From f7d11af98a2a27db655aa2f368099ea34d91ecb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
Date: Thu, 15 Aug 2013 21:50:16 +0200
Subject: [PATCH] libvirtd-service: give access to users in the "libvirtd"
 group

Currently only root has access. But with this patch all users in
"libvirtd" group will have access. This is similar to how it's done on
Ubuntu.

Also, add virtualisation.libvirtd.extraConfig option for further
customization of libvirtd.conf.
---
 modules/virtualisation/libvirtd.nix | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix
index 757a20f616..876ce01615 100644
--- a/modules/virtualisation/libvirtd.nix
+++ b/modules/virtualisation/libvirtd.nix
@@ -7,6 +7,13 @@ with pkgs.lib;
 let
 
   cfg = config.virtualisation.libvirtd;
+  configFile = pkgs.writeText "libvirtd.conf" ''
+    unix_sock_group = "libvirtd"
+    unix_sock_rw_perms = "0770"
+    auth_unix_ro = "none"
+    auth_unix_rw = "none"
+    ${cfg.extraConfig}
+  '';
 
 in
 
@@ -36,6 +43,16 @@ in
           '';
       };
 
+    virtualisation.libvirtd.extraConfig =
+      mkOption {
+        default = "";
+        description =
+          ''
+            Extra contents appended to the libvirtd configuration file,
+            libvirtd.conf.
+          '';
+      };
+
   };
 
 
@@ -83,7 +100,7 @@ in
             done
           ''; # */
 
-        serviceConfig.ExecStart = "@${pkgs.libvirt}/sbin/libvirtd libvirtd --daemon --verbose";
+        serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
         serviceConfig.Type = "forking";
         serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
 
@@ -124,6 +141,8 @@ in
         serviceConfig.RemainAfterExit = true;
       };
 
+    users.extraGroups.libvirtd = {};
+
   };
 
 }