CoCalc -- default.yaml

GitHub Repository: lima-vm/lima
Path: blob/master/templates/default.yaml
²⁶⁰¹ views
1
# ===================================================================== #
2
# BASIC CONFIGURATION
3
# ===================================================================== #
4

5
# Default values in this YAML file are specified by `null` instead of Lima's "builtin default" values,
6
# so they can be overridden by the $LIMA_HOME/_config/default.yaml mechanism documented at the end of this file.
7

8
# VM type: "qemu", "vz" (on macOS 13 and later), or "default".
9
# The vmType can be specified only on creating the instance.
10
# The vmType of existing instances cannot be changed.
11
# 🟢 Builtin default: "vz" (on macOS 13.5 and later), "qemu" (on others)
12
vmType: null
13

14
# Arch: "default", "x86_64", "aarch64".
15
# 🟢 Builtin default: "default" (corresponds to the host architecture)
16
arch: null
17

18
# OpenStack-compatible disk image.
19
# Each image has a `location` URL for the disk image, an `arch` setting, and an optional `digest`.
20
# 🟢 Builtin default: none (must be specified)
21
# 🔵 This file: Ubuntu images (inherited via the `base` mechanism later in this file)
22
images: []
23

24
# CPUs
25
# 🟢 Builtin default: min(4, host CPU cores)
26
cpus: null
27

28
# Memory size
29
# 🟢 Builtin default: min("4GiB", half of host memory)
30
memory: null
31

32
# Disk size
33
# 🟢 Builtin default: "100GiB"
34
disk: null
35

36
# Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest
37
# "location" can use these template variables: {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, {{.User}}, {{.Param.Key}},
38
# {{.GlobalTempDir}}, and {{.TempDir}}. The global temp dir is always "/tmp" on Unix.
39
# "mountPoint" can use these template variables: {{.Home}}, {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
40
# 🟢 Builtin default: [] (Mount nothing)
41
# 🔵 This file: Mount the home as read-only (inherited via the `base` mechanism later in this file)
42
#    Until Lima v1.2, /tmp/lima was mounted too as writable.
43
mounts: []
44
# - location: "~"
45
#  # Configure the mountPoint inside the guest.
46
#  # 🟢 Builtin default: value of location
47
#  mountPoint: null
48
#  # Setting `writable` to true is discouraged when mountType is set to "reverse-sshfs".
49
#  # 🟢 Builtin default: false
50
#  writable: null
51
#  sshfs:
52
#    # Enabling the SSHFS cache will increase performance of the mounted filesystem, at
53
#    # the cost of potentially not reflecting changes made on the host in a timely manner.
54
#    # Warning: It looks like PHP filesystem access does not work correctly when
55
#    # the cache is disabled.
56
#    # 🟢 Builtin default: true
57
#    cache: null
58
#    # SSHFS has an optional flag called 'follow_symlinks'. This allows mounts
59
#    # to be properly resolved in the guest os and allow for access to the
60
#    # contents of the symlink. As a result, symlinked files & folders on the Host
61
#    # system will look and feel like regular files directories in the Guest OS.
62
#    # 🟢 Builtin default: false
63
#    followSymlinks: null
64
#    # SFTP driver, "builtin" or "openssh-sftp-server". "openssh-sftp-server" is recommended.
65
#    # 🟢 Builtin default: "openssh-sftp-server" if OpenSSH SFTP Server binary is found, otherwise "builtin"
66
#    sftpDriver: null
67
#  9p:
68
#    # Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none".
69
#    # "mapped-xattr" and "mapped-file" are useful for persistent chown but incompatible with symlinks.
70
#    # 🟢 Builtin default: "none" (since Lima v0.13)
71
#    securityModel: null
72
#    # Select 9P protocol version. Valid options are: "9p2000" (legacy), "9p2000.u", "9p2000.L".
73
#    # 🟢 Builtin default: "9p2000.L"
74
#    protocolVersion: null
75
#    # The number of bytes to use for 9p packet payload, where 4KiB is the absolute minimum.
76
#    # 🟢 Builtin default: "128KiB"
77
#    msize: null
78
#    # Specifies a caching policy. Valid options are: "none", "loose", "fscache" and "mmap".
79
#    # Try choosing "mmap" or "none" if you see a stability issue with the default "fscache".
80
#    # See https://www.kernel.org/doc/Documentation/filesystems/9p.txt
81
#    # 🟢 Builtin default: "fscache" for non-writable mounts, "mmap" for writable mounts
82
#    cache: null
83

