Global Configuration System
Global Configuration System
Section titled “Global Configuration System”The Ghaf framework provides a global configuration system that allows settings to be defined once at the host level and automatically propagated to all VMs. This eliminates the need to manually synchronize settings between the host and each virtual machine.
Overview
Section titled “Overview”The global configuration system solves the “configuration propagation problem” where settings like debug mode, SSH access, or storage encryption need to be consistent across the host and all guest VMs.
Key Benefits
Section titled “Key Benefits”- Single Source of Truth: Set configuration once, applied everywhere
- Reduced Errors: No more forgetting to update a setting in one VM
- Clear Inheritance: VMs automatically receive host settings
- Override Capability: Individual VMs can override inherited settings when needed
- Profile Support: Predefined profiles for common configurations (debug, release, minimal)
Using Predefined Profiles
Section titled “Using Predefined Profiles”The simplest way to configure Ghaf is to use a predefined profile:
{ ghaf.global-config = lib.ghaf.profiles.debug;}Available profiles:
lib.ghaf.profiles.debug- Full development/debugging capabilitieslib.ghaf.profiles.release- Production settings with security enabledlib.ghaf.profiles.minimal- Bare minimum configuration
Customizing a Profile
Section titled “Customizing a Profile”You can extend a profile with custom settings:
{ ghaf.global-config = lib.ghaf.mkGlobalConfig "debug" { storage.encryption.enable = true; # Override storage setting };}Direct Configuration
Section titled “Direct Configuration”Set options directly without using a profile:
{ ghaf.global-config = { debug.enable = true; development = { ssh.daemon.enable = true; debug.tools.enable = true; nix-setup.enable = false; # Don't enable nix development setup }; logging.enable = true; storage.encryption.enable = true; };}Available Options
Section titled “Available Options”Debug Settings
Section titled “Debug Settings”| Option | Type | Default | Description |
|---|---|---|---|
debug.enable | bool | false | Enable debug mode globally |
Development Settings
Section titled “Development Settings”| Option | Type | Default | Description |
|---|---|---|---|
development.ssh.daemon.enable | bool | false | Enable SSH daemon on all VMs |
development.debug.tools.enable | bool | false | Install debug tools |
development.nix-setup.enable | bool | false | Enable Nix development setup |
Logging Settings
Section titled “Logging Settings”| Option | Type | Default | Description |
|---|---|---|---|
logging.enable | bool | false | Enable centralized logging |
logging.listener.address | string | "" | Logging listener address |
logging.server.endpoint | string | "" | Remote logging server endpoint |
Security Settings
Section titled “Security Settings”| Option | Type | Default | Description |
|---|---|---|---|
security.audit.enable | bool | false | Enable security auditing |
GIVC Settings
Section titled “GIVC Settings”| Option | Type | Default | Description |
|---|---|---|---|
givc.enable | bool | false | Enable GIVC (Inter-VM Communication) |
givc.debug | bool | false | Enable GIVC debug mode |
Service Settings
Section titled “Service Settings”| Option | Type | Default | Description |
|---|---|---|---|
services.power-manager.enable | bool | false | Enable power manager |
services.performance.enable | bool | false | Enable performance service |
Storage Settings
Section titled “Storage Settings”| Option | Type | Default | Description |
|---|---|---|---|
storage.encryption.enable | bool | false | Enable storage encryption |
storage.storeOnDisk | bool | false | Store VM nix stores on disk |
Platform Information
Section titled “Platform Information”These are automatically populated from host configuration:
| Option | Type | Description |
|---|---|---|
platform.buildSystem | string | Build platform (e.g., “x86_64-linux”) |
platform.hostSystem | string | Host platform (e.g., “x86_64-linux”) |
platform.timeZone | string | System timezone |
How It Works
Section titled “How It Works”Architecture
