Merge recent master into staging

Hydra: ?compare=1148749 Conflicts (easy): nixos/modules/virtualisation/containers.nix
2025-06-12 04:35:41 +03:00 · 2014-08-21 15:09:31 +02:00 · 2014-08-21 15:09:31 +02:00 · d4e9fd2a90
commit d4e9fd2a90
parent 5c53f22492 2d03fbf752
215 changed files with 3425 additions and 1642 deletions
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@ -32,7 +32,10 @@ let
        fi
      fi

-      exec "$1"
+      # Start the regular stage 1 script, passing the bind-mounted
+      # notification socket from the host to allow the container
+      # systemd to signal readiness to the host systemd.
+      NOTIFY_SOCKET=/var/lib/private/host-notify exec "$1"
    '';

  system = config.nixpkgs.system;
@ -175,17 +178,16 @@ in
              ip link del dev "ve-$INSTANCE" 2> /dev/null || true
            fi

-            mkdir -p -m 0755 $root/var/lib

-            # Create a named pipe to get a signal when the container
-            # has finished booting.
-            rm -f $root/var/lib/startup-done
-            mkfifo -m 0600 $root/var/lib/startup-done
+            if [ "$PRIVATE_NETWORK" = 1 ]; then
+              ip link del dev "ve-$INSTANCE" 2> /dev/null || true
+            fi
         '';

        script =
          ''
            mkdir -p -m 0755 "$root/etc" "$root/var/lib"
+            mkdir -p -m 0700 "$root/var/lib/private"
            if ! [ -e "$root/etc/os-release" ]; then
              touch "$root/etc/os-release"
            fi
@ -194,6 +196,8 @@ in
              "/nix/var/nix/profiles/per-container/$INSTANCE" \
              "/nix/var/nix/gcroots/per-container/$INSTANCE"

+            cp -f /etc/resolv.conf "$root/etc/resolv.conf"
+
            if [ "$PRIVATE_NETWORK" = 1 ]; then
              extraFlags+=" --network-veth"
            fi
@ -210,13 +214,16 @@ in
              fi
            ''}

-            EXIT_ON_REBOOT=1 \
+            # Run systemd-nspawn without startup notification (we'll
+            # wait for the container systemd to signal readiness).
+            EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
            exec ${config.systemd.package}/bin/systemd-nspawn \
              --keep-unit \
              -M "$INSTANCE" -D "$root" $extraFlags \
              --bind-ro=/nix/store \
              --bind-ro=/nix/var/nix/db \
              --bind-ro=/nix/var/nix/daemon-socket \
+              --bind=/run/systemd/notify:/var/lib/private/host-notify \
              --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
              --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
              --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
@ -269,6 +276,8 @@ in

          Type = "notify";

+          NotifyAccess = "all";
+
          # Note that on reboot, systemd-nspawn returns 10, so this
          # unit will be restarted. On poweroff, it returns 0, so the
          # unit won't be restarted.
@ -315,5 +324,30 @@ in

    environment.systemPackages = [ nixos-container ];

+    # Start containers at boot time.
+    systemd.services.all-containers =
+      { description = "All Containers";
+
+        wantedBy = [ "multi-user.target" ];
+
+        unitConfig.ConditionDirectoryNotEmpty = "/etc/containers";
+
+        serviceConfig.Type = "oneshot";
+
+        script =
+          ''
+            res=0
+            shopt -s nullglob
+            for i in /etc/containers/*.conf; do
+              AUTO_START=
+              source "$i"
+              if [ "$AUTO_START" = 1 ]; then
+                systemctl start "container@$(basename "$i" .conf).service" || res=1
+              fi
+            done
+            exit $res
+          ''; # */
+      };
+
  };
 }