kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

straylight: KillMode=process for mcp-agent so unikernel VMs survive restarts

Browse Source 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-06-11 12:59:50 -07:00
parent ef3f46d035
commit 86c7afa080
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hw/straylight/default.nix
View File

@@ -18,6 +18,12 @@
DeviceAllow = [ "/dev/kvm rw" "/dev/net/tun rw" ];
SupplementaryGroups = [ "kvm" ];
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
# The agent launches each unikernel as a daemonized QEMU process in its
# own cgroup. With the default KillMode=control-group, restarting the
# agent would SIGKILL every running VM. KillMode=process kills only the
# agent's main process on stop/restart, so VMs survive an agent upgrade.
# (If a VM does die, the agent's startup Recover restarts it.)
KillMode = lib.mkForce "process";
};
# Let the mcp user reach /dev/kvm directly as well.
users.users.mcp.extraGroups = [ "kvm" ];