84
# List of mount types not supported by the kernel of this distro.
85
# Also used to resolve the default mount type when not explicitly specified.
86
#
87
# NOTE: 9p is broken in Linux v6.9, v6.10, and v6.11.
88
# The issue was fixed in Linux v6.12-rc5 (https://github.com/torvalds/linux/commit/be2ca38).
89
#
90
# 🟢 Builtin default: []
91
mountTypesUnsupported: null
92

93
# Mount type for above mounts, such as "reverse-sshfs" (from sshocker), "9p" (QEMU’s virtio-9p-pci, aka virtfs),
94
# or "virtiofs" (experimental on Linux; needs `vmType: vz` on macOS).
95
# 🟢 Builtin default: "default" (resolved to be "9p" for QEMU since Lima v1.0 on non-Windows, "virtiofs" for vz)
96
mountType: null
97

98
# Enable inotify support for mounted directories (EXPERIMENTAL)
99
# 🟢 Builtin default: Disabled by default
100
mountInotify: null
101

102
# ===================================================================== #
103
# ADVANCED CONFIGURATION
104
# ===================================================================== #
105

106
# Lima disks to attach to the instance. The disks will be accessible from inside the
107
# instance, labeled by name. (e.g. if the disk is named "data", it will be labeled
108
# "lima-data" inside the instance). The disk will be mounted inside the instance at
109
# `/mnt/lima-${VOLUME}`.
110
# 🟢 Builtin default: []
111
additionalDisks:
112
# disks should either be a list of disk name strings, for example:
113
# - "data"
114
# or a list of disk objects with extra parameters, for example:
115
# - name: "data"
116
#   format: true
117
#   fsType: "ext4"
118

119
ssh:
120
  # A localhost port of the host. Forwarded to port 22 of the guest.
121
  # 🟢 Builtin default: 0 (automatically assigned to a free port)
122
  localPort: null
123
  # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
124
  # This option is useful when you want to use other SSH-based
125
  # applications such as rsync with the Lima instance.
126
  # If you have an insecure key under ~/.ssh, do not use this option.
127
  # 🟢 Builtin default: false (since Lima v1.0)
128
  loadDotSSHPubKeys: null
129
  # Forward ssh agent into the instance.
130
  # The ssh agent socket can be mounted in a container at the path `/run/host-services/ssh-auth.sock`.
131
  # Set the environment variable `SSH_AUTH_SOCK` value to the path above.
132
  # The socket is accessible by the non-root user inside the Lima instance.
133
  # 🟢 Builtin default: false
134
  forwardAgent: null
135
  # Forward X11 into the instance
136
  # 🟢 Builtin default: false
137
  forwardX11: null
138
  # Trust forwarded X11 clients
139
  # 🟢 Builtin default: false
140
  forwardX11Trusted: null
141
  # Enable SSH over vsock.
142
  # 🟢 Builtin default: true for vz, false for other vmTypes
143
  overVsock: null
144

145
caCerts:
146
  # If set to `true`, this will remove all the default trusted CA certificates that
147
  # are normally shipped with the OS.
148
  # 🟢 Builtin default: false
149
  removeDefaults: null
150

151
  # A list of trusted CA certificate files. The files will be read and passed to cloud-init.
152
  files:
153
  # - examples/hello.crt
154

155
  # A list of trusted CA certificates. These are directly passed to cloud-init.
156
  certs:
157
  # - |
158
  #   -----BEGIN CERTIFICATE-----
159
  #   YOUR-ORGS-TRUSTED-CA-CERT-HERE
160
  #   -----END CERTIFICATE-----
161
  # - |
162
  #   -----BEGIN CERTIFICATE-----
163
  #   YOUR-ORGS-TRUSTED-CA-CERT-HERE
164
  #   -----END CERTIFICATE-----
165

