Last active
March 30, 2023 15:12
-
-
Save dogukancagatay/492e0439afaeeead0761b39fd353f673 to your computer and use it in GitHub Desktop.
Lima Fedora configuration files derived from default.yaml with fallback image urls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ===================================================================== # | |
| # BASIC CONFIGURATION (FEDORA 37) | |
| # ===================================================================== # | |
| # Default values in this YAML file are specified by `null` instead of Lima's "builtin default" values, | |
| # so they can be overridden by the $LIMA_HOME/_config/default.yaml mechanism documented at the end of this file. | |
| # VM type: "qemu" or "vz" (on macOS 13 and later). | |
| # The vmType can be specified only on creating the instance. | |
| # The vmType of existing instances cannot be changed. | |
| # 🟢 Builtin default: "qemu" | |
| vmType: null | |
| # Arch: "default", "x86_64", "aarch64". | |
| # 🟢 Builtin default: "default" (corresponds to the host architecture) | |
| arch: null | |
| # OpenStack-compatible disk image. | |
| # 🟢 Builtin default: null (must be specified) | |
| # 🔵 This file: Fedora 37 Cloud image | |
| images: | |
| # Mirror links | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:fe84502779b3477284a8d4c86731f642ca10dd3984d2b5eccdf82630a9ca2de6" | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/aarch64/images/Fedora-Cloud-Base-35-1.2.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:c71f2e6ce75b516d565e2c297ea9994c69b946cb3eaa0a4bbea400dbd6f59ae6" | |
| # Main mirror links | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:fe84502779b3477284a8d4c86731f642ca10dd3984d2b5eccdf82630a9ca2de6" | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/aarch64/images/Fedora-Cloud-Base-35-1.2.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:c71f2e6ce75b516d565e2c297ea9994c69b946cb3eaa0a4bbea400dbd6f59ae6" | |
| # Archive mirror links | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:fe84502779b3477284a8d4c86731f642ca10dd3984d2b5eccdf82630a9ca2de6" | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/35/Cloud/aarch64/images/Fedora-Cloud-Base-35-1.2.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:c71f2e6ce75b516d565e2c297ea9994c69b946cb3eaa0a4bbea400dbd6f59ae6" | |
| # CPUs: if you see performance issues, try limiting cpus to 1. | |
| # 🟢 Builtin default: 4 | |
| cpus: null | |
| # Memory size | |
| # 🟢 Builtin default: "4GiB" | |
| memory: null | |
| # Disk size | |
| # 🟢 Builtin default: "100GiB" | |
| disk: null | |
| # Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest | |
| # 🟢 Builtin default: null (Mount nothing) | |
| # 🔵 This file: Mount the home as read-only, /tmp/lima as writable | |
| mounts: | |
| - location: "~" | |
| # Configure the mountPoint inside the guest. | |
| # 🟢 Builtin default: value of location | |
| mountPoint: null | |
| # CAUTION: `writable` SHOULD be false for the home directory. | |
| # Setting `writable` to true is possible, but untested and dangerous. | |
| # 🟢 Builtin default: false | |
| writable: null | |
| sshfs: | |
| # Enabling the SSHFS cache will increase performance of the mounted filesystem, at | |
| # the cost of potentially not reflecting changes made on the host in a timely manner. | |
| # Warning: It looks like PHP filesystem access does not work correctly when | |
| # the cache is disabled. | |
| # 🟢 Builtin default: true | |
| cache: null | |
| # SSHFS has an optional flag called 'follow_symlinks'. This allows mounts | |
| # to be properly resolved in the guest os and allow for access to the | |
| # contents of the symlink. As a result, symlinked files & folders on the Host | |
| # system will look and feel like regular files directories in the Guest OS. | |
| # 🟢 Builtin default: false | |
| followSymlinks: null | |
| # SFTP driver, "builtin" or "openssh-sftp-server". "openssh-sftp-server" is recommended. | |
| # 🟢 Builtin default: "openssh-sftp-server" if OpenSSH SFTP Server binary is found, otherwise "builtin" | |
| sftpDriver: null | |
| 9p: | |
| # Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". | |
| # "mapped-xattr" and "mapped-file" are useful for persistent chown but incompatible with symlinks. | |
| # 🟢 Builtin default: "none" (since Lima v0.13) | |
| securityModel: null | |
| # Select 9P protocol version. Valid options are: "9p2000" (legacy), "9p2000.u", "9p2000.L". | |
| # 🟢 Builtin default: "9p2000.L" | |
| protocolVersion: null | |
| # The number of bytes to use for 9p packet payload, where 4KiB is the absolute minimum. | |
| # 🟢 Builtin default: "128KiB" | |
| msize: null | |
| # Specifies a caching policy. Valid options are: "none", "loose", "fscache" and "mmap". | |
| # Try choosing "mmap" or "none" if you see a stability issue with the default "fscache". | |
| # See https://www.kernel.org/doc/Documentation/filesystems/9p.txt | |
| # 🟢 Builtin default: "fscache" for non-writable mounts, "mmap" for writable mounts | |
| cache: null | |
| - location: "/tmp/lima" | |
| # 🟢 Builtin default: false | |
| # 🔵 This file: true (only for "/tmp/lima") | |
| writable: true | |
| # Mount type for above mounts, such as "reverse-sshfs" (from sshocker), "9p" (EXPERIMENTAL, from QEMU’s virtio-9p-pci, aka virtfs), | |
| # or "virtiofs" (EXPERIMENTAL, needs `vmType: vz`) | |
| # 🟢 Builtin default: "reverse-sshfs" | |
| mountType: null | |
| # Lima disks to attach to the instance. The disks will be accessible from inside the | |
| # instance, labeled by name. (e.g. if the disk is named "data", it will be labeled | |
| # "lima-data" inside the instance). The disk will be mounted inside the instance at | |
| # `/mnt/lima-${VOLUME}`. | |
| # 🟢 Builtin default: null | |
| additionalDisks: | |
| # disks should be a list of disk name strings, for example: | |
| # - "data" | |
| ssh: | |
| # A localhost port of the host. Forwarded to port 22 of the guest. | |
| # 🟢 Builtin default: 0 (automatically assigned to a free port) | |
| # NOTE: when the instance name is "default", the builtin default value is set to | |
| # 60022 for backward compatibility. | |
| localPort: 0 | |
| # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub . | |
| # This option is useful when you want to use other SSH-based | |
| # applications such as rsync with the Lima instance. | |
| # If you have an insecure key under ~/.ssh, do not use this option. | |
| # 🟢 Builtin default: true | |
| loadDotSSHPubKeys: null | |
| # Forward ssh agent into the instance. | |
| # The ssh agent socket can be mounted in a container at the path `/run/host-services/ssh-auth.sock`. | |
| # Set the environment variable `SSH_AUTH_SOCK` value to the path above. | |
| # The socket is accessible by the non-root user inside the Lima instance. | |
| # 🟢 Builtin default: false | |
| forwardAgent: null | |
| # Forward X11 into the instance | |
| # 🟢 Builtin default: false | |
| forwardX11: null | |
| # Trust forwarded X11 clients | |
| # 🟢 Builtin default: false | |
| forwardX11Trusted: null | |
| # ===================================================================== # | |
| # ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| caCerts: | |
| # If set to `true`, this will remove all the default trusted CA certificates that | |
| # are normally shipped with the OS. | |
| # 🟢 Builtin default: false | |
| removeDefaults: null | |
| # A list of trusted CA certificate files. The files will be read and passed to cloud-init. | |
| files: | |
| # - examples/hello.crt | |
| # A list of trusted CA certificates. These are directly passed to cloud-init. | |
| certs: | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| containerd: | |
| # Enable system-wide (aka rootful) containerd and its dependencies (BuildKit, Stargz Snapshotter) | |
| # Note that `nerdctl.lima` only works in rootless mode; you have to use `lima sudo nerdctl ...` | |
| # to use rootful containerd with nerdctl. | |