Section titled “Architecture”┌─────────────────────────────────────────────────────────────────┐│ HOST CONFIGURATION ││ ││ ghaf.global-config = lib.ghaf.profiles.debug; ││ │ ││ ▼ ││ ┌──────────────────────────────────────────────────────────┐ ││ │ ghaf.global-config (evaluated) │ ││ │ - debug.enable = true │ ││ │ - development.ssh.daemon.enable = true │ ││ │ - ... │ ││ └──────────────────────────────────────────────────────────┘ │└────────────────────────────┬────────────────────────────────────┘ │ specialArgs ▼┌─────────────────────────────────────────────────────────────────┐│ VM CONFIGURATION ││ ││ { config, lib, globalConfig, ... }: ││ { ││ # Access inherited settings ││ ghaf.profiles.debug.enable = globalConfig.debug.enable; ││ ghaf.development.ssh.daemon.enable = ││ globalConfig.development.ssh.daemon.enable; ││ } │└─────────────────────────────────────────────────────────────────┘For Module Authors
Section titled “For Module Authors”When creating VM modules that need global settings, access them via the globalConfig specialArg:
{ config, lib, globalConfig, # Provided via specialArgs ...}:let # Use globalConfig for settings that should be inherited from host debugEnabled = globalConfig.debug.enable;in{ config = { # Apply global settings to VM ghaf.profiles.debug.enable = lib.mkDefault debugEnabled;
ghaf.development.ssh.daemon.enable = lib.mkDefault globalConfig.development.ssh.daemon.enable; };}Backward Compatibility
Section titled “Backward Compatibility”The global configuration system maintains backward compatibility with existing Ghaf configurations. Old-style settings like ghaf.profiles.debug.enable = true are automatically synchronized to ghaf.global-config.debug.enable.
This means:
- Existing configurations continue to work without changes
- VMs using the new
globalConfigpattern receive correct values - Migration can be done incrementally
Migration Guide
Section titled “Migration Guide”For Existing Configurations
Section titled “For Existing Configurations”No changes are required. Your existing configuration will continue to work, and ghaf.global-config will automatically reflect your current settings.
For New Configurations
Section titled “For New Configurations”Consider using ghaf.global-config with profiles:
# Before (still works){ ghaf.profiles.debug.enable = true; ghaf.development.ssh.daemon.enable = true; # ... repeated in each VM}
# After (recommended){ ghaf.global-config = lib.ghaf.profiles.debug; # Settings automatically propagate to all VMs}For VM Module Authors
Section titled “For VM Module Authors”Migrate from configHost pattern to globalConfig:
# Before{ configHost }:{ config = { ghaf.profiles.debug.enable = configHost.ghaf.profiles.debug.enable; };}
# After{ globalConfig, ... }:{ config = { ghaf.profiles.debug.enable = lib.mkDefault globalConfig.debug.enable; };}Profiles Reference
Section titled “Profiles Reference”Debug Profile
Section titled “Debug Profile”{ debug.enable = true; development = { ssh.daemon.enable = true; debug.tools.enable = true; nix-setup.enable = true; }; logging.enable = true; security.audit.enable = false; givc = { enable = true; debug = true; }; services = { power-manager.enable = false; performance.enable = false; }; storage = { encryption.enable = false; storeOnDisk = false; };}Release Profile
Section titled “Release Profile”{ debug.enable = false; development = { ssh.daemon.enable = false; debug.tools.enable = false; nix-setup.enable = false; }; logging.enable = false; security.audit.enable = true; givc = { enable = true; debug = false; }; services = { power-manager.enable = true; performance.enable = true; }; storage = { encryption.enable = true; storeOnDisk = false; };}Minimal Profile
Section titled “Minimal Profile”{ debug.enable = false; development = { ssh.daemon.enable = false; debug.tools.enable = false; nix-setup.enable = false; }; logging.enable = false; security.audit.enable = false; givc = { enable = false; debug = false; }; services = { power-manager.enable = false; performance.enable = false; }; storage = { encryption.enable = false; storeOnDisk = false; };}Future Development
Section titled “Future Development”The global configuration system will be extended in future phases to include:
- Complete VM migration to
globalConfigpattern - Additional settings for hardware passthrough
- Custom profile creation utilities
- Downstream project composition support