166
# Upgrade the instance on boot
167
# Reboot after upgrade if required
168
# 🟢 Builtin default: false
169
upgradePackages: null
170

171
containerd:
172
  # Enable system-wide (aka rootful)  containerd and its dependencies (BuildKit, Stargz Snapshotter)
173
  # Note that `nerdctl.lima` only works in rootless mode; you have to use `lima sudo nerdctl ...`
174
  # to use rootful containerd with nerdctl.
175
  # 🟢 Builtin default: false
176
  system: null
177
  # Enable user-scoped (aka rootless) containerd and its dependencies
178
  # 🟢 Builtin default: true (for x86_64 and aarch64)
179
  user: null
180
#  # Override containerd archive
181
#  # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`)
182
#  archives:
183
#  - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz"
184
#    arch: "x86_64"
185
#    digest: "sha256:..."
186

187
# Provisioning scripts need to be idempotent because they might be called
188
# multiple times, e.g. when the host VM is being restarted.
189
# The scripts can use the following template variables: {{.Home}}, {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
190
#
191
# EXPERIMENTAL Alternatively the script can be provided using the "file" property. This file is read when the instance
192
# is created and then stored under the "script" property. When "file" is specified "script" must be empty.
193
# The "file" property can either be a string (URL), or an object with a "url" and "digest" properties.
194
# The "digest" property is currently unused.
195
# Relative script files will be resolved relative to the location of the template file.
196
# 🟢 Builtin default: []
197
# provision:
198
# # `system` is executed with root privileges
199
# - mode: system
200
#   script: |
201
#     #!/bin/bash
202
#     set -eux -o pipefail
203
#     export DEBIAN_FRONTEND=noninteractive
204
#     apt-get install -y vim
205
# # `user` is executed without root privileges
206
# - mode: user
207
#   file:
208
#     url: user-provisioning.sh
209
#     digest: deadbeef
210
# # `boot` is executed directly by /bin/sh as part of cloud-init-local.service's early boot process,
211
# # which is why there is no hash-bang specified in the example
212
# # See cloud-init docs for more info https://docs.cloud-init.io/en/latest/reference/examples.html#run-commands-on-first-boot
213
# - mode: boot
214
#   script: |
215
#     systemctl disable NetworkManager-wait-online.service
216
# # `dependency` is executed before the regular dependency resolution workflow in
217
# # pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
218
# # If skipDefaultDependencyResolution is set on at least one `dependency` mode provisioning script, the regular
219
# # dependency resolution workflow in pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh will be skipped.
220
# - mode: dependency
221
#   skipDefaultDependencyResolution: false
222
#   script: |
223
#     #!/bin/bash
224
#     dnf config-manager --add-repo ...
225
#     dnf install ...
226
# # `ansible` is executed after other scripts are complete
227
# # It requires `ansible-playbook` command to be installed.
228
# # Environment variables such as ANSIBLE_CONFIG can be used, to control the behavior of the playbook execution.
229
# # See ansible docs, and `ansible-config`, for more info https://docs.ansible.com/ansible/latest/playbook_guide/
230
# # DEPRECATED The ansible mode is deprecated, and should not be used. Instead call ansible-playbook directly,
231
# # either from the host after the instance is started or from the instance by running ansible locally instead.
232
# - mode: ansible
233
#   playbook: playbook.yaml
234
# # `data` is a file that is written to the guest filesystem and not executed at all.
235
# # The file is written after the boot scripts, but before any other provisioning scripts are run.
236
# # Note that reverse-sshfs mounts are not established at this time; other mount types are already mounted.
237
# # The `path` and `content` properties are required. The `file` property can be used the same way as with
238
# # other provisioning scripts, in which case `content` must be empty. The `owner` defaults to "root:root";
239
# # the permissions default to 644. The `overwrite` property defaults to `true`, in which case the file will
240
# # be overwritten on every boot.
241
# # `path`, `contents`, and `owner` are evaluated as guest templates (see above).
242
# - mode: data
243
#   path: /etc/conf.d/example
244
#   content: |
245
#     FOO=bar
246
#   owner: "root:root"
247
#   permissions: 644
248
#   overwrite: false
249
# # Create or edit a file in the guest filesystem by using `yq`.
250
# # The file specified by `path` will be updated by `expression`.
251
# # An empty file of the required `format` will be created if it does not yet exist.
252
# # `format` defaults to "auto" and will be detected by file extension of `path`.
253
# # If the extension is not recognized by `yq` then `format` must be set to a
254
# # value from this list:
255
# #   "auto", "csv", "ini", "json", "props", "tsv", "toml", "xml", "yaml"
256
# # See https://github.com/mikefarah/yq for more info.
257
# # Any missing directories will be created as needed.
258
# # The file permissions will be set to the specified value.
259
# # The file and directory creation will be performed as the specified owner.
260
# # If the existing file is not writable by the specified owner, the operation will fail.
261
# # `path` and `expression` are required.
262
# # `owner` and `permissions` are optional. Defaults to "root:root" and 644.
263
# - mode: yq
264
#   path: "{{.Home}}/.config/docker/daemon.json"
265
#   expression: ".features.containerd-snapshotter = {{.Param.containerdSnapshotter}}"
266
#   format: auto
267
#   owner: "{{.User}}"
268
#   permissions: 644
269
#
270
# Q. In what order are provision scripts executed?
271
# A. All provisions are processed per boot by each module in stages of cloud-init as follows:
272
#   1. cloud-init 'init' stage
273
#     bootcmd:
274
#     - `mode: boot` scripts are executed
275
#
276
#   2. cloud-init 'config' stage
277
#     write_files:
278
#     - `00-lima.boot.sh` is created, but not executed
279
#
280
#   3. cloud-init 'final' stage
281
#     scripts_per_boot:
282
#     - `00-lima.boot.sh` is executed; remaining provisions are processed in the following order:
283
#       - LIMA pre-defined boot scripts:
284
#         - `boot/{00-..., ..., 25-...}`
285
#         - `boot/30-install-packages.sh`
286
#           - `mode: dependency` scripts are executed
287
#         - `boot/{35-..., ...}`
288
#       - `mode: data` files are copied
289
#       - `mode: yq` files are processed
290
#       - `mode: system` scripts are executed
291
#       - `mode: user` scripts are executed
292