| # 🟢 Builtin default: false | |
| system: null | |
| # Enable user-scoped (aka rootless) containerd and its dependencies | |
| # 🟢 Builtin default: true | |
| user: null | |
| # # Override containerd archive | |
| # # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`) | |
| # archives: | |
| # - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz" | |
| # arch: "x86_64" | |
| # digest: "sha256:..." | |
| # Provisioning scripts need to be idempotent because they might be called | |
| # multiple times, e.g. when the host VM is being restarted. | |
| # 🟢 Builtin default: null | |
| # provision: | |
| # # `system` is executed with the root privilege | |
| # - mode: system | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # export DEBIAN_FRONTEND=noninteractive | |
| # apt-get install -y vim | |
| # # `user` is executed without the root privilege | |
| # - mode: user | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # cat <<EOF > ~/.vimrc | |
| # set number | |
| # EOF | |
| # # `boot` is executed directly by /bin/sh as part of cloud-init-local.service's early boot process, | |
| # # which is why there is no hash-bang specified in the example | |
| # # See cloud-init docs for more info https://cloudinit.readthedocs.io/en/latest/topics/examples.html#run-commands-on-first-boot | |
| # - mode: boot | |
| # script: | | |
| # systemctl disable NetworkManager-wait-online.service | |
| # Probe scripts to check readiness. | |
| # 🟢 Builtin default: null | |
| # probes: | |
| # # Only `readiness` probes are supported right now. | |
| # - mode: readiness | |
| # description: vim to be installed | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then | |
| # echo >&2 "vim is not installed yet" | |
| # exit 1 | |
| # fi | |
| # hint: | | |
| # vim was not installed in the guest. Make sure the package system is working correctly. | |
| # Also see "/var/log/cloud-init-output.log" in the guest. | |
| # ===================================================================== # | |
| # FURTHER ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| # Specify desired QEMU CPU type for each arch. | |
| # You can see what options are available for host emulation with: `qemu-system-$(arch) -cpu help`. | |
| # Setting of instructions is supported like this: "qemu64,+ssse3". | |
| cpuType: | |
| # 🟢 Builtin default: "cortex-a72" (or "host" when running on aarch64 host) | |
| aarch64: null | |
| # 🟢 Builtin default: "qemu64" (or "host" when running on x86_64 host) | |
| x86_64: null | |
| rosetta: | |
| # Enable Rosetta for Linux (EXPERIMENTAL). | |
| # Hint: try `softwareupdate --install-rosetta` if Lima gets stuck at `Installing rosetta...` | |
| # 🟢 Builtin default: false | |
| enabled: null | |
| # Register rosetta to /proc/sys/fs/binfmt_misc | |
| # 🟢 Builtin default: false | |
| binfmt: null | |
| firmware: | |
| # Use legacy BIOS instead of UEFI. Ignored for aarch64. | |
| # 🟢 Builtin default: false | |
| legacyBIOS: null | |
| video: | |
| # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default". | |
| # Choosing "none" will hide the video output, and not show any window. | |
| # Choosing "vnc" will use a network server, and not show any window. | |
| # Choosing "default" will pick the first available of: gtk, sdl, cocoa. | |
| # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact | |
| # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334 | |
| # 🟢 Builtin default: "none" | |
| display: null | |
| # VNC (Virtual Network Computing) is a platform-independent graphical | |
| # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) | |
| vnc: | |
| # VNC display, e.g.,"to=L", "host:d", "unix:path", "none" | |
| # By convention the TCP port is 5900+d, connections from any host. | |
| # 🟢 Builtin default: "127.0.0.1:0,to=9" | |
| display: null | |
| # The instance can get routable IP addresses from the vmnet framework using | |
| # https://github.com/lima-vm/socket_vmnet. | |
| # 🟢 Builtin default: null | |
| networks: | |
| # Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml | |
| # automatically. The socket_vmnet binary must be installed into | |
| # secure locations only alterable by the "root" user. | |
| # The same applies to vde_switch and vde_vmnet for the deprecated VDE mode. | |
| # - lima: shared | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # | |
| # Lima can also connect to "unmanaged" networks addressed by "socket". This | |
| # means that the daemons will not be controlled by Lima, but must be started | |
| # before the instance. The interface type (host, shared, or bridged) is | |
| # configured in socket_vmnet and not in lima. | |
| # - socket: "/var/run/socket_vmnet" | |
| # The "vzNAT" IP address is accessible from the host, but not from other guests. | |
| # Needs `vmType: vz` (EXPERIMENTAL). | |
| # - vzNAT: true | |
| # vnl (virtual network locator) points to the vde_switch socket directory, | |
| # optionally with vde:// prefix | |
| # ⚠️ vnl is deprecated, use socket. | |
| # - vnl: "vde:///var/run/vde.ctl" | |
| # # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode. | |
| # # Builtin default: 0 | |
| # switchPort: 0 | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden. | |
| # Rules are checked sequentially until the first one matches. | |
| # portForwards: | |
| # - guestPort: 443 | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding | |
| # # default: hostPort: 443 (same as guestPort) | |
| # # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1") | |
| # # default: proto: "tcp" (only valid value right now) | |
| # | |
| # - guestPortRange: [4000, 4999] | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1" | |
| # # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange) | |
| # | |
| # - guestPort: 80 | |
| # hostPort: 8080 # overrides the default value 80 | |
| # | |
| # - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # hostIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # # default: guestPortRange: [1, 65535] | |
| # # default: hostPortRange: [1, 65535] | |
| # | |
| # - guestPort: 8888 | |
| # ignore: true (don't forward this port) | |
| # | |
| # - guestPort: 7443 | |
| # guestIP: "0.0.0.0" # Will match *any* interface | |
| # guestIPMustBeZero: true # Restrict matching to 0.0.0.0 binds only | |
| # hostIP: "0.0.0.0" # Forwards to 0.0.0.0, exposing it externally | |
| # | |
| # - guestSocket: "/run/user/{{.UID}}/my.sock" | |
| # hostSocket: mysocket | |
| # # default: reverse: false | |
| # # "guestSocket" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # # "reverse" can only be used for unix sockets right now, not for tcp sockets. | |
| # # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets! | |
| # # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports. | |
| # # Forwarding requires the lima user to have rw access to the "guestsocket", | |
| # # and the local user rwx access to the directory of the "hostsocket". | |
| # | |
| # # Lima internally appends this fallback rule at the end: | |
| # - guestIP: "127.0.0.1" | |
| # guestPortRange: [1, 65535] | |
| # hostIP: "127.0.0.1" | |
| # hostPortRange: [1, 65535] | |
| # # Any port still not matched by a rule will not be forwarded (ignored) | |
| # Copy files from the guest to the host. Copied after provisioning scripts have been completed. | |
| # copyToHost: | |
| # - guest: "/etc/myconfig.cfg" | |
| # host: "{{.Dir}}/copied-from-guest/myconfig" | |
| # # "guest" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "host" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # Message. Information to be shown to the user, given as a Go template for the instance. | |
| # The same template variables as for listing instances can be used, for example {{.Dir}}. | |
| # You can view the complete list of variables using `limactl list --list-fields` command. | |
| # It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH. | |
