jean/configuration.nix:
{ config, lib, modulesPath, pkgs, specialArgs, options, microvm, ... }:
{
...
# I removed this microvm.vms block when I removed the microvm
microvm.vms = {
firewall = import ../microvm/firewall-config.nix { inherit microvm;};
};
...
microvm/firewall-config.nix :
{ microvm, ... }: {
config = {
networking.hostName = "firewall";
users.users.root.password = "";
microvm = {
mem = 512;
shares = [ {
proto = "9p";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
} ];
volumes = [ {
mountPoint = "/var";
image = "var.img";
size = 256;
} ];
interfaces = [
{ id = "vm-wan-firewall"; type = "tap"; mac = "02:00:00:b7:12:64"; }
{ id = "vm-lan-firewall"; type = "tap"; mac = "02:00:00:0c:40:fe"; }
];
hypervisor = "qemu";
socket = "control.socket";
};
...
system.stateVersion = "23.11"; # Did you read the comment?
};
Hello
I used the declarative microvm approach to deploy a microvm on a host, so far so good.
I stopped the MicroVM. Removed it from the host's configuration. And deleted it's /var/lib/microvms directory. But the service for the microVM remains (VM name is "firewall") :
The service is skipped, but I'd like it to be absent. Did I mess up somewhere ?
The systemd files related to the setup of the TAP interfaces of the microvm disapeared correctly, as expected.
I uses Nixops to deploy the host, could it interfere in the removal of the service ?
My flake.nix with microvm present:
microvm/firewall-host.nix :
jean/configuration.nix:
microvm/firewall-config.nix :