293
# Probe scripts to check readiness.
294
# The scripts run in user mode. They must start with a '#!' line.
295
# The scripts can use the following template variables: {{.Home}}, {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
296
# EXPERIMENTAL Alternatively the script can be provided using the "file" property. This file is read when the instance
297
# is created and then stored under the "script" property. When "file" is specified "script" must be empty.
298
# The "file" property can either be a string (URL), or an object with a "url" and "digest" properties.
299
# The "digest" property is currently unused.
300
# Relative script files will be resolved relative to the location of the template file.
301
# 🟢 Builtin default: []
302
# probes:
303
# # Only `readiness` probes are supported right now.
304
# - mode: readiness
305
#   description: vim to be installed
306
#   script: |
307
#      #!/bin/bash
308
#      set -eux -o pipefail
309
#      if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then
310
#        echo >&2 "vim is not installed yet"
311
#        exit 1
312
#      fi
313
#   hint: |
314
#     vim was not installed in the guest. Make sure the package system is working correctly.
315
#     Also see "/var/log/cloud-init-output.log" in the guest.
316

317
# ===================================================================== #
318
# FURTHER ADVANCED CONFIGURATION
319
# ===================================================================== #
320

321
# A template should specify the minimum Lima version required to parse this template correctly.
322
# It should not be set if the minimum version is less than 1.0.0
323
# 🟢 Builtin default: not set
324
# 🔵 This file: "1.1.0" to use the `base` templating mechanism
325
minimumLimaVersion: 2.0.0
326