| # 🟢 Builtin default: null | |
| # message: | | |
| # This will be shown to the user. | |
| # Extra environment variables that will be loaded into the VM at start up. | |
| # These variables are consumed by internal init scripts, and also added | |
| # to /etc/environment. | |
| # If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then | |
| # Lima will automatically set an uppercase variant to the same value as well. | |
| # 🟢 Builtin default: null | |
| # env: | |
| # KEY: value | |
| # Lima will override the proxy environment variables with values from the current process | |
| # environment (the environment in effect when you run `limactl start`). It will automatically | |
| # replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside | |
| # the VM, so it stays routable. Use of the process environment can be disabled by setting | |
| # propagateProxyEnv to false. | |
| # 🟢 Builtn default: true | |
| propagateProxyEnv: null | |
| # The host agent implements a DNS server that looks up host names on the host | |
| # using the local system resolver. This means changing VPN and network settings | |
| # are reflected automatically into the guest, including conditional forward, | |
| # and mDNS lookup. By default only IPv4 addresses will be returned. IPv6 addresses | |
| # can only work when using a vmnet network interface and the host has working | |
| # IPv6 configured as well. | |
| hostResolver: | |
| # 🟢 Builtin default: true | |
| enabled: null | |
| # 🟢 Builtin default: false | |
| ipv6: null | |
| # Static names can be defined here as an alternative to adding them to the hosts /etc/hosts. | |
| # Values can be either other hostnames, or IP addresses. The host.lima.internal name is | |
| # predefined to specify the gateway address to the host. | |
| # 🟢 Builtin default: null | |
| hosts: | |
| # guest.name: 127.1.1.1 | |
| # host.name: host.lima.internal | |
| # If useHostResolver is false, then the following rules apply for configuring dns: | |
| # Explicitly set DNS addresses for qemu user-mode networking. By default qemu picks *one* | |
| # nameserver from the host config and forwards all queries to this server. On macOS | |
| # Lima adds the nameservers configured for the first host interface in service order, | |
| # that has an IPv4 address, to the list. In case this still doesn't work (e.g. VPN | |
| # setups), the servers can be specified here explicitly. If nameservers are specified | |
| # here, then the configuration from network preferences will be ignored. | |
| # 🟢 Builtin default: null | |
| # dns: | |
| # - 1.1.1.1 | |
| # - 1.0.0.1 | |
| # ===================================================================== # | |
| # GLOBAL DEFAULTS AND OVERRIDES | |
| # ===================================================================== # | |
| # The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml | |
| # file. It will be used by ALL instances under the same $LIMA_HOME, and it | |
| # will be applied on each `limactl start`, so can affect instance restarts. | |
| # A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take | |
| # precedence even over the settings in an instances lima.yaml file. | |
| # It too applies to ALL instances under the same $LIMA_HOME, and is applied | |
| # on each restart. It can be used to globally override settings, e.g. make | |
| # the mount of the home directory writable. | |
| # On each instance start the config settings are determined: If a value is | |
| # not set in `lima.yaml`, then the `default.yaml` is used. If that file | |
| # doesn't exist, or the value is not defined in the file, then the builtin | |
| # default is used. If `override.yaml` exists and defines the value, then | |
| # it overrides whatever has been chosen so far. | |
| # For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are | |
| # combined instead of replacing each other. Slices are produced from override | |
| # settings, followed by lima.yaml, followed by defaults.yaml (but NOT from | |
| # builtin defaults). Maps are produced starting with defaults.yaml values, | |
| # overwriting with lima.yaml ones, overwriting with override.yaml. | |
| # Exceptions: | |
| # - `dns` will use the list from the highest priority file; they are not | |
| # combined. If override.yaml defines a list of `dns` entries, then the | |
| # settings in default.yaml and lima.yaml are ignored. | |
| # | |
| # - `mounts` will update the `writable` setting when 2 entries have the | |
| # same `location` value. For this reason they are processed in the opposite | |
| # order: starting with default, followed by lima, and then override. | |
| # | |
| # -`networks` will replace lower priority entries with the same `interface` | |
| # name with higher priority definitions. This does not apply if the | |
| # `interface` field is empty. `networks` are therefore also processed | |
| # in lowest to highest priority order. | |
| # ===================================================================== # | |
| # END OF TEMPLATE | |
| # ===================================================================== # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ===================================================================== # | |
| # BASIC CONFIGURATION (FEDORA 36) | |
| # ===================================================================== # | |
| # Default values in this YAML file are specified by `null` instead of Lima's "builtin default" values, | |
| # so they can be overridden by the $LIMA_HOME/_config/default.yaml mechanism documented at the end of this file. | |
| # VM type: "qemu" or "vz" (on macOS 13 and later). | |
| # The vmType can be specified only on creating the instance. | |
| # The vmType of existing instances cannot be changed. | |
| # 🟢 Builtin default: "qemu" | |
| vmType: null | |
| # Arch: "default", "x86_64", "aarch64". | |
| # 🟢 Builtin default: "default" (corresponds to the host architecture) | |
| arch: null | |
| # OpenStack-compatible disk image. | |
| # 🟢 Builtin default: null (must be specified) | |
| # 🔵 This file: Fedora 36 Cloud image | |
| images: | |
| # Mirror links | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:ca9e514cc2f4a7a0188e7c68af60eb4e573d2e6850cc65b464697223f46b4605" | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/aarch64/images/Fedora-Cloud-Base-36-1.5.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:5c0e7e99b0c542cb2155cd3b52bbf51a42a65917e52d37df457d1e9759b37512" | |
| # Main mirror links | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:ca9e514cc2f4a7a0188e7c68af60eb4e573d2e6850cc65b464697223f46b4605" | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/aarch64/images/Fedora-Cloud-Base-36-1.5.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:5c0e7e99b0c542cb2155cd3b52bbf51a42a65917e52d37df457d1e9759b37512" | |
| # Archive mirror links | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:ca9e514cc2f4a7a0188e7c68af60eb4e573d2e6850cc65b464697223f46b4605" | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/36/Cloud/aarch64/images/Fedora-Cloud-Base-36-1.5.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:5c0e7e99b0c542cb2155cd3b52bbf51a42a65917e52d37df457d1e9759b37512" | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/36/Cloud/aarch64/images/Fedora-Cloud-Base-36-1.5.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:True" | |
| # CPUs: if you see performance issues, try limiting cpus to 1. | |
| # 🟢 Builtin default: 4 | |
| cpus: null | |
| # Memory size | |
| # 🟢 Builtin default: "4GiB" | |
| memory: null | |
| # Disk size | |
| # 🟢 Builtin default: "100GiB" | |
| disk: null | |
| # Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest | |
| # 🟢 Builtin default: null (Mount nothing) | |
| # 🔵 This file: Mount the home as read-only, /tmp/lima as writable | |
| mounts: | |
| - location: "~" | |
| # Configure the mountPoint inside the guest. | |
| # 🟢 Builtin default: value of location | |
