Commit Graph

713 Commits

Author SHA1 Message Date
Jörg Thalheim
0bbf671b5a
Merge pull request #31157 from sorki/lxcfs_pam_related
[wip] lxcfs,pam: disable cgmanager, enable pam_cgfs, lxcfs 2.0.7 -> 2.0.8
2018-01-01 15:42:03 +01:00
Graham Christensen
b5a61f2c59
Revert "nixos: doc: implement related packages in the manual" 2017-12-23 07:19:45 -05:00
Arseniy Seroka
36e02645eb
Merge pull request #32424 from oxij/nixos/related-packages
nixos: doc: implement related packages in the manual
2017-12-23 03:34:58 +03:00
volth
363cdde475 nixos/libvirt: remove 'virtualisation.libvirtd.enableKVM' option 2017-12-21 03:56:41 +00:00
volth
a52aa6aafb nixos/libvirt: avoid dependency on two qemu packages
Currently libvirt requires two qemu derivations: qemu and qemu_kvm which is just a truncated version of qemu (defined as qemu.override { hostCpuOnly = true; }).

This patch exposes an option virtualisation.libvirtd.qemuPackage which allows to choose which package to use:

 * pkgs.qemu_kvm if all your guests have the same CPU as host, or
 * pkgs.qemu which allows to emulate alien architectures (for example ARMV7L on X86_64), or
 * a custom derivation

virtualisation.libvirtd.enableKVM option is vague and could be deprecate in favor of virtualisation.libvirtd.qemuPackage, anyway it does allow to enable/disable kvm.
2017-12-21 03:56:40 +00:00
Eelco Dolstra
3c82e6fc82
Add AMI for eu-west-3 2017-12-20 16:19:33 +01:00
Jörg Thalheim
5687f61b19
Merge pull request #32637 from makefu/pkgs/openstack/nuke
nuke openstack (again)
2017-12-15 10:06:23 -08:00
makefu
269d8a17b5
openstack module: rip
part of openstack cleanup
2017-12-15 16:08:38 +01:00
makefu
71767ee3c7
glance: rip
part of openstack cleanup
2017-12-15 16:08:10 +01:00
makefu
d3d94992cf
keystone: rip
part of openstack cleanup
2017-12-15 16:06:44 +01:00
Eelco Dolstra
e4847b797e
Update NixOS 17.09 AMIs
This adds support for c5.* instances.

Fixes #32612.
2017-12-13 23:42:09 +01:00
makefu
5369400bb0
nova: rip
part of openstack cleanup
2017-12-13 18:16:29 +01:00
Robert Helgesson
5eb4a8339c
nixos containers: remove stray , from pattern
See #31888.
2017-12-12 18:35:06 +01:00
Bas van Dijk
5572de75a0
containers: deny networkmanager from managing the ve-* and vb-* NICs
Without this, when you've enabled networkmanager and start a
nixos-container the container will briefly have its specified IP
address but then networkmanager starts managing it causing the IP
address to be dropped.
2017-12-12 18:22:15 +01:00
Jan Malakhovski
3be0e1bd72 nixos/xen-dom0: add related packages, make it play well with them 2017-12-07 21:27:32 +00:00
Tuomas Tynkkynen
b2e315f97f nixos/qemu-vm: Pass gic-version=host for AArch64
This is required on the ThunderX CPUs on the Packet.net Type-2A
machines that have a GICv3. For some reason the default is to create a
GICv2 independent of the host hardware...
2017-12-06 17:29:09 +02:00
Daniel Peebles
5fd528d043
amazon-image: use NTP provided by the hypervisor
See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html for more information.

Fixes #32187
2017-11-29 22:48:00 -05:00
Tuomas Tynkkynen
e56da6a464 nixos/qemu-vm: Use different serial port on ARM/AArch64 2017-11-26 11:13:21 +02:00
Tuomas Tynkkynen
0a2eda7a7e nixos/qemu-vm: Don't try enabling graphics/mouse on non-x86
Needs to be figured out some day, just disable them for now.
2017-11-26 11:13:21 +02:00
Tuomas Tynkkynen
43cb964e17 nixos/qemu-vm: Set QEMU command line depending on architecture 2017-11-26 11:13:21 +02:00
Luke Adams
2ce30c5b53 remove prlcc from global systemd services 2017-11-11 17:05:08 -06:00
Luke Adams
0f047e612b prl-tools: Add all user services using systemd.user 2017-11-11 17:05:08 -06:00
Luke Adams
26d6eab655 prl-tools: remove unnecessary kernel modules 2017-11-11 17:05:08 -06:00
Eelco Dolstra
54da9cc944
Amazon image: Add NVMe support to the initrd
This is required by the new c5.* instance types.

