Commit Graph

1078 Commits

Author SHA1 Message Date
Philipp Mildenberger
f5922de1d7 nixos/oci-containers: add support for environment files 2021-04-15 10:57:56 +02:00
Jörg Thalheim
9af991a1b1
Merge pull request #117618 from Mic92/docker
nixos/docker: re-add network.target
2021-04-09 12:43:13 +01:00
Luke Granger-Brown
1ce6b05ea1 nixos/libvirtd: add package option
At the moment, it's not possible to override the libvirtd package used
without supplying a nixpkgs overlay. Adding a package option makes
libvirtd more consistent and allows enabling e.g. ceph and iSCSI support
more easily.
2021-04-09 01:20:19 +02:00
Phillip Cloud
7c36ce8d3a nixos/containers: move extraConfig to settings model 2021-04-07 16:08:18 -04:00
Sandro Jäckel
9378fdf87e
iproute: deprecate alias 2021-04-04 01:43:46 +02:00
Sandro
da7bf30372
nixos/containers: update example path to match defaults 2021-03-29 03:40:44 +02:00
Jörg Thalheim
0f4872b4c4
nixos/docker: re-add network.target
Currently if docker starts concurrently with
firewall.service/systemd-networkd it breaks both due to iptables/netlink
logs.
2021-03-25 22:06:54 +01:00
Domen Kožar
b992a92fa0
Merge pull request #117021 from AmineChikhaoui/gcp-cloud-images
add new Google Cloud image for the current release
2021-03-25 10:42:06 +01:00
zowoq
4b11122749 nixos/containers: add catatonit / init_path
https://github.com/containers/common/blob/master/docs/containers.conf.5.md

- Also drop unneeded true from ociSeccompBpfHook
2021-03-21 20:57:28 +01:00
AmineChikhaoui
606b49721f
add new Google Cloud image for the current release
update the create-gce.sh script with the ability to create public images
out of a GS object.
2021-03-21 14:04:09 -04:00
Lassulus
ba6d848c40
Merge pull request #112332 from urbas/amazon-init-options
virtualization/amazon-init: enable option
2021-03-07 18:39:05 +01:00
Johan Thomsen
7b5c38e973 nixos/kubernetes: docker -> containerd
also, nixos/containerd: module init
2021-03-07 12:51:14 +10:00
rnhmjoj
c0c288b70b nixos/libvirtd: remove systemd-udev-settle
This dependency has been added in 65eae4d, when NixOS switched to
systemd, as a substitute for the previous udevtrigger and hasn't been
touched since. It's probably unneeded as the upstream unit[1] doesn't
do it and I haven't found any mention of any problem in NixOS or the
upstream issue trackers.

[1]: https://gitlab.com/libvirt/libvirt/-/blob/master/src/remote/libvirtd.service.in
2021-03-05 23:44:28 +01:00
rnhmjoj
24e45e308d
nixos/lxd: fixup of 4adcb006 2021-03-03 01:16:41 +01:00
Michele Guerini Rocco
ccc4bbdbe6
Merge pull request #114772 from rnhmjoj/anbox-no-udev-settle
nixos/anbox: remove systemd-udev-settle
2021-03-02 08:04:08 +01:00
rnhmjoj
879fcdf778
nixos/anbox: remove systemd-udev-settle
The anbox session manager seems to start without issues when
systemd-udev-settle is masked or the dependency removed.
2021-03-01 19:29:32 +01:00
rnhmjoj
b9dc818bd5
nixos/lxd: make start timeout configurable 2021-02-28 14:02:56 +01:00
rnhmjoj
4adcb00642
nixos/lxd: cleanup and misc fixes
- Actually use the zfsSupport option
- Add documentation URI to lxd.service
- Add lxd.socket to enable socket activatation
- Add proper dependencies and remove systemd-udev-settle from lxd.service
- Set up /var/lib/lxc/rootfs using systemd.tmpfiles
- Configure safe start and shutdown of lxd.service
- Configure restart on failures of lxd.service
2021-02-28 14:02:56 +01:00
Florian Klink
1624ae8a96
Merge pull request #100433 from Patryk27/fixes/38509
nixos/containers: allow containers with long names to create private networks
2021-02-26 21:35:07 +01:00
Patryk Wychowaniec
336ef2de99
nixos/containers: allow containers with long names to create private networks
Launching a container with a private network requires creating a
dedicated networking interface for it; name of that interface is derived
from the container name itself - e.g. a container named `foo` gets
attached to an interface named `ve-foo`.

An interface name can span up to IFNAMSIZ characters, which means that a
container name must contain at most IFNAMSIZ - 3 - 1 = 11 characters;
it's a limit that we validate using a build-time assertion.

This limit has been upgraded with Linux 5.8, as it allows for an
interface to contain a so-called altname, which can be much longer,
while remaining treated as a first-class citizen.

Since altnames have been supported natively by systemd for a while now,
due diligence on our side ends with dropping the name-assertion on newer
kernels.

