commit efd1605be6a14d0c169d20b6cbea191b0aa7eb99 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2311.section.md

···

       6
       6
        
       

     

       7
       7
        
       - Support for WiFi6 (IEEE 802.11ax) and WPA3-SAE-PK was enabled in the `hostapd` package, along with a significant rework of the hostapd module.

     

       8
       8
        
       

     

       9
       9
       +
       - LXD now supports virtual machine instances to complement the existing container support

     

       10
       10
       +
       

     

       9
       11
        
       ## New Services {#sec-release-23.11-new-services}

     

       10
       12
        
       

     

       11
       13
        
       - [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable).

+20

nixos/maintainers/scripts/lxd/lxd-container-image-inner.nix

···

       1
       1
       +
       # Edit this configuration file to define what should be installed on

     

       2
       2
       +
       # your system.  Help is available in the configuration.nix(5) man page

     

       3
       3
       +
       # and in the NixOS manual (accessible by running ‘nixos-help’).

     

       4
       4
       +
       

     

       5
       5
       +
       { config, pkgs, lib, ... }:

     

       6
       6
       +
       

     

       7
       7
       +
       {

     

       8
       8
       +
         imports =

     

       9
       9
       +
           [

     

       10
       10
       +
             # Include the default lxd configuration.

     

       11
       11
       +
             ../../../modules/virtualisation/lxc-container.nix

     

       12
       12
       +
             # Include the container-specific autogenerated configuration.

     

       13
       13
       +
             ./lxd.nix

     

       14
       14
       +
           ];

     

       15
       15
       +
       

     

       16
       16
       +
         networking.useDHCP = false;

     

       17
       17
       +
         networking.interfaces.eth0.useDHCP = true;

     

       18
       18
       +
       

     

       19
       19
       +
         system.stateVersion = "21.05"; # Did you read the comment?

     

       20
       20
       +
       }

-95

nixos/maintainers/scripts/lxd/lxd-image-inner.nix

···

       1
       1
       -
       # Edit this configuration file to define what should be installed on

     

       2
       2
       -
       # your system.  Help is available in the configuration.nix(5) man page

     

       3
       3
       -
       # and in the NixOS manual (accessible by running ‘nixos-help’).

     

       4
       4
       -
       

     

       5
       5
       -
       { config, pkgs, lib, ... }:

     

       6
       6
       -
       

     

       7
       7
       -
       {

     

       8
       8
       -
         imports =

     

       9
       9
       -
           [ # Include the default lxd configuration.

     

       10
       10
       -
             ../../../modules/virtualisation/lxc-container.nix

     

       11
       11
       -
             # Include the container-specific autogenerated configuration.

     

       12
       12
       -
             ./lxd.nix

     

       13
       13
       -
           ];

     

       14
       14
       -
       

     

       15
       15
       -
         # networking.hostName = mkForce "nixos"; # Overwrite the hostname.

     

       16
       16
       -
         # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

     

       17
       17
       -
       

     

       18
       18
       -
         # Set your time zone.

     

       19
       19
       -
         # time.timeZone = "Europe/Amsterdam";

     

       20
       20
       -
       

     

       21
       21
       -
         # The global useDHCP flag is deprecated, therefore explicitly set to false here.

     

       22
       22
       -
         # Per-interface useDHCP will be mandatory in the future, so this generated config

     

       23
       23
       -
         # replicates the default behaviour.

     

       24
       24
       -
         networking.useDHCP = false;

     

       25
       25
       -
         networking.interfaces.eth0.useDHCP = true;

     

       26
       26
       -
       

     

       27
       27
       -
         # Configure network proxy if necessary

     

       28
       28
       -
         # networking.proxy.default = "http://user:password@proxy:port/";

     

       29
       29
       -
         # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

     

       30
       30
       -
       

     

       31
       31
       -
         # Select internationalisation properties.

     

       32
       32
       -
         # i18n.defaultLocale = "en_US.UTF-8";

     

       33
       33
       -
         # console = {

     

       34
       34
       -
         #   font = "Lat2-Terminus16";

     

       35
       35
       -
         #   keyMap = "us";

     

       36
       36
       -
         # };

     

       37
       37
       -
       

     

       38
       38
       -
         # Enable the X11 windowing system.

     

       39
       39
       -
         # services.xserver.enable = true;

     

       40
       40
       -
       

     

       41
       41
       -
         # Configure keymap in X11

     

       42
       42
       -
         # services.xserver.layout = "us";

     

       43
       43
       -
         # services.xserver.xkbOptions = "eurosign:e";

     

       44
       44
       -
       

     

       45
       45
       -
         # Enable CUPS to print documents.

     

       46
       46
       -
         # services.printing.enable = true;

     

       47
       47
       -
       

     

       48
       48
       -
         # Enable sound.

