refactor: address code review feedback

luizribeiro · luizribeiro · commit 571fd390cbb7 · 2025-11-09T22:24:32.000-05:00
This commit addresses PR review comments from @SuperSandro2000: - Changed kernelCmdLine to use a list with concatStringsSep instead of toString - Simplified deviceArgs list formatting (removed redundant ++ operators) - Simplified share protocol error handling (combined 9p and unknown cases) - Simplified network interface error handling (combined tap/macvtap and unknown cases) - Changed vfkit binary path to use lib.getExe - Refactored rosetta args to use list with concatStringsSep instead of string concatenation - Added Rosetta NixOS module that automatically handles mounting and binfmt configuration - Added mountPoint option for configurable Rosetta mount location (defaults to /run/rosetta) - Updated documentation to reflect automatic module configuration - Improved Rosetta documentation with concrete usage example using pkgsCross.gnu64 - Simplified flake.nix to use lib.optional, replaceString, and map instead of if/then/else, replaceStrings, and builtins.map
diff --git a/doc/src/vfkit-rosetta.md b/doc/src/vfkit-rosetta.md
@@ -21,55 +21,52 @@ Enable Rosetta in your MicroVM configuration:
       enable = true;
       # Optional: install Rosetta automatically if missing
       install = true;
+      # Optional: customize mount point (defaults to /run/rosetta)
+      mountPoint = "/run/rosetta";
     };
   };
 }
 ```
 
-## Guest Setup
+The NixOS module automatically handles mounting the Rosetta virtiofs share and configuring binfmt to use Rosetta for x86_64 binaries. No additional guest configuration is required.
 
-After enabling Rosetta, you need to mount the share and configure binfmt in your guest:
+## Usage
 
-```nix
-{
-  # Mount the Rosetta share
-  fileSystems."/mnt/rosetta" = {
-    device = "rosetta";
-    fsType = "virtiofs";
-  };
+Once configured, you can run any x86_64 binary in your ARM64 VM. To verify Rosetta is working:
 
-  # Configure binfmt to use Rosetta for x86_64 binaries
-  boot.binfmt.registrations.rosetta = {
-    interpreter = "/mnt/rosetta/rosetta";
-    magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
-    mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
-  };
-}
+```nix
+# Add an x86_64 package to your configuration
+environment.systemPackages = with pkgs; [
+  file  # to verify binary architecture
+  (pkgsCross.gnu64.hello)  # x86_64 version of hello
+];
 ```
 
-## Testing
-
-Once configured, you can verify Rosetta is working:
+Then in the VM:
 
 ```bash
-# Inside the VM
+# Verify you're running on ARM64
 uname -m
-# Should show: aarch64
+# Output: aarch64
 
-# Try running an x86_64 binary (if you have one)
-file /path/to/x86_64/binary
-# Should show: ELF 64-bit LSB executable, x86-64
+# Check the binary architecture
+file $(which hello)
+# Output: ELF 64-bit LSB executable, x86-64, ...
 
-/path/to/x86_64/binary
-# Should run successfully via Rosetta
+# Run the x86_64 binary via Rosetta
+hello
+# Output: Hello, world!
 ```
 
+You can use `pkgsCross.gnu64.<package>` to cross-compile any package from nixpkgs to x86_64 and run it via Rosetta.
+
 ## Options Reference
 
 | Option | Type | Default | Description |
 |--------|------|---------|-------------|
 | `microvm.vfkit.rosetta.enable` | bool | `false` | Enable Rosetta support |
 | `microvm.vfkit.rosetta.mountTag` | string | `"rosetta"` | Mount tag for the virtiofs share |
+| `microvm.vfkit.rosetta.mountPoint` | string | `"/run/rosetta"` | Directory where Rosetta will be mounted in the guest |
 | `microvm.vfkit.rosetta.install` | bool | `false` | Auto-install Rosetta if missing |
 | `microvm.vfkit.rosetta.ignoreIfMissing` | bool | `false` | Continue if Rosetta unavailable |
 
