bundles/vmhost: prepare for arch linux

2022-03-11 13:58:38 +01:00 · 2022-03-11 13:58:38 +01:00 · 757f1cb3cd
parent 29f7aef27a
commit 757f1cb3cd
3 changed files with 30 additions and 3 deletions
--- a/bundles/vmhost/items.py
+++ b/bundles/vmhost/items.py
@ -4,10 +4,10 @@ files = {
    },
 }

-if node.has_bundle('nftables'):
+if node.has_bundle('nftables') and node.has_bundle('apt'):
    # libvirt on debian depends on either iptables or firewalld. Since
    # we're managing firewall rules using bundlewrap, we don't want either
-    # of thos to interfere. So we install firewalld, then ensure it is
+    # of those to interfere. So we install firewalld, then ensure it is
    # never running. After that, we ensure the bundlewrap managed rules
    # are active.
    svc_systemd['firewalld'] = {
@ -24,3 +24,9 @@ if node.has_bundle('nftables'):
            'svc_systemd:nftables:reload',
        },
    }
+
+if node.has_bundle('pacman'):
+    svc_systemd['libvirtd'] = {}
+    svc_systemd['virtlogd'] = {
+        'enabled': None, # triggered via .socket
+    }
--- a/bundles/vmhost/metadata.py
+++ b/bundles/vmhost/metadata.py
@ -21,6 +21,12 @@ defaults = {
            },
        },
    },
+    'pacman': {
+        'packages': {
+            'libvirt': {},
+            'qemu-headless': {},
+        },
+    },
 }

 if node.os == 'debian' and node.os_version[0] < 11:
@ -36,6 +42,9 @@ if node.has_bundle('nftables'):
        },
    }

+if node.has_bundle('arch-with-gui'):
+    defaults['pacman']['packages']['virt-manager'] = {}
+

@metadata_reactor.provides(
    'users',
--- a/nodes/kunsi-p14s.py
+++ b/nodes/kunsi-p14s.py
@ -8,6 +8,7 @@ nodes['kunsi-p14s'] = {
        'nfs-client',
        'systemd-boot',
        'telegraf-battery-usage',
+        'vmhost',
        'zfs',
    },
    'groups': {
@ -92,7 +93,6 @@ nodes['kunsi-p14s'] = {
                'mosquitto': {},
                'perl-musicbrainz-discid': {}, # for abcde
                'perl-webservice-musicbrainz': {}, # for abcde
-                'virt-manager': {},
                'xf86-input-wacom': {},
            },
        },
@ -149,10 +149,22 @@ nodes['kunsi-p14s'] = {
                # this is not a complete list, but we can't create that
                # structure using bundlewrap anyway, so there's no point
                # in adding it here.
+                'zroot': {
+                    'compression': 'lz4',
+                    'relatime': 'on',
+                    'xattr': 'sa',
+                    # encryption is enabled, too.
+                },
                'zroot/system/journal': {
                    'mountpoint': '/var/log/journal',
                    'acltype': 'posix',
                },
+                'zroot/system/libvirt': {
+                    'mountpoint': '/var/lib/libvirt',
+                    'needed_by': {
+                        'bundle:vmhost',
+                    },
+                },
                'zroot/system/root': {
                    'canmount': 'noauto',
                    'mountpoint': '/',