Note that this changes disk names from /dev/xvd* to
/dev/nvme0n*. Amazon Linux has a udev rule that calls a Python script
named "ec2nvme-nsid" to create compatibility symlinks. We could use
that, but it would mean adding Python to the AMI closure...
2017-11-09 17:53:26 +01:00
Jörg Thalheim
ea78f0f06c lxcfs: remove cgmanager dependency 2017-11-07 11:04:12 +00:00
Frederik Rietdijk
ae23084237
Merge pull request #30107 from danbst/patch-13
declarative containers: improve example config
2017-11-04 09:59:09 +01:00
Richard Marko
0810111ced lxcfs: don't enable cgmanager
Related to #30023
2017-11-02 02:52:07 +01:00
Danylo Hlynskyi
398705ba86
containers: autoStart doc typo 2017-11-01 10:25:26 +02:00
Eelco Dolstra
8f349a3bf3
Add function closureInfo to replace pathsFromGraph
Unlike pathsFromGraph, on Nix 1.12, this function produces a
registration file containing correct NAR hash/size information.

https://hydra.nixos.org/build/62832723
2017-10-25 15:38:14 +02:00
Bjørn Forsman
0ff4bb5f87 nixos: run parted with --script option
-s, --script: never prompts for user intervention

Sometimes the NixOS installer tests fail when they invoke parted, e.g.
https://hydra.nixos.org/build/62513826/nixlog/1. But instead of exiting
right there, the tests hang until the Nix builder times out (and kills
the build). With this change the tests would instead fail immediately,
which is preferred.

While at it, use "parted --script" treewide, so nobody gets build
timeout due to parted error (or misuse). (Only nixos/ use it, and only
non-interactive.)

A few instances already use the short option "-s", convert them to long
option "--short".
2017-10-14 15:29:02 +02:00
Peter Hoeg
b366760cf5 Revert "hyperv-daemons: add nixos module"
This reverts commit 0944d44f1b.
2017-10-14 14:42:49 +08:00
Peter Hoeg
0944d44f1b hyperv-daemons: add nixos module 2017-10-14 14:38:04 +08:00
Danylo Hlynskyi
dc8500165c declarative containers: improve example config
Container config example code mentions `postgresql` service, but the correct use of that service involves setting `system.stateVersion` option (as discovered in https://github.com/NixOS/nixpkgs/issues/30056).

The actual system state version is set randomly to 17.03 because I have no preferences here
2017-10-05 00:42:50 +00:00
Eelco Dolstra
9b3aa19a88
Add NixOS 17.09 AMIs
Fixes #29976.
2017-10-03 16:56:59 +02:00
Jörg Thalheim
2354e0f05a cloud-utils: 0.29 -> 0.30 2017-10-02 09:11:20 +01:00
Rob Vermaas
0783efb41c
google-instance-setup: add openssh to path 2017-09-15 10:43:09 +00:00
lewo
3a377e26b2 nixos/nova-image: cleanup image builders (#29242)
There are currently two ways to build Openstack image. This just picks
best of both, to keep only one!

- Image is resizable
- Cloudinit is enable
- Password authentication is disable by default
- Use the same layer than other image builders (ec2, gce...)
2017-09-11 17:33:33 +01:00
Tim Steinbach
a54b2e3ba2 Merge pull request #29002 from NeQuissimus/docker_edge_module_test
docker: Package in module, tests
2017-09-06 15:03:56 -04:00
Franz Pletz
1bed4773f5
postgresql92: remove last references 2017-09-05 18:20:56 +02:00
Tim Steinbach
2bb57ef776
docker: Allow package selection in module 2017-09-04 19:02:05 -04:00
Robin Gloster
8994b27c54
libvirtd module: add qemu_kvm to path 2017-08-28 12:54:41 +02:00
evujumenuk
36dd8edde1 containers: remove EXIT_ON_REBOOT
EXIT_ON_REBOOT has been obsolete since sometime in 2014.
2017-08-24 20:48:24 +02:00
Peter Hoeg
698efcb7b5 open-vm-tools: do not pull x dependencies unconditionally
The "headless" configuration option is ignored because we unconditionally
reference pkgs.open-vm-tools.