| mountPoint: null | |
| # CAUTION: `writable` SHOULD be false for the home directory. | |
| # Setting `writable` to true is possible, but untested and dangerous. | |
| # 🟢 Builtin default: false | |
| writable: null | |
| sshfs: | |
| # Enabling the SSHFS cache will increase performance of the mounted filesystem, at | |
| # the cost of potentially not reflecting changes made on the host in a timely manner. | |
| # Warning: It looks like PHP filesystem access does not work correctly when | |
| # the cache is disabled. | |
| # 🟢 Builtin default: true | |
| cache: null | |
| # SSHFS has an optional flag called 'follow_symlinks'. This allows mounts | |
| # to be properly resolved in the guest os and allow for access to the | |
| # contents of the symlink. As a result, symlinked files & folders on the Host | |
| # system will look and feel like regular files directories in the Guest OS. | |
| # 🟢 Builtin default: false | |
| followSymlinks: null | |
| # SFTP driver, "builtin" or "openssh-sftp-server". "openssh-sftp-server" is recommended. | |
| # 🟢 Builtin default: "openssh-sftp-server" if OpenSSH SFTP Server binary is found, otherwise "builtin" | |
| sftpDriver: null | |
| 9p: | |
| # Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". | |
| # "mapped-xattr" and "mapped-file" are useful for persistent chown but incompatible with symlinks. | |
| # 🟢 Builtin default: "none" (since Lima v0.13) | |
| securityModel: null | |
| # Select 9P protocol version. Valid options are: "9p2000" (legacy), "9p2000.u", "9p2000.L". | |
| # 🟢 Builtin default: "9p2000.L" | |
| protocolVersion: null | |
| # The number of bytes to use for 9p packet payload, where 4KiB is the absolute minimum. | |
| # 🟢 Builtin default: "128KiB" | |
| msize: null | |
| # Specifies a caching policy. Valid options are: "none", "loose", "fscache" and "mmap". | |
| # Try choosing "mmap" or "none" if you see a stability issue with the default "fscache". | |
| # See https://www.kernel.org/doc/Documentation/filesystems/9p.txt | |
| # 🟢 Builtin default: "fscache" for non-writable mounts, "mmap" for writable mounts | |
| cache: null | |
| - location: "/tmp/lima" | |
| # 🟢 Builtin default: false | |
| # 🔵 This file: true (only for "/tmp/lima") | |
| writable: true | |
| # Mount type for above mounts, such as "reverse-sshfs" (from sshocker), "9p" (EXPERIMENTAL, from QEMU’s virtio-9p-pci, aka virtfs), | |
| # or "virtiofs" (EXPERIMENTAL, needs `vmType: vz`) | |
| # 🟢 Builtin default: "reverse-sshfs" | |
| mountType: null | |
| # Lima disks to attach to the instance. The disks will be accessible from inside the | |
| # instance, labeled by name. (e.g. if the disk is named "data", it will be labeled | |
| # "lima-data" inside the instance). The disk will be mounted inside the instance at | |
| # `/mnt/lima-${VOLUME}`. | |
| # 🟢 Builtin default: null | |
| additionalDisks: | |
| # disks should be a list of disk name strings, for example: | |
| # - "data" | |
| ssh: | |
| # A localhost port of the host. Forwarded to port 22 of the guest. | |
| # 🟢 Builtin default: 0 (automatically assigned to a free port) | |
| # NOTE: when the instance name is "default", the builtin default value is set to | |
| # 60022 for backward compatibility. | |
| localPort: 0 | |
| # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub . | |
| # This option is useful when you want to use other SSH-based | |
| # applications such as rsync with the Lima instance. | |
| # If you have an insecure key under ~/.ssh, do not use this option. | |
| # 🟢 Builtin default: true | |
| loadDotSSHPubKeys: null | |
| # Forward ssh agent into the instance. | |
| # The ssh agent socket can be mounted in a container at the path `/run/host-services/ssh-auth.sock`. | |
| # Set the environment variable `SSH_AUTH_SOCK` value to the path above. | |
| # The socket is accessible by the non-root user inside the Lima instance. | |
| # 🟢 Builtin default: false | |
| forwardAgent: null | |
| # Forward X11 into the instance | |
| # 🟢 Builtin default: false | |
| forwardX11: null | |
| # Trust forwarded X11 clients | |
| # 🟢 Builtin default: false | |
| forwardX11Trusted: null | |
| # ===================================================================== # | |
| # ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| caCerts: | |
| # If set to `true`, this will remove all the default trusted CA certificates that | |
| # are normally shipped with the OS. | |
| # 🟢 Builtin default: false | |
| removeDefaults: null | |
| # A list of trusted CA certificate files. The files will be read and passed to cloud-init. | |
| files: | |
| # - examples/hello.crt | |
| # A list of trusted CA certificates. These are directly passed to cloud-init. | |
| certs: | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| containerd: | |
| # Enable system-wide (aka rootful) containerd and its dependencies (BuildKit, Stargz Snapshotter) | |
| # Note that `nerdctl.lima` only works in rootless mode; you have to use `lima sudo nerdctl ...` | |
| # to use rootful containerd with nerdctl. | |
| # 🟢 Builtin default: false | |
| system: null | |
| # Enable user-scoped (aka rootless) containerd and its dependencies | |
| # 🟢 Builtin default: true | |
| user: null | |
| # # Override containerd archive | |
| # # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`) | |
| # archives: | |
| # - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz" | |
| # arch: "x86_64" | |
| # digest: "sha256:..." | |
| # Provisioning scripts need to be idempotent because they might be called | |
| # multiple times, e.g. when the host VM is being restarted. | |
| # 🟢 Builtin default: null | |
| # provision: | |
| # # `system` is executed with the root privilege | |
| # - mode: system | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # export DEBIAN_FRONTEND=noninteractive | |
| # apt-get install -y vim | |
| # # `user` is executed without the root privilege | |
| # - mode: user | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # cat <<EOF > ~/.vimrc | |
| # set number | |
| # EOF | |
| # # `boot` is executed directly by /bin/sh as part of cloud-init-local.service's early boot process, | |
| # # which is why there is no hash-bang specified in the example | |
| # # See cloud-init docs for more info https://cloudinit.readthedocs.io/en/latest/topics/examples.html#run-commands-on-first-boot | |
| # - mode: boot | |
| # script: | | |
| # systemctl disable NetworkManager-wait-online.service | |
| # Probe scripts to check readiness. | |
| # 🟢 Builtin default: null | |
| # probes: | |
| # # Only `readiness` probes are supported right now. | |
| # - mode: readiness | |
| # description: vim to be installed | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then | |
| # echo >&2 "vim is not installed yet" | |
| # exit 1 | |
| # fi | |
| # hint: | | |
| # vim was not installed in the guest. Make sure the package system is working correctly. | |
| # Also see "/var/log/cloud-init-output.log" in the guest. | |
| # ===================================================================== # | |
| # FURTHER ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| # Specify desired QEMU CPU type for each arch. | |
| # You can see what options are available for host emulation with: `qemu-system-$(arch) -cpu help`. | |
| # Setting of instructions is supported like this: "qemu64,+ssse3". | |
| cpuType: | |
| # 🟢 Builtin default: "cortex-a72" (or "host" when running on aarch64 host) | |
| aarch64: null | |
| # 🟢 Builtin default: "qemu64" (or "host" when running on x86_64 host) | |
| x86_64: null | |
| rosetta: | |
| # Enable Rosetta for Linux (EXPERIMENTAL). | |
| # Hint: try `softwareupdate --install-rosetta` if Lima gets stuck at `Installing rosetta...` | |
| # 🟢 Builtin default: false | |
| enabled: null | |
| # Register rosetta to /proc/sys/fs/binfmt_misc | |
| # 🟢 Builtin default: false | |
| binfmt: null | |
| firmware: | |
| # Use legacy BIOS instead of UEFI. Ignored for aarch64. | |