diff --git a/flake.nix b/flake.nix
@@ -110,18 +110,17 @@
             nixpkgs.lib.concatMap (configName:
               let
                 config = self.nixosConfigurations.${configName};
-                packageName = builtins.replaceStrings [ "${system}-" ] [ "" ] configName;
+                packageName = nixpkgs.lib.replaceString "${system}-" "" configName;
                 # Check if this config's guest system matches our current build system
                 # (accounting for darwin hosts building linux guests)
                 guestSystem = config.pkgs.stdenv.hostPlatform.system;
                 buildSystem = nixpkgs.lib.replaceString "-darwin" "-linux" system;
               in
-              if guestSystem == buildSystem
-              then [{
+              nixpkgs.lib.optional (guestSystem == buildSystem)
+              {
                 name = packageName;
                 value = config.config.microvm.runner.${config.config.microvm.hypervisor};
-              }]
-              else []
+              }
             ) (builtins.attrNames self.nixosConfigurations)
           );
 
@@ -157,6 +156,8 @@
 
         nixosConfigurations =
           let
+            inherit (nixpkgs.lib) map;
+
             hypervisorsWith9p = [
               "qemu"
               # currently broken:
@@ -238,8 +239,8 @@
               };
 
             basicExamples = nixpkgs.lib.flatten (
-              builtins.map (system:
-                builtins.map (hypervisor: {
+              map (system:
+                map (hypervisor: {
                   name = "${system}-${hypervisor}-example";
                   value = makeExample { inherit system hypervisor; };
                   shouldInclude = hypervisorSupportsSystem hypervisor system;
@@ -248,7 +249,7 @@
             );
 
             tapExamples = nixpkgs.lib.flatten (
-              builtins.map (system:
+              map (system:
                 nixpkgs.lib.imap1 (idx: hypervisor: {
                   name = "${system}-${hypervisor}-example-with-tap";
                   value = makeExample {
diff --git a/lib/runners/vfkit.nix b/lib/runners/vfkit.nix
@@ -15,7 +15,7 @@ let
   inherit (microvmConfig)
     hostName vcpu mem user interfaces volumes shares socket
     storeOnDisk kernel initrdPath storeDisk kernelParams
-    devices credentialFiles vsock graphics;
+    balloon devices credentialFiles vsock graphics;
 
   inherit (microvmConfig.vfkit) extraArgs logLevel rosetta;
 
@@ -25,63 +25,57 @@ let
   kernelPath = "${kernel.out}/${pkgs.stdenv.hostPlatform.linux-kernel.target}";
 
   kernelConsole = if graphics.enable then "tty0" else "hvc0";
-  kernelCmdLine = "console=${kernelConsole} reboot=t panic=-1 ${toString kernelParams}";
+
+  kernelCmdLine = [ "console=${kernelConsole}" "reboot=t" "panic=-1" ] ++ kernelParams;
 
   bootloaderArgs = [
     "--bootloader"
-    "linux,kernel=${kernelPath},initrd=${initrdPath},cmdline=\"${kernelCmdLine}\""
+    "linux,kernel=${kernelPath},initrd=${initrdPath},cmdline=\"${builtins.concatStringsSep " " kernelCmdLine}\""
   ];
 