This fixes that.
2017-08-15 17:05:30 +08:00
Franz Pletz
9fda9f8c79 Merge pull request #27903 from volth/issue-27857-libvirt-xml-manipulation
libvirt: 3.5.0 -> 3.6.0
2017-08-12 21:45:01 +02:00
volth
15351c4780 apply 'restartIfChanged = false' to all libvirtd services
Although it is quite safe to restart ```libvirtd``` when there are only ```qemu``` machines, in case if there are ```libvirt_lxc``` containers, a restart may result in putting the whole system into an odd state: the containers go on running but the new ```libvirtd``` daemons do not see them.
2017-08-10 11:34:32 +00:00
Alexander Gall
a0a4bea2a6 nixos/cloud-image: add module
The module creates an image for an openstack-based cloud using the
cloud-init package.
2017-08-07 13:03:02 +02:00
Robin Gloster
2dddc6dcf6 libvirt: don't suspend and resume on change 2017-08-05 11:00:02 +00:00
Robin Gloster
485a8fef73
modules: specify some types 2017-08-04 02:20:31 +02:00
Volth
84a6a3683b libvirt: 3.5.0 -> 3.6.0 2017-08-03 13:53:57 +00:00
Franz Pletz
1697684591
docker module: fix autoPrune.enable description
cc #27503
2017-07-21 16:54:40 +02:00
Pascal Bach
22acfd0327 docker service: add option to do automatic pruning
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.

The structure is similar to how system.autoUpgrade works.
2017-07-20 20:33:16 +02:00
zimbatm
14f53e5251 Merge pull request #26214 from zimbatm/google-compute-image
Google compute image
2017-07-19 09:49:20 +01:00
Rob Vermaas
ec313abdce
Add file with Azure image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit e93f26847ea41cce6633b6a0feb6ce31b0722d5d)
2017-07-18 09:18:51 +00:00
Rob Vermaas
412bfda422
Add file with GCE image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
2017-07-18 09:16:15 +00:00
zimbatm
c93d68b6ed google-compute-image module: use google services
This adds a few google-specific services to setup the machine.

Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.

The NixOS image now supports the userdata startup and shutdown scripts.

Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
2017-07-15 19:36:38 +01:00
Bjørn Forsman
b8e109d6ac nixos/libvirt: prevent OVMF path from being garbage collected
Use xmlstarlet to update the OVMF path on each startup, like we do for
<emulator>...qemu-kvm</emulator>.

A libvirt domain using UEFI cannot start if the OVMF path is garbage
collected/missing.
2017-07-14 22:07:57 +02:00
Bjørn Forsman
292827b0e0 nixos/libvirt: modify xml with xmlstarlet
Instead of grep and sed, which is brittle.

(I don't know how to preserve the comment we currently add to say that
this line is auto-updated. But I don't think it adds much value, so I'm
not spending any effort on it.)
2017-07-14 22:07:57 +02:00
Michał Pałka
9e6bfbb2f9 xen_4_8: init at 4.8.1
This commit adds the xen_4_8 package to be used instead of
xen (currently at 4.5.5):
 * Add packages xen_4_8, xen_4_8-slim and xen_4_8-light
 * Add packages qemu_xen_4_8 and qemu_xen_4_8-light to be used
   with xen_4_8-slim and xen_4_8-light respectively.
 * Add systemd to buildInputs of xen (it is required by oxenstored)
 * Adapt xen service to work with the new version of xen
 * Use xen-init-dom0 to initlilise dom0 in xen-store
 * Currently, the virtualisation.xen.stored option is ignored
   if xen 4.8 is used
2017-06-27 12:01:53 +00:00
Bastian Köcher
179c504a66 lxd: 2.0.2 -> 2.12 (#25685)
* Upgrades lxd to version 2.12

* Adds missing packages to path for lxd
2017-05-24 19:29:38 +01:00
Joachim F
8f89e43427 Merge pull request #25700 from michalpalka/xen-bridge-stop-fix
xen service: Fix removing netfilter rules while stopping xen-bridge
2017-05-21 17:22:33 +01:00
Joachim F
07ceaa2ec8 Merge pull request #25896 from joachifm/ovmf
ovmf: split firmware image files
2017-05-21 14:48:29 +01:00
Mateusz Kowalczyk
a2c900dc87 GCE-service: Update fetch-ssh-keys API usage 2017-05-20 22:54:07 +01:00
Joachim Fasting
252dcd62f3
OVMF: separate output for ovmf binaries
OVMF{,CODE,VARS}.fd are now available in a dedicated fd output, greatly
reducing the closure in the common case where only those files are used (a
few MBs versus several hundred MBs for the full OVMF).

