test: vaultwarden microVM

2025-12-08 05:49:25 -06:00 · 2025-11-07 13:36:30 -06:00 · 2025-11-07 13:36:30 -06:00 · 7ba592c0c5
commit 7ba592c0c5
parent e90d05f83d
43 changed files with 4005 additions and 267 deletions
--- a/example/microvm/virtiofsd/default.nix
+++ b/example/microvm/virtiofsd/default.nix
@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  virtiofsShares = builtins.filter ({ proto, ... }: proto == "virtiofs") config.microvm.shares;
+
+  requiresVirtiofsd = virtiofsShares != [ ];
+
+  inherit (pkgs.python3Packages) supervisor;
+  supervisord = lib.getExe' supervisor "supervisord";
+  supervisorctl = lib.getExe' supervisor "supervisorctl";
+in
+{
+  microvm.binScripts = lib.mkIf requiresVirtiofsd {
+    virtiofsd-run =
+      let
+        supervisordConfig = {
+          supervisord.nodaemon = true;
+
+          "eventlistener:notify" = {
+            command = pkgs.writers.writePython3 "supervisord-event-handler" { } (
+              pkgs.replaceVars ./supervisord-event-handler.py {
+                # 1 for the event handler process
+                virtiofsdCount = 1 + builtins.length virtiofsShares;
+              }
+            );
+            events = "PROCESS_STATE";
+          };
+        }
+        // builtins.listToAttrs (
+          map (
+            {
+              tag,
+              socket,
+              source,
+              readOnly,
+              ...
+            }:
+            {
+              name = "program:virtiofsd-${tag}";
+              value = {
+                stderr_syslog = true;
+                stdout_syslog = true;
+                autorestart = true;
+                command = pkgs.writeShellScript "virtiofsd-${tag}" ''
+                  if [ $(id -u) = 0 ]; then
+                    OPT_RLIMIT="--rlimit-nofile 1048576"
+                  else
+                    OPT_RLIMIT=""
+                  fi
+                  exec ${lib.getExe pkgs.virtiofsd} \
+                    --socket-path=${lib.escapeShellArg socket} \
+                    ${
+                      lib.optionalString (
+                        config.microvm.virtiofsd.group != null
+                      ) "--socket-group=${config.microvm.virtiofsd.group}"
+                    } \
+                    --shared-dir=${lib.escapeShellArg source} \
+                    $OPT_RLIMIT \
+                    --thread-pool-size ${toString config.microvm.virtiofsd.threadPoolSize} \
+                    --posix-acl --xattr \
+                    ${
+                      lib.optionalString (
+                        config.microvm.virtiofsd.inodeFileHandles != null
+                      ) "--inode-file-handles=${config.microvm.virtiofsd.inodeFileHandles}"
+                    } \
+                    ${lib.optionalString (config.microvm.hypervisor == "crosvm") "--tag=${tag}"} \
+                    ${lib.optionalString readOnly "--readonly"} \
+                    ${lib.concatStringsSep " " config.microvm.virtiofsd.extraArgs}
+                '';
+              };
+            }
+          ) virtiofsShares
+        );
+
+        supervisordConfigFile = pkgs.writeText "${config.networking.hostName}-virtiofsd-supervisord.conf" (
+          lib.generators.toINI { } supervisordConfig
+        );
+
+      in
+      ''
+        exec ${supervisord} --configuration ${supervisordConfigFile}
+      '';
+
+    virtiofsd-shutdown = ''
+      exec ${supervisorctl} stop
+    '';
+  };
+}