   deviceArgs =
-    [ "--device" "virtio-rng" ]
-    ++
-    (if graphics.enable then [
+    [
+      "--device" "virtio-rng"
+    ]
+    ++ (if graphics.enable then [
       "--device" "virtio-gpu"
       "--device" "virtio-input,keyboard"
       "--device" "virtio-input,pointing"
     ] else [
       "--device" "virtio-serial,stdio"
     ])
-    ++
-    (builtins.concatMap ({ image, ... }: [
+    ++ (builtins.concatMap ({ image, ... }: [
       "--device" "virtio-blk,path=${image}"
     ]) volumesWithLetters)
-    ++
-    (builtins.concatMap ({ proto, source, tag, ... }:
+    ++ (builtins.concatMap ({ proto, source, tag, ... }:
       if proto == "virtiofs" then [
         "--device" "virtio-fs,sharedDir=${source},mountTag=${tag}"
       ]
-      else if proto == "9p" then
-        throw "vfkit does not support 9p shares on macOS. Use proto = \"virtiofs\" instead."
       else
-        throw "Unknown share protocol: ${proto}"
+        throw "vfkit does not support ${proto} share. Use proto = \"virtiofs\" instead."
     ) shares)
-    ++
-    (builtins.concatMap ({ type, id, mac, ... }:
+    ++ (builtins.concatMap ({ type, id, mac, ... }:
       if type == "user" then [
         "--device" "virtio-net,nat,mac=${mac}"
       ]
-      else if type == "tap" then
-        throw "vfkit does not support tap networking on macOS. Use type = \"user\" for NAT networking."
       else if type == "bridge" then
         throw "vfkit bridge networking requires vmnet-helper which is not yet implemented. Use type = \"user\" for NAT networking."
-      else if type == "macvtap" then
-        throw "vfkit does not support macvtap networking on macOS. Use type = \"user\" for NAT networking."
       else
-        throw "Unknown network interface type: ${type}"
+        throw "vfkit does not support ${type} networking on macOS. Use type = \"user\" for NAT networking."
     ) interfaces)
-    ++
-    lib.optionals rosetta.enable (
+    ++ lib.optionals rosetta.enable (
       let
-        rosettaArgs = "rosetta,mountTag=${rosetta.mountTag}"
-          + lib.optionalString rosetta.install ",install"
-          + lib.optionalString rosetta.ignoreIfMissing ",ignoreIfMissing";
+        rosettaArgs = builtins.concatStringsSep "," (
+          [ "rosetta" "mountTag=${rosetta.mountTag}" ]
+          ++ lib.optional rosetta.install "install"
+          ++ lib.optional rosetta.ignoreIfMissing "ignoreIfMissing"
+        );
       in
       [ "--device" rosettaArgs ]
     );
 
   allArgsWithoutSocket = [
-    "${vfkit}/bin/vfkit"
+    "${lib.getExe vfkit}"
     "--cpus" (toString vcpu)
     "--memory" (toString mem)
   ]
diff --git a/nixos-modules/microvm/default.nix b/nixos-modules/microvm/default.nix
@@ -19,6 +19,7 @@ in
     ./pci-devices.nix
     ./virtiofsd
     ./graphics.nix
+    ./rosetta.nix
     ./optimization.nix
     ./ssh-deploy.nix
   ];
diff --git a/nixos-modules/microvm/options.nix b/nixos-modules/microvm/options.nix
@@ -610,8 +610,8 @@ in
           Enable Rosetta support for running x86_64 binaries in ARM64 Linux VMs.
           Only works on Apple Silicon (ARM) Macs.
 
-          After enabling, you must mount the rosetta share and configure binfmt
-          in your guest configuration. See the vfkit documentation for details.
+          When enabled, the Rosetta virtiofs share will be automatically mounted
+          and binfmt will be configured to use Rosetta for x86_64 binaries.
         '';
       };
 
@@ -638,6 +638,15 @@ in
           Useful for configurations that should work on both ARM and Intel Macs.
         '';
       };
+
+      mountPoint = mkOption {
+        type = types.str;
+        default = "/run/rosetta";
+        description = ''
+          Directory where the Rosetta virtiofs share will be mounted in the guest.
+          The Rosetta binary will be available at {mountPoint}/rosetta.
+        '';
+      };
     };
 
     prettyProcnames = mkOption {
diff --git a/nixos-modules/microvm/rosetta.nix b/nixos-modules/microvm/rosetta.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.microvm.vfkit.rosetta;
+in
+lib.mkIf (config.microvm.hypervisor == "vfkit" && cfg.enable) {
+  # Mount the Rosetta share
+  fileSystems.${cfg.mountPoint} = {
+    device = cfg.mountTag;
+    fsType = "virtiofs";
+  };
+
+  # Configure binfmt to use Rosetta for x86_64 binaries
+  boot.binfmt.registrations.rosetta = {
+    interpreter = "${cfg.mountPoint}/rosetta";
+    magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
+    mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
+  };
+}