Note: it's unclear why `dontPatchELF` is now necessary for the build to
pass (on my end, at any rate) but it doesn't make much sense to run this
fixup anyway,

Note: my reading of xen's INSTALL suggests that --with-system-ovmf should
point directly to the OVMF binary.  As such, the previous invocation was
incorrect (it pointed to the root of the OVMF tree).  In any case, I have
only built xen with `--with-system-ovmf`, I have not tested it.

Fixes https://github.com/NixOS/nixpkgs/issues/25854
Closes https://github.com/NixOS/nixpkgs/pull/25855
2017-05-20 12:33:48 +02:00
Michał Pałka
1c7629ce63 xen service: Fix removing netfilter rules while stopping xen-bridge
This fixes a bug in the stopping script for the xen-bridge service,
which caused the script to crash and fail to remove some
netfilter rules.
2017-05-11 09:52:36 +00:00
Peter Hoeg
112b5556af Merge pull request #25397 from clefru/qemu-OVMF-on-channels
Introduce virtualisation.libvirtd.qemuOvmf.
2017-05-09 16:36:45 +08:00
Joachim F
dc2fc5ed57 Merge pull request #25495 from michalpalka/xen-forward-dns
xen service: Forward DNS queries from Xen guests
2017-05-06 13:56:10 +01:00
Joachim F
6ef9875edb Merge pull request #25494 from michalpalka/xendomains
xen service: Add the possibility to override configuration of xendomains
2017-05-06 13:55:59 +01:00
Michał Pałka
e7203cb03d xen service: Forward DNS queries from Xen guests
Provide the option forwardDns in virtualisation.xen.bridge, which
enables forwarding of DNS queries to the default resolver, allowing
outside internet access for the xen guests.
2017-05-04 08:48:03 +00:00
Michał Pałka
3b0daa1a28 xen service: Add the possibility to override configuration of xendomains
Add the option virtualisation.xen.domain.extraConfig, which
allows overriding options passed to xendomains.
2017-05-04 08:31:40 +00:00
Clemens Fruhwirth
df5d588f13 Introduce virtualisation.libvirtd.qemuOvmf. 2017-05-01 18:36:13 +02:00
Michał Pałka
2fcb8714ba xen service: fix xen-bridge not setting the configured netmask
The xen-bridge service accepts the option prefixLength, but does not
use it to set the actual netmask on the bridge. This commit makes
it set the correct netmask.
2017-04-28 07:48:51 +00:00
Jörg Thalheim
7b96e3d6a7 Merge pull request #25245 from bachp/docker-proxy
docker: pass all proxy variables to docker daemon
2017-04-27 11:03:46 +02:00
Pascal Bach
846f36203c docker: pass all proxy variables to docker daemon
This makes things as noProxy work too.
2017-04-26 16:55:36 +02:00
Jörg Thalheim
9d3c118320
google-compute-image: append .raw.tar.gz suffix
This restores behavior of image generation before f1708a9d7d
2017-04-26 16:40:38 +02:00
Dan Peebles
ee2cffbdb4 azure-image: switch to use the common make-disk-image.nix 2017-04-25 02:59:13 +00:00
Graham Christensen
3ab98d0971 Merge pull request #24999 from grahamc/qemu
qemu module: add virtualisation.cores option
2017-04-24 21:30:39 -04:00
Graham Christensen
4585fdb9d4
qemu module: add virtualisation.cores option
QEMU can allow guests to access more than one host core at a time.
Previously, this had to be done via ad-hoc arguments:

    virtualisation.qemu.options = ["-smp 12"];

Now you can simply specify:

    virtualisation.cores = 12;
2017-04-24 15:23:46 -04:00
Dan Peebles
9fae0f3f38 google-compute-image: switch to use the common make-disk-image.nix 2017-04-24 18:38:10 +00:00
Jörg Thalheim
fa4eff9b52 Merge pull request #24360 from clefru/gce-image-shrink-on-master
Shrink GCE bootstrap image to minimum size, and auto-expand it to actual size on first boot.
2017-04-10 12:01:53 +02:00
Eelco Dolstra
35dbcbb296
Fix eval error due to config.ec2.hvm 2017-04-04 13:49:13 +02:00
Eelco Dolstra
279565c3d6
Revert "Revert "EC2: Disable PV support""
This reverts commit 71710fd099.
2017-04-04 13:03:05 +02:00
Jörg Thalheim
71710fd099
Revert "EC2: Disable PV support"
This reverts commit fbe6d23624.

