JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lxd: Add proper support for nftables

Browse Source
This commit is contained in:
Patryk Wychowaniec 2020-06-05 12:57:18 +02:00
parent abb2f6038c
commit 72e80cdc54
No known key found for this signature in database
GPG Key ID: F62547D075E09767
2 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/virtualisation/lxd.nix
View File

@ -15,7 +15,6 @@ in
###### interface ###### interface
options = { options = {
virtualisation.lxd = { virtualisation.lxd = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
@ -30,7 +29,7 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.lxd; default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; };
defaultText = "pkgs.lxd"; defaultText = "pkgs.lxd";
description = '' description = ''
The LXD package to use. The LXD package to use.
@ -65,6 +64,7 @@ in
with nixos. with nixos.
''; '';
}; };
recommendedSysctlSettings = mkOption { recommendedSysctlSettings = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -83,7 +83,6 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
security.apparmor = { security.apparmor = {

26
pkgs/tools/admin/lxd/default.nix
View File

@ -1,13 +1,21 @@
{ stdenv, hwdata, pkgconfig, lxc, buildGoPackage, fetchurl { stdenv, hwdata, pkgconfig, lxc, buildGoPackage, fetchurl
, makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq , makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq
, squashfsTools, iproute, iptables, ebtables, libcap, libco-canonical, dqlite , squashfsTools, iproute, iptables, ebtables, iptables-nftables-compat, libcap
, raft-canonical, sqlite-replication, udev , libco-canonical, dqlite, raft-canonical, sqlite-replication, udev
, writeShellScriptBin, apparmor-profiles, apparmor-parser , writeShellScriptBin, apparmor-profiles, apparmor-parser
, criu , criu
, bash , bash
, installShellFiles , installShellFiles
, nftablesSupport ? false
}: }:
let
networkPkgs = if nftablesSupport then
[ iptables-nftables-compat ]
else
[ iptables ebtables ];
in
buildGoPackage rec { buildGoPackage rec {
pname = "lxd"; pname = "lxd";
version = "4.1"; version = "4.1";
@ -38,12 +46,14 @@ buildGoPackage rec {
# test binaries, code generation # test binaries, code generation
rm $out/bin/{deps,macaroon-identity,generate} rm $out/bin/{deps,macaroon-identity,generate}
wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath [ wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath (
acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ebtables bash criu networkPkgs
(writeShellScriptBin "apparmor_parser" '' ++ [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute bash criu ]
exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@" ++ [ (writeShellScriptBin "apparmor_parser" ''
'') exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
]} '') ]
)
}
installShellCompletion --bash go/src/github.com/lxc/lxd/scripts/bash/lxd-client installShellCompletion --bash go/src/github.com/lxc/lxd/scripts/bash/lxd-client
''; '';