0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-09 20:16:16 +03:00

incus: fix container tests from image rename (#360305)

This commit is contained in:
Adam C. Stephens 2024-11-30 15:04:26 -05:00 committed by GitHub
commit 33b9d57c65
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 603 additions and 482 deletions

View file

@ -1,51 +1,71 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
templateSubmodule = {...}: {
options = {
enable = lib.mkEnableOption "this template";
templateSubmodule =
{ ... }:
{
options = {
enable = lib.mkEnableOption "this template";
target = lib.mkOption {
description = "Path in the container";
type = lib.types.path;
};
template = lib.mkOption {
description = ".tpl file for rendering the target";
type = lib.types.path;
};
when = lib.mkOption {
description = "Events which trigger a rewrite (create, copy)";
type = lib.types.listOf (lib.types.str);
};
properties = lib.mkOption {
description = "Additional properties";
type = lib.types.attrs;
default = {};
target = lib.mkOption {
description = "Path in the container";
type = lib.types.path;
};
template = lib.mkOption {
description = ".tpl file for rendering the target";
type = lib.types.path;
};
when = lib.mkOption {
description = "Events which trigger a rewrite (create, copy)";
type = lib.types.listOf (lib.types.str);
};
properties = lib.mkOption {
description = "Additional properties";
type = lib.types.attrs;
default = { };
};
};
};
};
toYAML = name: data: pkgs.writeText name (lib.generators.toYAML {} data);
toYAML = name: data: pkgs.writeText name (lib.generators.toYAML { } data);
cfg = config.virtualisation.lxc;
templates = if cfg.templates != {} then let
list = lib.mapAttrsToList (name: value: { inherit name; } // value)
(lib.filterAttrs (name: value: value.enable) cfg.templates);
in
{
files = map (tpl: {
source = tpl.template;
target = "/templates/${tpl.name}.tpl";
}) list;
properties = lib.listToAttrs (map (tpl: lib.nameValuePair tpl.target {
when = tpl.when;
template = "${tpl.name}.tpl";
properties = tpl.properties;
}) list);
}
else { files = []; properties = {}; };
templates =
if cfg.templates != { } then
let
list = lib.mapAttrsToList (name: value: { inherit name; } // value) (
lib.filterAttrs (name: value: value.enable) cfg.templates
);
in
{
files = map (tpl: {
source = tpl.template;
target = "/templates/${tpl.name}.tpl";
}) list;
properties = lib.listToAttrs (
map (
tpl:
lib.nameValuePair tpl.target {
when = tpl.when;
template = "${tpl.name}.tpl";
properties = tpl.properties;
}
) list
);
}
else
{
files = [ ];
properties = { };
};
in {
in
{
imports = [
../image/file-options.nix
];
@ -59,7 +79,7 @@ in {
templates = lib.mkOption {
description = "Templates for LXD";
type = lib.types.attrsOf (lib.types.submodule templateSubmodule);
default = {};
default = { };
example = lib.literalExpression ''
{
# create /etc/hostname on container creation
@ -91,7 +111,10 @@ in {
};
config = {
system.nixos.tags = [ "lxc" "metadata" ];
system.nixos.tags = [
"lxc"
"metadata"
];
image.extension = "tar.xz";
image.filePath = "tarball/${config.image.fileName}";
system.build.image = config.system.build.metadata;
@ -100,7 +123,9 @@ in {
contents = [
{
source = toYAML "metadata.yaml" {
architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.stdenv.hostPlatform.system)) 0;
architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (
toString pkgs.stdenv.hostPlatform.system
)) 0;
creation_date = 1;
properties = {
description = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.stdenv.hostPlatform.system}";

View file

@ -1,4 +1,4 @@
{lib, ...}:
{ lib, ... }:
{
meta = {

View file

@ -1,6 +1,11 @@
# LXC Configuration
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.virtualisation.lxc;
@ -12,58 +17,53 @@ in
};
options.virtualisation.lxc = {
enable =
lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This enables Linux Containers (LXC), which provides tools
for creating and managing system or application containers
on Linux.
'';
};
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This enables Linux Containers (LXC), which provides tools
for creating and managing system or application containers
on Linux.
'';
};
unprivilegedContainers = lib.mkEnableOption "support for unprivileged users to launch containers";
systemConfig =
lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the system-wide LXC config. See
{manpage}`lxc.system.conf(5)`.
'';
};
systemConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the system-wide LXC config. See
{manpage}`lxc.system.conf(5)`.
'';
};
package = lib.mkPackageOption pkgs "lxc" { };
defaultConfig =
lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Default config (default.conf) for new containers, i.e. for
network config. See {manpage}`lxc.container.conf(5)`.
'';
};
defaultConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Default config (default.conf) for new containers, i.e. for
network config. See {manpage}`lxc.container.conf(5)`.
'';
};
usernetConfig =
lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the config file for managing unprivileged user network
administration access in LXC. See {manpage}`lxc-usernet(5)`.
'';
};
usernetConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the config file for managing unprivileged user network
administration access in LXC. See {manpage}`lxc-usernet(5)`.
'';
};
bridgeConfig =
lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the config file for override lxc-net bridge default settings.
'';
};
bridgeConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
This is the config file for override lxc-net bridge default settings.
'';
};
};
###### implementation
@ -88,7 +88,7 @@ in
};
# We don't need the `lxc-user` group, unless the unprivileged containers are enabled.
users.groups = lib.mkIf cfg.unprivilegedContainers { lxc-user = {}; };
users.groups = lib.mkIf cfg.unprivilegedContainers { lxc-user = { }; };
# `lxc-user-nic` needs suid to attach to bridge for unpriv containers.
security.wrappers = lib.mkIf cfg.unprivilegedContainers {
@ -108,7 +108,12 @@ in
lxc-net = {
enable = true;
wantedBy = [ "multi-user.target" ];
path = [ pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.dnsmasq ];
path = [
pkgs.iproute2
pkgs.iptables
pkgs.getent
pkgs.dnsmasq
];
};
};
};

View file

@ -1,29 +1,34 @@
# LXC Configuration
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.virtualisation.lxc.lxcfs;
in {
in
{
meta = {
maintainers = lib.teams.lxc.members;
};
###### interface
options.virtualisation.lxc.lxcfs = {
enable =
lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This enables LXCFS, a FUSE filesystem for LXC.
To use lxcfs in include the following configuration in your
container configuration:
```
virtualisation.lxc.defaultConfig = "lxc.include = ''${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
```
'';
};
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This enables LXCFS, a FUSE filesystem for LXC.
To use lxcfs in include the following configuration in your
container configuration:
```
virtualisation.lxc.defaultConfig = "lxc.include = ''${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
```
'';
};
};
###### implementation
@ -34,11 +39,11 @@ in {
before = [ "lxc.service" ];
restartIfChanged = false;
serviceConfig = {
ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/lib/lxcfs";
ExecStart="${pkgs.lxcfs}/bin/lxcfs /var/lib/lxcfs";
ExecStopPost="-${pkgs.fuse}/bin/fusermount -u /var/lib/lxcfs";
KillMode="process";
Restart="on-failure";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/lxcfs";
ExecStart = "${pkgs.lxcfs}/bin/lxcfs /var/lib/lxcfs";
ExecStopPost = "-${pkgs.fuse}/bin/fusermount -u /var/lib/lxcfs";
KillMode = "process";
Restart = "on-failure";
};
};
};