JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lxd: Add proper support for nftables

Browse Source
This commit is contained in:
Patryk Wychowaniec 2020-06-05 12:57:18 +02:00
parent abb2f6038c
commit 72e80cdc54
No known key found for this signature in database
GPG Key ID: F62547D075E09767
2 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/virtualisation/lxd.nix
View File

@ -15,7 +15,6 @@ in
###### interface
options = {
virtualisation.lxd = {
enable = mkOption {
type = types.bool;
@ -30,7 +29,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.lxd;
default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; };
defaultText = "pkgs.lxd";
description = ''
The LXD package to use.
@ -65,6 +64,7 @@ in
with nixos.
'';
};
recommendedSysctlSettings = mkOption {
type = types.bool;
default = false;
@ -83,7 +83,6 @@ in
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
security.apparmor = {

26
pkgs/tools/admin/lxd/default.nix
View File

@ -1,13 +1,21 @@
{ stdenv, hwdata, pkgconfig, lxc, buildGoPackage, fetchurl
, makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq
, squashfsTools, iproute, iptables, ebtables, libcap, libco-canonical, dqlite
, raft-canonical, sqlite-replication, udev
, squashfsTools, iproute, iptables, ebtables, iptables-nftables-compat, libcap
, libco-canonical, dqlite, raft-canonical, sqlite-replication, udev
, writeShellScriptBin, apparmor-profiles, apparmor-parser
, criu
, bash
, installShellFiles
, nftablesSupport ? false
}:
let
networkPkgs = if nftablesSupport then
[ iptables-nftables-compat ]
else
[ iptables ebtables ];
in
buildGoPackage rec {
pname = "lxd";
version = "4.1";
@ -38,12 +46,14 @@ buildGoPackage rec {
# test binaries, code generation
rm $out/bin/{deps,macaroon-identity,generate}
wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath [
acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ebtables bash criu
(writeShellScriptBin "apparmor_parser" ''
exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
'')
]}
wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath (
networkPkgs
++ [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute bash criu ]
++ [ (writeShellScriptBin "apparmor_parser" ''
exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
'') ]
)
}
installShellCompletion --bash go/src/github.com/lxc/lxd/scripts/bash/lxd-client
'';