This commit closes #38509.

systemd/systemd#14467
systemd/systemd#17220
https://lwn.net/Articles/794289/
2021-02-26 17:48:49 +01:00
WORLDofPEACE
1546bea850
Merge pull request #111462 from jakobrs/msize
nixos/qemu-vm: add virtualisation.msize option
2021-02-25 21:06:27 -05:00
nicoo
d7c15d0eec nixos/hyperv-guest: rngd was removed, no need to disable it 2021-02-21 01:34:56 +01:00
Florian Klink
d0be6dcd70
Merge pull request #110784 from talyz/gce-fetch-ssh-keys
google-compute-config: Reintroduce fetch-ssh-keys
2021-02-20 22:19:53 +01:00
talyz
95f96de78e
gce/fetch-ssh-keys: Put script in separate file, use PrivateTmp...
...check the script with shfmt and shellcheck + some other minor
refactoring.
2021-02-19 15:17:12 +01:00
ilian
29a6c9b9a3 nixos/hypervGuest: add Microsoft Synthetic Keyboard driver
Ensure that the HyperV keyboard driver is available in the early
stages of the boot process. This allows the user to enter a disk
encryption passphrase or repair a boot problem in an interactive
shell.
2021-02-17 08:01:34 +00:00
Matej Urbas
a6766bee7b virtualization/amazon-init: enable option 2021-02-15 18:44:34 +00:00
Maciej Krüger
8429831b67
Merge pull request #112746 from mkg20001/qemu-extra-disks 2021-02-14 13:20:44 +01:00
zowoq
37f1ed7ca4 nixos/podman: install systemd files
- install podman service and socket
- install podman tmpfile
2021-02-14 06:57:39 +10:00
Maciej Krüger
45b8e83128
qemu-vm: add virtualisation.fileSystems to allow extra vm mounts 2021-02-11 11:02:45 +01:00
adisbladis
6caa6cb3f5
Merge pull request #111924 from saschagrunert/cri-o-oci-hook
nixos/cri-o: add OCI seccomp bpf hook support
2021-02-06 12:03:44 +01:00
adisbladis
3c6035cd9a
Merge pull request #106767 from erikarvstedt/fix-container-pkgs-2
nixos-container: fix `nixpkgs` container options being ignored
2021-02-06 11:57:14 +01:00
Sascha Grunert
e2b7bdd08d
nixos/cri-o: add OCI seccomp bpf hook support
We now set the hooks dir correctly if the OCI hook is enabled. CRI-O
supports this specific hook from v1.20.0.

Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
2021-02-05 11:04:49 +01:00
Jörg Thalheim
57cfa03b03
Merge pull request #111591 from Mic92/zfs-kube 2021-02-02 11:56:58 +00:00
Robert Hensing
a4f4d86e92
Merge pull request #111583 from mikroskeem/more-docker-fixes
docker: fix socket activation race
2021-02-01 19:13:38 +01:00
Jörg Thalheim
9c6a9d0458
nixos/lxd: refactor to use zfs.package/enabled property 2021-02-01 17:59:18 +01:00
Mark Vainomaa
9360e789c6
docker: fix socket activation race 2021-02-01 18:14:43 +02:00
jakobrs
278843e979 nixos/qemu-vm: add virtualisation.msize option 2021-01-31 18:41:22 +01:00
Fritz Otlinghaus
d7c39c01ae
nixos/xen: add types 2021-01-31 13:47:57 +01:00
Simon Žlender
ede24160fc nixos/oci-containers: Remove dep on system.path 2021-01-29 18:29:07 +01:00
Simon Žlender
683f0b8938 nixos/oci-containers: Use docker.package 2021-01-28 21:27:50 +01:00
talyz
dd6ebb7871
google-compute-config: Reintroduce fetch-ssh-keys
Reintroduce the `fetch-ssh-keys` service so that GCE images that work
with NixOps can once again be built. Also, reformat the code a bit.

The service was removed in 88570538b3,
likely due to a comment saying it should be removed. It was still
needed for images to work with NixOps, however, and probably needed to
be replaced or rewritten rather than removed.
2021-01-25 14:14:00 +01:00
volth
bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
Pavol Rusnak
66dc9dbb59
nixos/modules: stdenv.lib -> lib 2021-01-17 21:40:51 +01:00
Aaron Andersen
6b0ba74baa
Merge pull request #109099 from jpotier/fix-deprecation-warning-azure-agent
nixos/azure-agent: fix deprecation warning
2021-01-16 07:52:05 -05:00
Milan Pässler
4000091123
nixos/docker: change misleading error message
The socketActivation option was removed, but later on socket activation
was added back without the option to disable it. The description now reflects
that socket activation is used unconditionally in the current setup.
2021-01-15 15:00:11 +01:00
Mark Vainomaa
a81c27cd54
docker: fix systemd socket activation 2021-01-15 15:53:31 +02:00
Erik Arvstedt
9a283a038d
nixos-container: fix nixpkgs container options being ignored
Since the introduction of option `containers.<name>.pkgs`, the
`nixpkgs.*` options (including `nixpkgs.pkgs`, `nixpkgs.config`, ...) were always
ignored in container configs, which broke existing containers.

This was due to `containers.<name>.pkgs` having two separate effects:
(1) It sets the source for the modules that are used to evaluate the container.
(2) It sets the `pkgs` arg (`_module.args.pkgs`) that is used inside the container
    modules.
    This happens even when the default value of `containers.<name>.pkgs` is unchanged, in which
    case the container `pkgs` arg is set to the pkgs of the host system.
    Previously, the `pkgs` arg was determined by the `containers.<name>.config.nixpkgs.*` options.

This commit reverts the breaking change (2) while adding a backwards-compatible way to achieve (1).
It removes option `pkgs` and adds option `nixpkgs` which implements (1).
Existing users of `pkgs` are informed by an error message to use option
`nixpkgs` or to achieve only (2) by setting option `containers.<name>.config.nixpkgs.pkgs`.
2021-01-15 12:49:42 +01:00
Jörg Thalheim
f3042e3078
Merge pull request #108862 from cpcloud/refactor-nvidia-containers 2021-01-15 11:10:09 +00:00
Mark Vainomaa
b451286b1f
docker: 19.03.4 -> 20.10.2 (#108960)
This commit refactors the build process to handle Docker engine and
CLI split.
2021-01-13 11:33:14 +01:00
Martin Potier
de02ae9350
nixos/azure-agent: fix deprecation warning 2021-01-12 13:00:38 +02:00