movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

nixos: systemd: move systemd-nspawn to systemd/nspawn

Browse source
This commit is contained in:
Bob van der Linden 2022-03-17 21:16:25 +01:00
parent 9bc093b30a
commit 3420dba80a
No known key found for this signature in database
GPG key ID: EEBE8E3EC4A31364
2 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

125
nixos/modules/system/boot/systemd/nspawn.nix Normal file
View file

@ -0,0 +1,125 @@
{ config, lib, pkgs, utils, ...}:
with utils.systemdUtils.unitOptions;
with utils.systemdUtils.lib;
with lib;
let
cfg = config.systemd.nspawn;
checkExec = checkUnitConfig "Exec" [
(assertOnlyFields [
"Boot" "ProcessTwo" "Parameters" "Environment" "User" "WorkingDirectory"
"PivotRoot" "Capability" "DropCapability" "NoNewPrivileges" "KillSignal"
"Personality" "MachineId" "PrivateUsers" "NotifyReady" "SystemCallFilter"
"LimitCPU" "LimitFSIZE" "LimitDATA" "LimitSTACK" "LimitCORE" "LimitRSS"
"LimitNOFILE" "LimitAS" "LimitNPROC" "LimitMEMLOCK" "LimitLOCKS"
"LimitSIGPENDING" "LimitMSGQUEUE" "LimitNICE" "LimitRTPRIO" "LimitRTTIME"
"OOMScoreAdjust" "CPUAffinity" "Hostname" "ResolvConf" "Timezone"
"LinkJournal"
])
(assertValueOneOf "Boot" boolValues)
(assertValueOneOf "ProcessTwo" boolValues)
(assertValueOneOf "NotifyReady" boolValues)
];
checkFiles = checkUnitConfig "Files" [
(assertOnlyFields [
"ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystem"
"Overlay" "OverlayReadOnly" "PrivateUsersChown"
])
(assertValueOneOf "ReadOnly" boolValues)
(assertValueOneOf "Volatile" (boolValues ++ [ "state" ]))
(assertValueOneOf "PrivateUsersChown" boolValues)
];
checkNetwork = checkUnitConfig "Network" [
(assertOnlyFields [
"Private" "VirtualEthernet" "VirtualEthernetExtra" "Interface" "MACVLAN"
"IPVLAN" "Bridge" "Zone" "Port"
])
(assertValueOneOf "Private" boolValues)
(assertValueOneOf "VirtualEthernet" boolValues)
];
instanceOptions = {
options = sharedOptions // {
execConfig = mkOption {
default = {};
example = { Parameters = "/bin/sh"; };
type = types.addCheck (types.attrsOf unitOption) checkExec;
description = ''
Each attribute in this set specifies an option in the
<literal>[Exec]</literal> section of this unit. See
<citerefentry><refentrytitle>systemd.nspawn</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
filesConfig = mkOption {
default = {};
example = { Bind = [ "/home/alice" ]; };
type = types.addCheck (types.attrsOf unitOption) checkFiles;
description = ''
Each attribute in this set specifies an option in the
<literal>[Files]</literal> section of this unit. See
<citerefentry><refentrytitle>systemd.nspawn</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
networkConfig = mkOption {
default = {};
example = { Private = false; };
type = types.addCheck (types.attrsOf unitOption) checkNetwork;
description = ''
Each attribute in this set specifies an option in the
<literal>[Network]</literal> section of this unit. See
<citerefentry><refentrytitle>systemd.nspawn</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
};
instanceToUnit = name: def:
let base = {
text = ''
[Exec]
${attrsToSection def.execConfig}
[Files]
${attrsToSection def.filesConfig}
[Network]
${attrsToSection def.networkConfig}
'';
} // def;
in base // { unit = makeUnit name base; };
in {
options = {
systemd.nspawn = mkOption {
default = {};
type = with types; attrsOf (submodule instanceOptions);
description = "Definition of systemd-nspawn configurations.";
};
};
config =
let
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
in
mkMerge [
(mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []);
})
{
systemd.targets.multi-user.wants = [ "machines.target" ];
}
];
}