| # 🟢 Builtin default: false | |
| legacyBIOS: null | |
| video: | |
| # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default". | |
| # Choosing "none" will hide the video output, and not show any window. | |
| # Choosing "vnc" will use a network server, and not show any window. | |
| # Choosing "default" will pick the first available of: gtk, sdl, cocoa. | |
| # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact | |
| # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334 | |
| # 🟢 Builtin default: "none" | |
| display: null | |
| # VNC (Virtual Network Computing) is a platform-independent graphical | |
| # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) | |
| vnc: | |
| # VNC display, e.g.,"to=L", "host:d", "unix:path", "none" | |
| # By convention the TCP port is 5900+d, connections from any host. | |
| # 🟢 Builtin default: "127.0.0.1:0,to=9" | |
| display: null | |
| # The instance can get routable IP addresses from the vmnet framework using | |
| # https://github.com/lima-vm/socket_vmnet. | |
| # 🟢 Builtin default: null | |
| networks: | |
| # Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml | |
| # automatically. The socket_vmnet binary must be installed into | |
| # secure locations only alterable by the "root" user. | |
| # The same applies to vde_switch and vde_vmnet for the deprecated VDE mode. | |
| # - lima: shared | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # | |
| # Lima can also connect to "unmanaged" networks addressed by "socket". This | |
| # means that the daemons will not be controlled by Lima, but must be started | |
| # before the instance. The interface type (host, shared, or bridged) is | |
| # configured in socket_vmnet and not in lima. | |
| # - socket: "/var/run/socket_vmnet" | |
| # The "vzNAT" IP address is accessible from the host, but not from other guests. | |
| # Needs `vmType: vz` (EXPERIMENTAL). | |
| # - vzNAT: true | |
| # vnl (virtual network locator) points to the vde_switch socket directory, | |
| # optionally with vde:// prefix | |
| # ⚠️ vnl is deprecated, use socket. | |
| # - vnl: "vde:///var/run/vde.ctl" | |
| # # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode. | |
| # # Builtin default: 0 | |
| # switchPort: 0 | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden. | |
| # Rules are checked sequentially until the first one matches. | |
| # portForwards: | |
| # - guestPort: 443 | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding | |
| # # default: hostPort: 443 (same as guestPort) | |
| # # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1") | |
| # # default: proto: "tcp" (only valid value right now) | |
| # | |
| # - guestPortRange: [4000, 4999] | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1" | |
| # # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange) | |
| # | |
| # - guestPort: 80 | |
| # hostPort: 8080 # overrides the default value 80 | |
| # | |
| # - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # hostIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # # default: guestPortRange: [1, 65535] | |
| # # default: hostPortRange: [1, 65535] | |
| # | |
| # - guestPort: 8888 | |
| # ignore: true (don't forward this port) | |
| # | |
| # - guestPort: 7443 | |
| # guestIP: "0.0.0.0" # Will match *any* interface | |
| # guestIPMustBeZero: true # Restrict matching to 0.0.0.0 binds only | |
| # hostIP: "0.0.0.0" # Forwards to 0.0.0.0, exposing it externally | |
| # | |
| # - guestSocket: "/run/user/{{.UID}}/my.sock" | |
| # hostSocket: mysocket | |
| # # default: reverse: false | |
| # # "guestSocket" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # # "reverse" can only be used for unix sockets right now, not for tcp sockets. | |
| # # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets! | |
| # # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports. | |
| # # Forwarding requires the lima user to have rw access to the "guestsocket", | |
| # # and the local user rwx access to the directory of the "hostsocket". | |
| # | |
| # # Lima internally appends this fallback rule at the end: | |
| # - guestIP: "127.0.0.1" | |
| # guestPortRange: [1, 65535] | |
| # hostIP: "127.0.0.1" | |
| # hostPortRange: [1, 65535] | |
| # # Any port still not matched by a rule will not be forwarded (ignored) | |
| # Copy files from the guest to the host. Copied after provisioning scripts have been completed. | |
| # copyToHost: | |
| # - guest: "/etc/myconfig.cfg" | |
| # host: "{{.Dir}}/copied-from-guest/myconfig" | |
| # # "guest" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "host" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # Message. Information to be shown to the user, given as a Go template for the instance. | |
| # The same template variables as for listing instances can be used, for example {{.Dir}}. | |
| # You can view the complete list of variables using `limactl list --list-fields` command. | |
| # It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH. | |
| # 🟢 Builtin default: null | |
| # message: | | |
| # This will be shown to the user. | |
| # Extra environment variables that will be loaded into the VM at start up. | |
| # These variables are consumed by internal init scripts, and also added | |
| # to /etc/environment. | |
| # If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then | |
| # Lima will automatically set an uppercase variant to the same value as well. | |
| # 🟢 Builtin default: null | |
| # env: | |
| # KEY: value | |
| # Lima will override the proxy environment variables with values from the current process | |
| # environment (the environment in effect when you run `limactl start`). It will automatically | |
| # replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside | |
| # the VM, so it stays routable. Use of the process environment can be disabled by setting | |
| # propagateProxyEnv to false. | |
| # 🟢 Builtn default: true | |
| propagateProxyEnv: null | |
| # The host agent implements a DNS server that looks up host names on the host | |
| # using the local system resolver. This means changing VPN and network settings | |
| # are reflected automatically into the guest, including conditional forward, | |
| # and mDNS lookup. By default only IPv4 addresses will be returned. IPv6 addresses | |
| # can only work when using a vmnet network interface and the host has working | |
| # IPv6 configured as well. | |
| hostResolver: | |
| # 🟢 Builtin default: true | |
| enabled: null | |
| # 🟢 Builtin default: false | |
| ipv6: null | |
| # Static names can be defined here as an alternative to adding them to the hosts /etc/hosts. | |
| # Values can be either other hostnames, or IP addresses. The host.lima.internal name is | |
| # predefined to specify the gateway address to the host. | |
| # 🟢 Builtin default: null | |
| hosts: | |
| # guest.name: 127.1.1.1 | |
| # host.name: host.lima.internal | |
| # If useHostResolver is false, then the following rules apply for configuring dns: | |
| # Explicitly set DNS addresses for qemu user-mode networking. By default qemu picks *one* | |
| # nameserver from the host config and forwards all queries to this server. On macOS | |
| # Lima adds the nameservers configured for the first host interface in service order, | |
| # that has an IPv4 address, to the list. In case this still doesn't work (e.g. VPN | |
| # setups), the servers can be specified here explicitly. If nameservers are specified | |
| # here, then the configuration from network preferences will be ignored. | |
| # 🟢 Builtin default: null | |
| # dns: | |
| # - 1.1.1.1 | |
| # - 1.0.0.1 | |
| # ===================================================================== # | |
| # GLOBAL DEFAULTS AND OVERRIDES | |
| # ===================================================================== # | |
| # The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml | |
| # file. It will be used by ALL instances under the same $LIMA_HOME, and it | |
| # will be applied on each `limactl start`, so can affect instance restarts. | |
| # A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take | |
| # precedence even over the settings in an instances lima.yaml file. | |
| # It too applies to ALL instances under the same $LIMA_HOME, and is applied | |
| # on each restart. It can be used to globally override settings, e.g. make | |
| # the mount of the home directory writable. | |
| # On each instance start the config settings are determined: If a value is | |
| # not set in `lima.yaml`, then the `default.yaml` is used. If that file | |
| # doesn't exist, or the value is not defined in the file, then the builtin | |
| # default is used. If `override.yaml` exists and defines the value, then | |
| # it overrides whatever has been chosen so far. | |
| # For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are | |
| # combined instead of replacing each other. Slices are produced from override | |
| # settings, followed by lima.yaml, followed by defaults.yaml (but NOT from | |
| # builtin defaults). Maps are produced starting with defaults.yaml values, | |
| # overwriting with lima.yaml ones, overwriting with override.yaml. | |
| # Exceptions: | |
| # - `dns` will use the list from the highest priority file; they are not | |
| # combined. If override.yaml defines a list of `dns` entries, then the | |
| # settings in default.yaml and lima.yaml are ignored. | |
| # | |
| # - `mounts` will update the `writable` setting when 2 entries have the | |
| # same `location` value. For this reason they are processed in the opposite | |
| # order: starting with default, followed by lima, and then override. | |
| # | |
| # -`networks` will replace lower priority entries with the same `interface` | |
| # name with higher priority definitions. This does not apply if the | |
| # `interface` field is empty. `networks` are therefore also processed | |
| # in lowest to highest priority order. | |
| # ===================================================================== # | |
| # END OF TEMPLATE | |
| # ===================================================================== # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ===================================================================== # | |
| # BASIC CONFIGURATION (FEDORA 37) | |
| # ===================================================================== # | |
| # Default values in this YAML file are specified by `null` instead of Lima's "builtin default" values, | |
| # so they can be overridden by the $LIMA_HOME/_config/default.yaml mechanism documented at the end of this file. | |
| # VM type: "qemu" or "vz" (on macOS 13 and later). | |
| # The vmType can be specified only on creating the instance. | |
| # The vmType of existing instances cannot be changed. | |
| # 🟢 Builtin default: "qemu" | |
| vmType: null | |
| # Arch: "default", "x86_64", "aarch64". | |
| # 🟢 Builtin default: "default" (corresponds to the host architecture) | |
| arch: null | |
| # OpenStack-compatible disk image. | |
| # 🟢 Builtin default: null (must be specified) | |
| # 🔵 This file: Fedora 37 Cloud image | |
| images: | |
| # Mirror links | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1.7.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:b5b9bec91eee65489a5745f6ee620573b23337cbb1eb4501ce200b157a01f3a0" | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/aarch64/images/Fedora-Cloud-Base-37-1.7.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:cc8b0f49bc60875a16eef65ad13e0e86ba502ba3585cc51146f11f4182a628c0" | |
| # Main mirror links | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1.7.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:b5b9bec91eee65489a5745f6ee620573b23337cbb1eb4501ce200b157a01f3a0" | |
| - location: "https://dl.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/aarch64/images/Fedora-Cloud-Base-37-1.7.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:cc8b0f49bc60875a16eef65ad13e0e86ba502ba3585cc51146f11f4182a628c0" | |
| # Archive mirror links | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1.7.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:b5b9bec91eee65489a5745f6ee620573b23337cbb1eb4501ce200b157a01f3a0" | |
| - location: "https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/37/Cloud/aarch64/images/Fedora-Cloud-Base-37-1.7.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:cc8b0f49bc60875a16eef65ad13e0e86ba502ba3585cc51146f11f4182a628c0" | |
| # CPUs: if you see performance issues, try limiting cpus to 1. | |
| # 🟢 Builtin default: 4 | |
| cpus: null | |
| # Memory size | |
| # 🟢 Builtin default: "4GiB" | |
| memory: null | |
| # Disk size | |
| # 🟢 Builtin default: "100GiB" | |
| disk: null | |
| # Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest | |
| # 🟢 Builtin default: null (Mount nothing) | |
| # 🔵 This file: Mount the home as read-only, /tmp/lima as writable | |
| mounts: | |
| - location: "~" | |
| # Configure the mountPoint inside the guest. | |
| # 🟢 Builtin default: value of location | |
| mountPoint: null | |
| # CAUTION: `writable` SHOULD be false for the home directory. | |
| # Setting `writable` to true is possible, but untested and dangerous. | |
| # 🟢 Builtin default: false | |
| writable: null | |
| sshfs: | |
| # Enabling the SSHFS cache will increase performance of the mounted filesystem, at | |
| # the cost of potentially not reflecting changes made on the host in a timely manner. | |
| # Warning: It looks like PHP filesystem access does not work correctly when | |
| # the cache is disabled. | |
| # 🟢 Builtin default: true | |
| cache: null | |
| # SSHFS has an optional flag called 'follow_symlinks'. This allows mounts | |
| # to be properly resolved in the guest os and allow for access to the | |
| # contents of the symlink. As a result, symlinked files & folders on the Host | |
| # system will look and feel like regular files directories in the Guest OS. | |
| # 🟢 Builtin default: false | |
| followSymlinks: null | |
| # SFTP driver, "builtin" or "openssh-sftp-server". "openssh-sftp-server" is recommended. | |
| # 🟢 Builtin default: "openssh-sftp-server" if OpenSSH SFTP Server binary is found, otherwise "builtin" | |
| sftpDriver: null | |
| 9p: | |
| # Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". | |
| # "mapped-xattr" and "mapped-file" are useful for persistent chown but incompatible with symlinks. | |
| # 🟢 Builtin default: "none" (since Lima v0.13) | |
| securityModel: null | |
| # Select 9P protocol version. Valid options are: "9p2000" (legacy), "9p2000.u", "9p2000.L". | |
| # 🟢 Builtin default: "9p2000.L" | |
| protocolVersion: null | |
| # The number of bytes to use for 9p packet payload, where 4KiB is the absolute minimum. | |
| # 🟢 Builtin default: "128KiB" | |
| msize: null | |
| # Specifies a caching policy. Valid options are: "none", "loose", "fscache" and "mmap". | |
| # Try choosing "mmap" or "none" if you see a stability issue with the default "fscache". | |
| # See https://www.kernel.org/doc/Documentation/filesystems/9p.txt | |
| # 🟢 Builtin default: "fscache" for non-writable mounts, "mmap" for writable mounts | |
| cache: null | |
| - location: "/tmp/lima" | |
| # 🟢 Builtin default: false | |
| # 🔵 This file: true (only for "/tmp/lima") | |
| writable: true | |
| # Mount type for above mounts, such as "reverse-sshfs" (from sshocker), "9p" (EXPERIMENTAL, from QEMU’s virtio-9p-pci, aka virtfs), | |
| # or "virtiofs" (EXPERIMENTAL, needs `vmType: vz`) | |
| # 🟢 Builtin default: "reverse-sshfs" | |
| mountType: null | |
| # Lima disks to attach to the instance. The disks will be accessible from inside the | |
| # instance, labeled by name. (e.g. if the disk is named "data", it will be labeled | |
| # "lima-data" inside the instance). The disk will be mounted inside the instance at | |
| # `/mnt/lima-${VOLUME}`. | |
| # 🟢 Builtin default: null | |