327
# EXPERIMENTAL
328
# Default settings can be imported from base templates. These will be merged in when the instance
329
# is created, and the combined template is stored in the instance directory.
330
# This setting can be either a single string (URL), or a list of locators.
331
# A locator is again either a string (URL), or an object with "url" and "digest" properties, e.g.
332
# base: [{url: ./base.yaml, digest: decafbad}, …]
333
# The "digest" property is currently unused.
334
# Any relative base template name will be resolved relative to the location of the main template.
335
# 🟢 Builtin default: no base template
336
# 🔵 This file: Ubuntu images and default mount points
337
base:
338
- template:_images/ubuntu
339
- template:_default/mounts
340

341
# User to be used inside the VM
342
user:
343
  # User name. An explicitly specified username is not validated by Lima.
344
  # 🟢 Builtin default: same as the host username, if it is a valid Linux username, otherwise "lima"
345
  name: null
346
  # Full name or display name of the user.
347
  # 🟢 Builtin default: user information from the host
348
  comment: null
349
  # Numeric user id. It is not currently possible to specify a group id.
350
  # 🟢 Builtin default: same as the host user id of the current user (NOT a lookup of the specified "username").
351
  uid: null
352
  # Home directory inside the VM, NOT the mounted home directory of the host.
353
  # It can use the following template variables: {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
354
  # 🟢 Builtin default: "/home/{{.User}}.linux"
355
  home: null
356
  # Shell. Needs to be an absolute path.
357
  # 🟢 Builtin default: "/bin/bash"
358
  shell: null
359

360
vmOpts:
361
  qemu:
362
    # Minimum version of QEMU required to create an instance of this template.
363
    # Will be ignored if the vmType is not "qemu"
364
    # 🟢 Builtin default: not set
365
    minimumVersion: null
366
    # Specify desired QEMU CPU type for each arch.
367
    # You can see what options are available for host emulation with: `qemu-system-$(arch) -cpu help`.
368
    # Setting of instructions is supported like this: "qemu64,+ssse3".
369
    # 🟢 Builtin default: hard-coded arch map with type (see the output of `limactl info | jq .defaultTemplate.cpuType`)
370
    cpuType:
371
    #   aarch64: "max" # (or "host" when running on aarch64 host)
372
    #   armv7l:  "max" # (or "host" when running on armv7l host)
373
    #   riscv64: "max" # (or "host" when running on riscv64 host)
374
    #   x86_64:  "max" # (or "host" when running on x86_64 host; additional options are appended on Intel Mac)
375
  vz:
376
    # Specify the disk image format: "raw" or "asif".
377
    # Currently only applies to the primary disk image.
378
    # "asif" requires macOS 26+, and does not support converting back to "raw".
379
    # 🟢 Builtin default: "raw"
380
    diskImageFormat: null
381
    rosetta:
382
      # Enable Rosetta inside the VM; needs `vmType: vz`
383
      # Hint: try `softwareupdate --install-rosetta` if Lima gets stuck at `Installing rosetta...`
384
      # 🟢 Builtin default: false
385
      enabled: null
386
      # Register rosetta to /proc/sys/fs/binfmt_misc
387
      # 🟢 Builtin default: false
388
      binfmt: null
389

390
# OS: "Linux".
391
# 🟢 Builtin default: "Linux"
392
os: null
393

394
# DEPRECATED: Use vmOpts.qemu.cpuType instead. See the vmOpts.qemu.cpuType section above for configuration.
395
cpuType:
396

397
# DEPRECATED: Use vmOpts.vz.rosetta instead. See the vmOpts.qemu.cpuType section above for configuration.
398
rosetta:
399
  enabled: null
400
  binfmt: null
401

402
# Specify the timezone name (as used by the zoneinfo database). Specify the empty string
403
# to not set a timezone in the instance.
404
# 🟢 Builtin default: use name from /etc/timezone or deduce from symlink target of /etc/localtime
405
timezone: null
406