this breaks every non-ec2 (non-hvm) system

cc @edolstra
2017-04-04 12:05:21 +02:00
Eelco Dolstra
8cc3db6b67
Add 17.03 AMIs 2017-04-03 17:46:34 +02:00
Eelco Dolstra
fbe6d23624
EC2: Disable PV support
Unfortunately, somewhere between 16.09 and 17.03, paravirtualized
instances stopped working. They hang at the pv-grub prompt
("grubdom>"). I tried reverting to a 4.4 kernel, reverting kernel
compression from xz to bzip2 (even though pv-grub is supposed to
support xz), and reverting the only change to initrd generation
(5a8147479e). Nothing worked so I'm
giving up.
2017-04-03 17:46:34 +02:00
Alexey Shmalko
fa4fe71105
docker: fix socket permissions
Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket
2017-04-03 09:05:37 -04:00
Clemens Fruhwirth
72ec884cc6 Make GCE image as small as possible and incorporate partition growing
when users of nixops specified a larger root disk via
deployment.gce.rootDiskSize

1GB is the smallest possible size as GCP doesn't support
fractions of GB for RAW images, see
https://cloud.google.com/compute/docs/images/import-existing-image#requirements
2017-03-27 17:41:42 +02:00
Franz Pletz
1b95985b71 Merge pull request #24148 from volth/libvirt-3.1.0
libvirt: 3.0.0 -> 3.1.0
2017-03-27 10:02:06 +02:00
c74d
a4ac5506f5 google-compute-image: fix Yama LSM option conflict
Having fixed the Google Compute Engine image build process's copying
of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`...
and the GCE image broke again, because it sets the NixOS configuration
option for the sysctl variable `kernel.yama.ptrace_scope` to
`mkDefault "1"`, i.e., with override priority 1000, and now the
`sysctl` module sets the same option to `mkDefault "0"` (this was
changed in commit 86721a5f78).

This patch raises the override priority of the Google Compute Engine
image configuration's definition of the Yama sysctl option to 500
(still lower than the priority of an unmodified option definition).

I have tested that this patch allows the Google Compute Engine image
to again build successfully for me.
2017-03-26 21:09:58 +02:00
Franz Pletz
d545772640
libvirt: make guest suspend work, use upstream units 2017-03-25 14:59:01 +01:00
c74d
e0e520a519 google-compute-image: copy store paths with rsync
In `nixos/modules/virtualisation/google-compute-image.nix`, copy store
paths with `rsync -a` rather than `cp -prd`, because `rsync` seems
better able to handle the hard-links that may be present in the store,
whereas `cp` may fail to copy them.

I have tested that the Google Compute Engine image builds successfully
for me with this patch, whereas it did not without this patch.

This is the same fix applied for Azure images in commit
097ef6e435d5b3fcde92e67abbaaaaaf05c0723d.

Fixes #23973.
2017-03-24 02:14:10 +01:00
Jan Malakhovski
2822bacd60
nixos: xen: condition default packages on enable
Closes #23690.
2017-03-24 01:54:04 +01:00
Franz Pletz
fb50cde71e
nixos/treewide: systemd.time is in manvolume 7
cc #23396
2017-03-21 08:28:53 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
2017-03-17 23:36:19 +01:00
Volth
bcc4c261be lxc: ensure directory /var/lib/lxc/rootfs 2017-03-15 12:42:27 +01:00
Daiderd Jordan
b52af49d36
virtualisation-xen: fix defaultText interpolation 2017-03-11 00:09:22 +01:00
Graham Christensen
9e6ae2f60a Merge pull request #23441 from oxij/pkg/pretty-xen
xen: modular expression
2017-03-07 18:52:40 -05:00
Joachim Fasting
15da23d5c1
nixos/modules: use defaultText/literalExample where applicable
Primarily to fix rendering of default values/examples but also
to avoid unnecessary work.
2017-03-07 14:06:08 +01:00
Jan Malakhovski
442b8d49d0 nixos: xen: make packages configurable 2017-03-05 14:01:17 +00:00
Jaka Hudoklin
f5d81ed79b Merge pull request #20904 from offlinehacker/nixos/xserver/xpra
Add xpra display-manager
2017-03-05 01:32:23 +01:00
Thomas Strobel
b9a7aacef7 improve: modules/virtualisation/qemu-vm.nix
disk image for qemu VM with bootloader:
* remove redundant command
* improve readability
* improve execution speed
* make output more reproducible
2017-03-04 11:31:47 +01:00
Thomas Strobel
0a8d9779c5 fix: "nixos-rebuild build-vm-with-bootloader" 2017-03-03 19:14:20 +01:00
Dan Peebles
6018cf4a69 amazon-init.service: fix starting services at startup
We now make it happen later in the boot process so that multi-user
has already activated, so as to not run afoul of the logic in
switch-to-configuration.pl. It's not my favorite solution, but at
least it works. Also added a check to the VM test to catch the failure
so we don't break in future.

Fixes #23121
2017-02-27 16:51:36 +00:00
Antoine Eiche
386c19a224 nova-image: support partition resizing 2017-02-24 22:19:53 +01:00
Antoine Eiche
dec7ecbbbc nova-image: refactoring
The nova image configuration is separated from the image build.
2017-02-24 22:17:52 +01:00
Dan Peebles
15c05ad213 google-compute-image.nix: fix evaluation failure 2017-02-22 23:51:57 +00:00
Tristan Helmich
1d64f5f41b
libvirt: expose libvirt qemu configuration file
fixes #22823
2017-02-21 19:20:22 +01:00
Franz Pletz
05c2c13182 Merge pull request #22715 from phi-gamma/fix-22709-xen-domU
xen: update domU config for pvgrub2
2017-02-21 06:14:12 +01:00
Eelco Dolstra
4b833facf1 Add ca-central-1 AMIs 2017-02-19 23:46:08 +01:00
Dan Peebles
b172684c17 amazon-init NixOS module: fix (I think) race condition with network
The initialization code is now a systemd service that explicitly
waits for network-online, so the occasional failure I was seeing
because the `nixos-rebuild` couldn't get anything from the binary
cache should stop. I hope!
2017-02-16 16:03:58 +00:00
Bjørn Forsman
34c1b74421 nixos/virtualbox: unbreak wrt. new security.wrappers
The new option takes an attrset, not a list.
2017-02-15 07:25:33 +01:00
Ian-Woo Kim
5ca0f72472 nixos-container: break lines in description of forwardPorts. 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
4f0b663c2e nixos-container: hostPort -> forwardPort and forwardPort is now a list of (protocol,hostPort,containerPort). 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
0bfc631de2 nixos-container: support multiple port forwarding. change type of hostPort from 'string' to 'listOf str' 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
8684285251 nixos-container: introduce hostPort in declarative container options. 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
a238c8a575 nixos-container: add --port option for nixos-container (forward network ports to systemd-nspawn container) 2017-02-15 05:12:46 +01:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Eelco Dolstra
a4ec1841da
VM tests: veryloose -> cache=loose 2017-02-13 12:18:10 +01:00
Rob Vermaas
af3732b6c6
Azure: switch back to qemu 2.2.0 for generating image. Seems to work best.
(cherry picked from commit 2da8a5dac8674501ba9ed10e44650088b466688a)
2017-02-13 09:55:03 +00:00
Rob Vermaas
eff0752dbc
Use default qemu for azure image generation, and use option to enforce sizing of image to be compliant with Azure/HyperV.
(cherry picked from commit e16db5666af987f8a76be82ff219e138e92af442)
2017-02-13 08:54:41 +00:00
Dan Peebles
e63d15f173 ecs-agent NixOS module: enable docker 2017-02-13 04:06:31 +00:00
Philipp Gesang
3dad33227f
xen: update domU config for pvgrub2
fix #22709

Recent pvgrub (from Grub built with “--with-platform=xen”) understands
the Grub2 configuration format. Grub legacy configuration (menu.lst) is
ignored.
2017-02-12 20:53:54 +01:00
Dan Peebles
3809938208 ecs-agent module: remove debug print
Whoops :)
2017-02-10 15:16:17 -05:00
Tuomas Tynkkynen
a14ef4ad52 open-vm-tools: 10.0.7 -> 10.1.0
Also add an option to disable all the X11 stuff.
2017-02-10 20:12:00 +02:00
Dan Peebles
a0ebb1497f ecs-agent NixOS module: init
A very simple skeleton for now that doesn't attempt to model any of
the agent configuration, but we can grow it later. Tested and works
on an EC2 instance with ECS.
2017-02-10 05:37:38 +00:00
Nikolay Amiantov
9eb540b807 qemu-vm module: fix boot.tmpOnTmpfs
This option caused systemd to mount /tmp on top of /tmp/{xchg,shared}.

Fixes #21490.
2017-02-03 15:02:34 +03:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
a8cb2afa98
Fixing a bunch of issues 2017-01-29 01:58:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Eelco Dolstra
42a7d906d9
EC2 AMIs: 16.09.666.3738950 -> 16.09.1508.3909827
In particular, this includes a fix for using ephemeral disks for /tmp,
and adds AMIs for the new eu-west-2 (London) and us-east-2 (Ohio)
regions.
2017-01-18 12:42:39 +01:00
Jörg Thalheim
30a554acfb
apparmor: support for lxc profiles 2017-01-10 23:01:03 +01:00
Eelco Dolstra
d496f23df0
amazon-image.nix: Remove redundant log message
(cherry picked from commit c4b5ed5db74cde94b19d519a8d875e3f7df48a76)
2017-01-03 17:32:47 +01:00
Jörg Thalheim
ce99e34b17
docker: deprecate socketActivation option 2017-01-01 09:03:09 +01:00
Antoine Eiche
49efa083c7 nixos/glance: set default glance package
Before, it was overridden in the config section to avoid problem related
to manual generation.
2016-12-31 09:36:57 +01:00
Antoine Eiche
6c94d6437d nixos/glance: init at liberty version
This commit is based on initial works made by domenkozar.
2016-12-31 09:36:57 +01:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
This can give significant speed ups, see
7e20254412.
2016-12-29 21:26:16 +01:00
Jörg Thalheim
585c642bf8
docker: use upstream service file from package 2016-12-25 00:09:13 +01:00
Jörg Thalheim
c23032a8b1 docker: update service units from upstream
All the new options in detail:

Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303

  wantedBy = ["multi-user.target"];

This allows us to remove the postStart hack, as docker reports on its own when
it is ready.

  Type=notify

The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.

  LimitNPROC=infinity
  LimitCORE=infinity
  TasksMax=infinity

Upgrades may require schema migrations. This can delay the startup of dockerd.

  TimeoutStartSec=0

Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.

  Delegate=true

When dockerd is killed, container should be not affected to allow
`live restore` to work.

  KillMode=process
2016-12-23 21:39:38 +01:00
Eelco Dolstra
ea46420fc0
Use overlayfs instead of unionfs-fuse in the VM tests
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
2016-12-21 20:49:08 +01:00
Eelco Dolstra
a02bb00156
Enable virtualisation.writableStore by default
This works around:

  machine: must succeed: nix-store -qR /run/current-system | grep nixos-
  machine# error: changing ownership of path ‘/nix/store’: Invalid argument

Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.

http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f140643cde409022e297ed05e05f8d34d778)
2016-12-20 10:52:47 +01:00
Eelco Dolstra
f173da375d
Use only one build of qemu in VM tests
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).

(cherry picked from commit 8bfa4ce82ea7d23a1d4c6073bcc044e6bf9c4dbe)
2016-12-20 10:52:46 +01:00
Eelco Dolstra
aad5d1f9a7
virtualisation.qemu.program: Remove
This option is defined in qemu-vm.nix, but that module is not always
imported.

http://hydra.nixos.org/build/44817443
(cherry picked from commit 03c55005dfd6fbcd5cf8e00128a3bb6336b3bc0f)
2016-12-20 10:52:46 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
Antoine Eiche
a932f68d9c nixos/keystone: secrets can be read from files
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
2016-12-16 20:53:32 +01:00
Antoine Eiche
415c9ff90b nixos/keystone: init at liberty version
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).

The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.

This commit is based on initial works made by domenkozar.
2016-12-16 20:53:32 +01:00
Eelco Dolstra
705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
montag451
ea5551b551 containers: fix broken /etc/hosts entries when localAddress contains a netmask 2016-12-12 09:20:28 +01:00
montag451
4889c271ca Add macvlan support for declarative containers 2016-12-12 07:34:28 +01:00
Jaka Hudoklin
8ce94b6e89 virtualbox guest module: make x11 optional 2016-12-04 22:24:01 +01:00