add configurable group option for virtiofsd socket

Author: Ramblurr

CHANGELOG.md

@@ -18,6 +18,7 @@
 * `bin/virtiofsd-run` (`[email protected]`) now starts the
   multiple virtiofsd instances through supervisord.
 * The `microvm` module allows configuration of
+  `microvm.virtiofsd.group` and
   `microvm.virtiofsd.inodeFileHandles` and
   `microvm.virtiofsd.threadPoolSize` now.
 * Add the [alioth VMM](https://github.com/google/alioth)

nixos-modules/microvm/options.nix

@@ -565,6 +565,15 @@ in
       '';
     };
 
+    virtiofsd.group = mkOption {
+      type = with types; nullOr str;
+      default = "kvm";
+      description = ''
+        The name of the group that will own the Unix domain socket file that virtiofsd creates for communication with the hypervisor.
+        If null, the socket will have group ownership of the user running the hypervisor.
+      '';
+    };
+
     virtiofsd.extraArgs = mkOption {
       type = with types; listOf str;
       default = [];

nixos-modules/microvm/virtiofsd/default.nix

@@ -10,10 +10,6 @@ let
   inherit (pkgs.python3Packages) supervisor;
   supervisord = lib.getExe' supervisor "supervisord";
   supervisorctl = lib.getExe' supervisor "supervisorctl";
-
-  # TODO: don't hardcode
-  group = "kvm";
-
 in
 {
   microvm.binScripts = lib.mkIf requiresVirtiofsd {
@@ -45,7 +41,9 @@ in
                 fi
                 exec ${lib.getExe pkgs.virtiofsd} \
                   --socket-path=${lib.escapeShellArg socket} \
-                  --socket-group=${group} \
+                  ${lib.optionalString (config.microvm.virtiofsd.group != null)
+                  "--socket-group=${config.microvm.virtiofsd.group}"
+                  } \
                   --shared-dir=${lib.escapeShellArg source} \
                   $OPT_RLIMIT \
                   --thread-pool-size ${toString config.microvm.virtiofsd.threadPoolSize} \