407
firmware:
408
  # Use legacy BIOS instead of UEFI. Ignored for aarch64 and vz.
409
  # 🟢 Builtin default: false
410
  legacyBIOS: null
411
#  # Override UEFI images
412
#  # 🟢 Builtin default: uses VM's default UEFI, except for qemu + aarch64.
413
#  # See <https://lists.gnu.org/archive/html/qemu-devel/2023-12/msg01694.html>
414
#  images:
415
#  - location: "~/Downloads/edk2-aarch64-code.fd.gz"
416
#    arch: "aarch64"
417
#    digest: "sha256:..."
418
#    vmType: "qemu"
419

420
audio:
421
  # EXPERIMENTAL
422
  # QEMU audiodev, e.g., "none", "coreaudio", "pa", "alsa", "oss".
423
  # VZ driver, use "vz" as device name
424
  # Choosing "none" will mute the audio output, and not play any sound.
425
  # Choosing "default" will pick a suitable choice of: coreaudio, pa, dsound, oss.
426
  # As of QEMU v6.2 the default is to create a disconnected sound device
427
  # that is still visible in the guest but not connected to the host.
428
  # 🟢 Builtin default: ""
429
  device: null
430

431
video:
432
  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default".
433
  # Choosing "none" will hide the video output, and not show any window.
434
  # Choosing "vnc" will use a network server, and not show any window.
435
  # Choosing "default" will pick the first available of: gtk, sdl, cocoa.
436
  # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact
437
  # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
438
  # 🟢 Builtin default: "none"
439
  display: null
440
  # VNC (Virtual Network Computing) is a platform-independent graphical
441
  # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB)
442
  vnc:
443
    # VNC display, e.g.,"to=L", "host:d", "unix:path", "none"
444
    # By convention the TCP port is 5900+d, connections from any host.
445
    # 🟢 Builtin default: "127.0.0.1:0,to=9"
446
    display: null
447

448
# The instance can get routable IP addresses from the vmnet framework using
449
# https://github.com/lima-vm/socket_vmnet.
450
# 🟢 Builtin default: []
451
networks:
452
# Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml
453
# automatically. The socket_vmnet binary must be installed into
454
# secure locations only alterable by the "root" user.
455
# - lima: shared
456
#   # MAC address of the instance; lima will pick one based on the instance name,
457
#   # so DHCP assigned ip addresses should remain constant over instance restarts.
458
#   macAddress: ""
459
#   # Interface name, defaults to "lima0", "lima1", etc.
460
#   interface: ""
461
#   # Interface metric, lowest metric becomes the preferred route.
462
#   # Defaults to 100. Builtin SLIRP network uses 200.
463
#   metric: 100
464
#
465
# Lima can also connect to "unmanaged" networks addressed by "socket". This
466
# means that the daemons will not be controlled by Lima, but must be started
467
# before the instance.  The interface type (host, shared, or bridged) is
468
# configured in socket_vmnet and not in lima.
469
# - socket: "/var/run/socket_vmnet"
470

471

472
# The "vzNAT" IP address is accessible from the host, but not from other guests.
473
# Needs `vmType: vz`
474
# - vzNAT: true
475

476
# Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
477
# Rules are checked sequentially until the first one matches.
478
# portForwards:
479
# - guestPort: 443
480
#   hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
481
# # default: hostPort: 443 (same as guestPort)
482
# # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
483
# # default: proto: "tcp" (other options: "udp, "any")
484
#
485
# - guestPortRange: [4000, 4999]
486
#   hostIP:  "0.0.0.0" # overrides the default value "127.0.0.1"
487
# # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange)
488
#
489
# - guestPort: 80
490
#   hostPort: 8080 # overrides the default value 80
491
#
492
# - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1"
493
#   hostIP: "127.0.0.2" # overrides the default value "127.0.0.1"
494
# # default: guestPortRange: [1, 65535]
495
# # default: hostPortRange: [1, 65535]
496
#
497
# - guestIP: 0.0.0.0 # otherwise defaults to 127.0.0.1
498
#   proto: any       # tcp and udp
499
#   ignore: true     # don't forward these ports (guestPortRange, in this case 1-65535)
500
#
501
# - guestPort: 7443
502
#   guestIP: "0.0.0.0"        # Will match *any* interface
503
#   guestIPMustBeZero: false  # 0.0.0.0 matches any bound interface, not just 0.0.0.0 itself
504
#   hostIP: "0.0.0.0"         # Forwards to 0.0.0.0, exposing it externally
505
#
506
# - guestSocket: "/run/user/{{.UID}}/my.sock"
507
#   hostSocket: mysocket
508
# # default: reverse: false
509
# # "guestSocket" can include these template variables: {{.Home}}, {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
510
# # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
511
# # "reverse" can only be used for unix sockets right now, not for tcp sockets.
512
# # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets!
513
# # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports.
514
# # Forwarding requires the lima user to have rw access to the "guestsocket",
515
# # and the local user rwx access to the directory of the "hostsocket".
516
#
517
# # Lima internally appends this fallback rule at the end:
518
# - guestIP: "127.0.0.1"
519
#   proto: "any"
520
#   guestPortRange: [1, 65535]
521
#   hostIP: "127.0.0.1"
522
#   hostPortRange: [1, 65535]
523
# # Any port still not matched by a rule will not be forwarded (ignored)
524

525
# Copy files from the guest to the host. Copied after provisioning scripts have been completed.
526
# copyToHost:
527
# - guest: "/etc/myconfig.cfg"
528
#   host: "{{.Dir}}/copied-from-guest/myconfig"
529
# # deleteOnStop: false
530
# # "guest" can include these template variables: {{.Home}}, {{.Name}}, {{.Hostname}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
531
# # "host" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, {{.User}}, and {{.Param.Key}}.
532
# # "deleteOnStop" will delete the file from the host when the instance is stopped.
533

534
# Message. Information to be shown to the user, given as a Go template for the instance.
535
# The same template variables as for listing instances can be used, for example {{.Dir}}.
536
# You can view the complete list of variables using `limactl list --list-fields` command.
537
# It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH.
538
# 🟢 Builtin default: ""
539
# message: |
540
#   This will be shown to the user.
541

542
# Extra environment variables that will be loaded into the VM at start up.
543
# These variables are consumed by internal init scripts, and also added
544
# to /etc/environment.
545
# If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then
546
# Lima will automatically set an uppercase variant to the same value as well.
547
# 🟢 Builtin default: {}
548
# env:
549
#   KEY: value
550

551
# Defines variables used for customizing the functionality.
552
# Key names must start with an uppercase or lowercase letter followed by
553
# any number of letters, digits, and underscores.
554
# Values must not contain non-printable characters except for spaces and tabs.
555
# These variables can be referenced as {{.Param.Key}} in lima.yaml.
556
# In provisioning scripts and probes they are also available as predefined
557
# environment variables, prefixed with "PARAM_" (so `Key` → `$PARAM_Key`).
558
# param:
559
#   Key: value
560

561
# Lima will override the proxy environment variables with values from the current process
562
# environment (the environment in effect when you run `limactl start`). It will automatically
563
# replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside
564
# the VM, so it stays routable. Use of the process environment can be disabled by setting
565
# propagateProxyEnv to false.
566
# 🟢 Builtin default: true
567
propagateProxyEnv: null
568

569
# The host agent implements a DNS server that looks up host names on the host
570
# using the local system resolver. This means changing VPN and network settings
571
# are reflected automatically into the guest, including conditional forward,
572
# and mDNS lookup. By default, only IPv4 addresses will be returned. IPv6 addresses
573
# can only work when using a vmnet network interface and the host has working
574
# IPv6 configured as well.
575
hostResolver:
576
  # 🟢 Builtin default: true
577
  enabled: null
578
  # 🟢 Builtin default: false
579
  ipv6: null
580
  # Static names can be defined here as an alternative to adding them to the hosts /etc/hosts.
581
  # Values can be either other hostnames, or IP addresses. The host.lima.internal name is
582
  # predefined to specify the gateway address to the host.
583
  # 🟢 Builtin default: {}
584
  hosts:
585
  #   guest.name: 127.1.1.1
586
  #   host.name: host.lima.internal
587