| additionalDisks: | |
| # disks should be a list of disk name strings, for example: | |
| # - "data" | |
| ssh: | |
| # A localhost port of the host. Forwarded to port 22 of the guest. | |
| # 🟢 Builtin default: 0 (automatically assigned to a free port) | |
| # NOTE: when the instance name is "default", the builtin default value is set to | |
| # 60022 for backward compatibility. | |
| localPort: 0 | |
| # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub . | |
| # This option is useful when you want to use other SSH-based | |
| # applications such as rsync with the Lima instance. | |
| # If you have an insecure key under ~/.ssh, do not use this option. | |
| # 🟢 Builtin default: true | |
| loadDotSSHPubKeys: null | |
| # Forward ssh agent into the instance. | |
| # The ssh agent socket can be mounted in a container at the path `/run/host-services/ssh-auth.sock`. | |
| # Set the environment variable `SSH_AUTH_SOCK` value to the path above. | |
| # The socket is accessible by the non-root user inside the Lima instance. | |
| # 🟢 Builtin default: false | |
| forwardAgent: null | |
| # Forward X11 into the instance | |
| # 🟢 Builtin default: false | |
| forwardX11: null | |
| # Trust forwarded X11 clients | |
| # 🟢 Builtin default: false | |
| forwardX11Trusted: null | |
| # ===================================================================== # | |
| # ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| caCerts: | |
| # If set to `true`, this will remove all the default trusted CA certificates that | |
| # are normally shipped with the OS. | |
| # 🟢 Builtin default: false | |
| removeDefaults: null | |
| # A list of trusted CA certificate files. The files will be read and passed to cloud-init. | |
| files: | |
| # - examples/hello.crt | |
| # A list of trusted CA certificates. These are directly passed to cloud-init. | |
| certs: | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| # - | | |
| # -----BEGIN CERTIFICATE----- | |
| # YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
| # -----END CERTIFICATE----- | |
| containerd: | |
| # Enable system-wide (aka rootful) containerd and its dependencies (BuildKit, Stargz Snapshotter) | |
| # Note that `nerdctl.lima` only works in rootless mode; you have to use `lima sudo nerdctl ...` | |
| # to use rootful containerd with nerdctl. | |
| # 🟢 Builtin default: false | |
| system: null | |
| # Enable user-scoped (aka rootless) containerd and its dependencies | |
| # 🟢 Builtin default: true | |
| user: null | |
| # # Override containerd archive | |
| # # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`) | |
| # archives: | |
| # - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz" | |
| # arch: "x86_64" | |
| # digest: "sha256:..." | |
| # Provisioning scripts need to be idempotent because they might be called | |
| # multiple times, e.g. when the host VM is being restarted. | |
| # 🟢 Builtin default: null | |
| # provision: | |
| # # `system` is executed with the root privilege | |
| # - mode: system | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # export DEBIAN_FRONTEND=noninteractive | |
| # apt-get install -y vim | |
| # # `user` is executed without the root privilege | |
| # - mode: user | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # cat <<EOF > ~/.vimrc | |
| # set number | |
| # EOF | |
| # # `boot` is executed directly by /bin/sh as part of cloud-init-local.service's early boot process, | |
| # # which is why there is no hash-bang specified in the example | |
| # # See cloud-init docs for more info https://cloudinit.readthedocs.io/en/latest/topics/examples.html#run-commands-on-first-boot | |
| # - mode: boot | |
| # script: | | |
| # systemctl disable NetworkManager-wait-online.service | |
| # Probe scripts to check readiness. | |
| # 🟢 Builtin default: null | |
| # probes: | |
| # # Only `readiness` probes are supported right now. | |
| # - mode: readiness | |
| # description: vim to be installed | |
| # script: | | |
| # #!/bin/bash | |
| # set -eux -o pipefail | |
| # if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then | |
| # echo >&2 "vim is not installed yet" | |
| # exit 1 | |
| # fi | |
| # hint: | | |
| # vim was not installed in the guest. Make sure the package system is working correctly. | |
| # Also see "/var/log/cloud-init-output.log" in the guest. | |
| # ===================================================================== # | |
| # FURTHER ADVANCED CONFIGURATION | |
| # ===================================================================== # | |
| # Specify desired QEMU CPU type for each arch. | |
| # You can see what options are available for host emulation with: `qemu-system-$(arch) -cpu help`. | |
| # Setting of instructions is supported like this: "qemu64,+ssse3". | |
| cpuType: | |
| # 🟢 Builtin default: "cortex-a72" (or "host" when running on aarch64 host) | |
| aarch64: null | |
| # 🟢 Builtin default: "qemu64" (or "host" when running on x86_64 host) | |
| x86_64: null | |
| rosetta: | |
| # Enable Rosetta for Linux (EXPERIMENTAL). | |
| # Hint: try `softwareupdate --install-rosetta` if Lima gets stuck at `Installing rosetta...` | |
| # 🟢 Builtin default: false | |
| enabled: null | |
| # Register rosetta to /proc/sys/fs/binfmt_misc | |
| # 🟢 Builtin default: false | |
| binfmt: null | |
| firmware: | |
| # Use legacy BIOS instead of UEFI. Ignored for aarch64. | |
| # 🟢 Builtin default: false | |
| legacyBIOS: null | |
| video: | |
| # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default". | |
| # Choosing "none" will hide the video output, and not show any window. | |
| # Choosing "vnc" will use a network server, and not show any window. | |
| # Choosing "default" will pick the first available of: gtk, sdl, cocoa. | |
| # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact | |
| # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334 | |
| # 🟢 Builtin default: "none" | |
| display: null | |
| # VNC (Virtual Network Computing) is a platform-independent graphical | |
| # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) | |
| vnc: | |
| # VNC display, e.g.,"to=L", "host:d", "unix:path", "none" | |
| # By convention the TCP port is 5900+d, connections from any host. | |
| # 🟢 Builtin default: "127.0.0.1:0,to=9" | |
| display: null | |
| # The instance can get routable IP addresses from the vmnet framework using | |
| # https://github.com/lima-vm/socket_vmnet. | |
| # 🟢 Builtin default: null | |
| networks: | |
| # Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml | |
| # automatically. The socket_vmnet binary must be installed into | |
| # secure locations only alterable by the "root" user. | |
| # The same applies to vde_switch and vde_vmnet for the deprecated VDE mode. | |
| # - lima: shared | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # | |
| # Lima can also connect to "unmanaged" networks addressed by "socket". This | |
| # means that the daemons will not be controlled by Lima, but must be started | |
| # before the instance. The interface type (host, shared, or bridged) is | |
| # configured in socket_vmnet and not in lima. | |
| # - socket: "/var/run/socket_vmnet" | |
| # The "vzNAT" IP address is accessible from the host, but not from other guests. | |
| # Needs `vmType: vz` (EXPERIMENTAL). | |
| # - vzNAT: true | |
| # vnl (virtual network locator) points to the vde_switch socket directory, | |
| # optionally with vde:// prefix | |
| # ⚠️ vnl is deprecated, use socket. | |
| # - vnl: "vde:///var/run/vde.ctl" | |
| # # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode. | |
| # # Builtin default: 0 | |
| # switchPort: 0 | |
| # # MAC address of the instance; lima will pick one based on the instance name, | |
| # # so DHCP assigned ip addresses should remain constant over instance restarts. | |
| # macAddress: "" | |
| # # Interface name, defaults to "lima0", "lima1", etc. | |
| # interface: "" | |
| # Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden. | |
| # Rules are checked sequentially until the first one matches. | |
| # portForwards: | |
| # - guestPort: 443 | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding | |
| # # default: hostPort: 443 (same as guestPort) | |
| # # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1") | |
| # # default: proto: "tcp" (only valid value right now) | |
| # | |
| # - guestPortRange: [4000, 4999] | |
| # hostIP: "0.0.0.0" # overrides the default value "127.0.0.1" | |
| # # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange) | |
| # | |
| # - guestPort: 80 | |
| # hostPort: 8080 # overrides the default value 80 | |
| # | |
| # - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # hostIP: "127.0.0.2" # overrides the default value "127.0.0.1" | |
| # # default: guestPortRange: [1, 65535] | |
| # # default: hostPortRange: [1, 65535] | |
| # | |
| # - guestPort: 8888 | |
| # ignore: true (don't forward this port) | |
| # | |
| # - guestPort: 7443 | |
| # guestIP: "0.0.0.0" # Will match *any* interface | |
| # guestIPMustBeZero: true # Restrict matching to 0.0.0.0 binds only | |
| # hostIP: "0.0.0.0" # Forwards to 0.0.0.0, exposing it externally | |
| # | |
| # - guestSocket: "/run/user/{{.UID}}/my.sock" | |
| # hostSocket: mysocket | |
| # # default: reverse: false | |
| # # "guestSocket" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # # "reverse" can only be used for unix sockets right now, not for tcp sockets. | |
| # # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets! | |
| # # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports. | |
| # # Forwarding requires the lima user to have rw access to the "guestsocket", | |
| # # and the local user rwx access to the directory of the "hostsocket". | |
| # | |
| # # Lima internally appends this fallback rule at the end: | |
| # - guestIP: "127.0.0.1" | |
| # guestPortRange: [1, 65535] | |
| # hostIP: "127.0.0.1" | |
| # hostPortRange: [1, 65535] | |
| # # Any port still not matched by a rule will not be forwarded (ignored) | |
| # Copy files from the guest to the host. Copied after provisioning scripts have been completed. | |
| # copyToHost: | |
| # - guest: "/etc/myconfig.cfg" | |
| # host: "{{.Dir}}/copied-from-guest/myconfig" | |
| # # "guest" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}. | |
| # # "host" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}. | |
| # Message. Information to be shown to the user, given as a Go template for the instance. | |
| # The same template variables as for listing instances can be used, for example {{.Dir}}. | |
| # You can view the complete list of variables using `limactl list --list-fields` command. | |
| # It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH. | |
| # 🟢 Builtin default: null | |
| # message: | | |
| # This will be shown to the user. | |
| # Extra environment variables that will be loaded into the VM at start up. | |
| # These variables are consumed by internal init scripts, and also added | |
| # to /etc/environment. | |
| # If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then | |
| # Lima will automatically set an uppercase variant to the same value as well. | |
| # 🟢 Builtin default: null | |
| # env: | |
| # KEY: value | |
| # Lima will override the proxy environment variables with values from the current process | |
| # environment (the environment in effect when you run `limactl start`). It will automatically | |
| # replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside | |
| # the VM, so it stays routable. Use of the process environment can be disabled by setting | |
| # propagateProxyEnv to false. | |
| # 🟢 Builtn default: true | |
| propagateProxyEnv: null | |
| # The host agent implements a DNS server that looks up host names on the host | |
| # using the local system resolver. This means changing VPN and network settings | |
| # are reflected automatically into the guest, including conditional forward, | |
| # and mDNS lookup. By default only IPv4 addresses will be returned. IPv6 addresses | |
| # can only work when using a vmnet network interface and the host has working | |
| # IPv6 configured as well. | |
| hostResolver: | |
| # 🟢 Builtin default: true | |
| enabled: null | |
| # 🟢 Builtin default: false | |
| ipv6: null | |
| # Static names can be defined here as an alternative to adding them to the hosts /etc/hosts. | |
| # Values can be either other hostnames, or IP addresses. The host.lima.internal name is | |
| # predefined to specify the gateway address to the host. | |
| # 🟢 Builtin default: null | |
| hosts: | |
| # guest.name: 127.1.1.1 | |
| # host.name: host.lima.internal | |
| # If useHostResolver is false, then the following rules apply for configuring dns: | |
| # Explicitly set DNS addresses for qemu user-mode networking. By default qemu picks *one* | |
| # nameserver from the host config and forwards all queries to this server. On macOS | |
| # Lima adds the nameservers configured for the first host interface in service order, | |
| # that has an IPv4 address, to the list. In case this still doesn't work (e.g. VPN | |
| # setups), the servers can be specified here explicitly. If nameservers are specified | |
| # here, then the configuration from network preferences will be ignored. | |
| # 🟢 Builtin default: null | |
| # dns: | |
| # - 1.1.1.1 | |
| # - 1.0.0.1 | |
| # ===================================================================== # | |
| # GLOBAL DEFAULTS AND OVERRIDES | |
| # ===================================================================== # | |
| # The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml | |
| # file. It will be used by ALL instances under the same $LIMA_HOME, and it | |
| # will be applied on each `limactl start`, so can affect instance restarts. | |
| # A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take | |
| # precedence even over the settings in an instances lima.yaml file. | |
| # It too applies to ALL instances under the same $LIMA_HOME, and is applied | |
| # on each restart. It can be used to globally override settings, e.g. make | |
| # the mount of the home directory writable. | |
| # On each instance start the config settings are determined: If a value is | |
| # not set in `lima.yaml`, then the `default.yaml` is used. If that file | |
| # doesn't exist, or the value is not defined in the file, then the builtin | |
| # default is used. If `override.yaml` exists and defines the value, then | |
| # it overrides whatever has been chosen so far. | |
| # For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are | |
| # combined instead of replacing each other. Slices are produced from override | |
| # settings, followed by lima.yaml, followed by defaults.yaml (but NOT from | |
| # builtin defaults). Maps are produced starting with defaults.yaml values, | |
| # overwriting with lima.yaml ones, overwriting with override.yaml. | |
| # Exceptions: | |
| # - `dns` will use the list from the highest priority file; they are not | |
| # combined. If override.yaml defines a list of `dns` entries, then the | |
| # settings in default.yaml and lima.yaml are ignored. | |
| # | |
| # - `mounts` will update the `writable` setting when 2 entries have the | |
| # same `location` value. For this reason they are processed in the opposite | |
| # order: starting with default, followed by lima, and then override. | |
| # | |
| # -`networks` will replace lower priority entries with the same `interface` | |
| # name with higher priority definitions. This does not apply if the | |
| # `interface` field is empty. `networks` are therefore also processed | |
| # in lowest to highest priority order. | |
| # ===================================================================== # | |
| # END OF TEMPLATE | |
| # ===================================================================== # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment