pyrox.dev / nixpkgs
lol
fork atom

nixos-container: Make configuration and state directories configurable

/etc/containers is also used by Podman, Skopeo & other popular
container tooling so we need to be able to move to another
configuration directory.

The state move is not strictly a requirement but is good for consistency.

adisbladis 7d9a979b 85919894

options
unified split
Changed files
+22 -11
pkgs
tools
virtualization
nixos-container
default.nix
nixos-container.pl
+9 -1
pkgs/tools/virtualization/nixos-container/default.nix 
···

       
1

       

       
-

       
{ substituteAll, perl, shadow, util-linux }:


     

       

       
1

       
+

       
{ substituteAll


     

       

       
2

       
+

       
, perl


     

       

       
3

       
+

       
, shadow


     

       

       
4

       
+

       
, util-linux


     

       

       
5

       
+

       
, configurationDirectory ? "/etc/nixos-containers"


     

       

       
6

       
+

       
, stateDirectory ? "/var/lib/nixos-containers"


     

       

       
7

       
+

       
}:


     

       
2

       
8

       
 

       



     

       
3

       
9

       
 

       
substituteAll {


     

       
4

       
10

       
 

       
    name = "nixos-container";


     
···

       
8

       
14

       
 

       
    perl = perl.withPackages (p: [ p.FileSlurp ]);


     

       
9

       
15

       
 

       
    su = "${shadow.su}/bin/su";


     

       
10

       
16

       
 

       
    utillinux = util-linux;


     

       

       
17

       
+

       



     

       

       
18

       
+

       
    inherit configurationDirectory stateDirectory;


     

       
11

       
19

       
 

       



     

       
12

       
20

       
 

       
    postInstall = ''


     

       
13

       
21

       
 

       
      t=$out/share/bash-completion/completions
+13 -10
pkgs/tools/virtualization/nixos-container/nixos-container.pl 
···

       
12

       
12

       
 

       
my $nsenter = "@utillinux@/bin/nsenter";


     

       
13

       
13

       
 

       
my $su = "@su@";


     

       
14

       
14

       
 

       



     

       

       
15

       
+

       
my $configurationDirectory = "@configurationDirectory@";


     

       

       
16

       
+

       
my $stateDirectory = "@stateDirectory@";


     

       

       
17

       
+

       



     

       
15

       
18

       
 

       
# Ensure a consistent umask.


     

       
16

       
19

       
 

       
umask 0022;


     

       
17

       
20

       
 

       



     
···

       
132

       
135

       
 

       



     

       
133

       
136

       
 

       
# Execute the selected action.


     

       
134

       
137

       
 

       



     

       
135

       

       
-

       
mkpath("/etc/containers", 0, 0755);


     

       
136

       

       
-

       
mkpath("/var/lib/containers", 0, 0700);


     

       

       
138

       
+

       
mkpath("$configurationDirectory", 0, 0755);


     

       

       
139

       
+

       
mkpath("$stateDirectory", 0, 0700);


     

       
137

       
140

       
 

       



     

       
138

       
141

       
 

       
if ($action eq "list") {


     

       
139

       

       
-

       
    foreach my $confFile (glob "/etc/containers/*.conf") {


     

       

       
142

       
+

       
    foreach my $confFile (glob "$configurationDirectory/*.conf") {


     

       
140

       
143

       
 

       
        $confFile =~ /\/([^\/]+).conf$/ or next;


     

       
141

       
144

       
 

       
        print "$1\n";


     

       
142

       
145

       
 

       
    }


     
···

       
198

       
201

       
 

       
    open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!";


     

       
199

       
202

       
 

       
    flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!";


     

       
200

       
203

       
 

       



     

       
201

       

       
-

       
    my $confFile = "/etc/containers/$containerName.conf";


     

       
202

       

       
-

       
    my $root = "/var/lib/containers/$containerName";


     

       

       
204

       
+

       
    my $confFile = "$configurationDirectory/$containerName.conf";


     

       

       
205

       
+

       
    my $root = "$stateDirectory/$containerName";


     

       
203

       
206

       
 

       



     

       
204

       
207

       
 

       
    # Maybe generate a unique name.


     

       
205

       
208

       
 

       
    if ($ensureUniqueName) {


     

       
206

       
209

       
 

       
        my $base = $containerName;


     

       
207

       
210

       
 

       
        for (my $nr = 0; ; $nr++) {


     

       
208

       

       
-

       
            $confFile = "/etc/containers/$containerName.conf";


     

       
209

       

       
-

       
            $root = "/var/lib/containers/$containerName";


     

       

       
211

       
+

       
            $confFile = "$configurationDirectory/$containerName.conf";


     

       

       
212

       
+

       
            $root = "$stateDirectory/$containerName";


     

       
210

       
213

       
 

       
            last unless -e $confFile || -e $root;


     

       
211

       
214

       
 

       
            $containerName = "$base-$nr";


     

       
212

       
215

       
 

       
        }


     
···

       
220

       
223

       
 

       



     

       
221

       
224

       
 

       
    # Get an unused IP address.


     

       
222

       
225

       
 

       
    my %usedIPs;


     

       
223

       

       
-

       
    foreach my $confFile2 (glob "/etc/containers/*.conf") {


     

       

       
226

       
+

       
    foreach my $confFile2 (glob "$configurationDirectory/*.conf") {


     

       
224

       
227

       
 

       
        my $s = read_file($confFile2) or die;


     

       
225

       
228

       
 

       
        $usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m;


     

       
226

       
229

       
 

       
        $usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m;


     
···

       
292

       
295

       
 

       
    exit 0;


     

       
293

       
296

       
 

       
}


     

       
294

       
297

       
 

       



     

       
295

       

       
-

       
my $root = "/var/lib/containers/$containerName";


     

       

       
298

       
+

       
my $root = "$stateDirectory/$containerName";


     

       
296

       
299

       
 

       
my $profileDir = "/nix/var/nix/profiles/per-container/$containerName";


     

       
297

       
300

       
 

       
my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName";


     

       
298

       

       
-

       
my $confFile = "/etc/containers/$containerName.conf";


     

       

       
301

       
+

       
my $confFile = "$configurationDirectory/$containerName.conf";


     

       
299

       
302

       
 

       
if (!-e $confFile) {


     

       
300

       
303

       
 

       
    if ($action eq "destroy") {


     

       
301

       
304

       
 

       
        exit 0;