588
# If hostResolver.enabled is false, then the following rules apply for configuring dns:
589
# Explicitly set DNS addresses for qemu user-mode networking. By default, qemu picks *one*
590
# nameserver from the host config and forwards all queries to this server. On macOS
591
# Lima adds the nameservers configured for the first host interface in service order,
592
# that has an IPv4 address, to the list. In case this still doesn't work (e.g. VPN
593
# setups), the servers can be specified here explicitly. If nameservers are specified
594
# here, then the configuration from network preferences will be ignored.
595
# 🟢 Builtin default: []
596
# dns:
597
# - 1.1.1.1
598
# - 1.0.0.1
599

600
# Prefix to use for installing guest agent, and containerd with dependencies (if configured)
601
# 🟢 Builtin default: /usr/local
602
guestInstallPrefix: null
603

604
# When the "plain" mode is enabled:
605
# - the YAML properties for mounts, port forwarding, containerd, etc. will be ignored
606
# - guest agent will not be running
607
# - dependency packages like sshfs will not be installed into the VM
608
# User-specified provisioning scripts will be still executed.
609
# 🟢 Builtin default: false
610
plain: null
611

612
# When the "nestedVirtualization" feature is enabled:
613
# - Allows running a VM inside the guest VM.
614
# - The guest VM must configure QEMU with the `-cpu host` parameters to run a nested VM:
615
#   qemu-system-aarch64 -accel kvm -cpu host -M virt
616
# - Without specifying `-cpu host`, nested virtualization may fail with the error:
617
#   qemu-system-aarch64: kvm_init_vcpu: kvm_arch_init_vcpu failed (0): Invalid argument
618
# - Only supported on Apple M3 or later with `vmType: vz`.
619
# 🟢 Builtin default: false
620
nestedVirtualization: null
621

622
# ===================================================================== #
623
# GLOBAL DEFAULTS AND OVERRIDES
624
# ===================================================================== #
625

626
# The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml
627
# file. It will be used by ALL instances under the same $LIMA_HOME, and it
628
# will be applied on each `limactl start`, so can affect instance restarts.
629

630
# A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take
631
# precedence even over the settings in an instances lima.yaml file.
632
# It also applies to ALL instances under the same $LIMA_HOME, and is applied
633
# on each restart. It can be used to globally override settings, e.g. make
634
# the mount of the home directory writable.
635

636
# EXPERIMENTAL
637
# A third mechanism is $LIMA_HOME/_config/base.yaml. It is similar to
638
# `default.yaml` but will be merged during the `base` template embedding
639
# when the instance is created, and not on every start. It becomes part
640
# of the lima.yaml file.
641

642
# On each instance start the config settings are determined: If a value is
643
# not set in `lima.yaml`, then the `default.yaml` is used. If that file
644
# doesn't exist, or the value is not defined in the file, then the builtin
645
# default is used. If `override.yaml` exists and defines the value, then
646
# it overrides whatever has been chosen so far.
647

648
# For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are
649
# combined instead of replacing each other. Slices are produced from override
650
# settings, followed by lima.yaml, followed by default.yaml (but NOT from
651
# builtin defaults). Maps are produced starting with default.yaml values,
652
# overwriting with lima.yaml ones, overwriting with override.yaml.
653

654
# Exceptions:
655
# - `dns` will use the list from the highest priority file; they are not
656
#   combined. If override.yaml defines a list of `dns` entries, then the
657
#   settings in default.yaml and lima.yaml are ignored.
658
#
659
# - `mounts` will update the `writable` setting when 2 entries have the
660
#   same `location` value. For this reason they are processed in the opposite
661
#   order: starting with default, followed by lima, and then override.
662
#
663
# -`networks` will replace lower priority entries with the same `interface`
664
#   name with higher priority definitions. This does not apply if the
665
#  `interface` field is empty. `networks` are therefore also processed
666
#  in lowest to highest priority order.
667

668
# ===================================================================== #
669
# END OF TEMPLATE
670
# ===================================================================== #
671

672
Product

Resources

Company