     

       49
       49
       -
         # sound.enable = true;

     

       50
       50
       -
         # hardware.pulseaudio.enable = true;

     

       51
       51
       -
       

     

       52
       52
       -
         # Enable touchpad support (enabled default in most desktopManager).

     

       53
       53
       -
         # services.xserver.libinput.enable = true;

     

       54
       54
       -
       

     

       55
       55
       -
         # Define a user account. Don't forget to set a password with ‘passwd’.

     

       56
       56
       -
         # users.users.alice = {

     

       57
       57
       -
         #   isNormalUser = true;

     

       58
       58
       -
         #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.

     

       59
       59
       -
         # };

     

       60
       60
       -
       

     

       61
       61
       -
         # List packages installed in system profile. To search, run:

     

       62
       62
       -
         # $ nix search wget

     

       63
       63
       -
         # environment.systemPackages = with pkgs; [

     

       64
       64
       -
         #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.

     

       65
       65
       -
         #   wget

     

       66
       66
       -
         #   firefox

     

       67
       67
       -
         # ];

     

       68
       68
       -
       

     

       69
       69
       -
         # Some programs need SUID wrappers, can be configured further or are

     

       70
       70
       -
         # started in user sessions.

     

       71
       71
       -
         # programs.mtr.enable = true;

     

       72
       72
       -
         # programs.gnupg.agent = {

     

       73
       73
       -
         #   enable = true;

     

       74
       74
       -
         #   enableSSHSupport = true;

     

       75
       75
       -
         # };

     

       76
       76
       -
       

     

       77
       77
       -
         # List services that you want to enable:

     

       78
       78
       -
       

     

       79
       79
       -
         # Enable the OpenSSH daemon.

     

       80
       80
       -
         # services.openssh.enable = true;

     

       81
       81
       -
       

     

       82
       82
       -
         # Open ports in the firewall.

     

       83
       83
       -
         # networking.firewall.allowedTCPPorts = [ ... ];

     

       84
       84
       -
         # networking.firewall.allowedUDPPorts = [ ... ];

     

       85
       85
       -
         # Or disable the firewall altogether.

     

       86
       86
       -
         # networking.firewall.enable = false;

     

       87
       87
       -
       

     

       88
       88
       -
         # This value determines the NixOS release from which the default

     

       89
       89
       -
         # settings for stateful data, like file locations and database versions

     

       90
       90
       -
         # on your system were taken. It’s perfectly fine and recommended to leave

     

       91
       91
       -
         # this value at the release version of the first install of this system.

     

       92
       92
       -
         # Before changing this value read the documentation for this option

     

       93
       93
       -
         # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

     

       94
       94
       -
         system.stateVersion = "21.05"; # Did you read the comment?

     

       95
       95
       -
       }

+3 -3

nixos/maintainers/scripts/lxd/lxd-image.nix nixos/maintainers/scripts/lxd/lxd-container-image.nix

···

       1
       1
       -
       { lib, config, pkgs, ... }:

     

       1
       1
       +
       { lib, pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
        
         imports = [

     
···

       16
       16
        
         system.activationScripts.config = ''

     

       17
       17
        
           if [ ! -e /etc/nixos/configuration.nix ]; then

     

       18
       18
        
             mkdir -p /etc/nixos

     

       19
       19
       -
             cat ${./lxd-image-inner.nix} > /etc/nixos/configuration.nix

     

       20
       20
       -
             sed 's|../../../modules/virtualisation/lxc-container.nix|<nixpkgs/nixos/modules/virtualisation/lxc-container.nix>|g' -i /etc/nixos/configuration.nix

     

       19
       19
       +
             cat ${./lxd-container-image-inner.nix} > /etc/nixos/configuration.nix

     

       20
       20
       +
             ${lib.getExe pkgs.gnused} 's|../../../modules/virtualisation/lxc-container.nix|<nixpkgs/nixos/modules/virtualisation/lxc-container.nix>|g' -i /etc/nixos/configuration.nix

     

       21
       21
        
           fi

     

       22
       22
        
         '';

     

       23
       23

+20

nixos/maintainers/scripts/lxd/lxd-virtual-machine-image-inner.nix

···

       1
       1
       +
       # Edit this configuration file to define what should be installed on

     

       2
       2
       +
       # your system.  Help is available in the configuration.nix(5) man page

     

       3
       3
       +
       # and in the NixOS manual (accessible by running ‘nixos-help’).

     

       4
       4
       +
       

     

       5
       5
       +
       { config, pkgs, lib, ... }:

     

       6
       6
       +
       

     

       7
       7
       +
       {

     

       8
       8
       +
         imports =

     

       9
       9
       +
           [

     

       10
       10
       +
             # Include the default lxd configuration.

     

       11
       11
       +
             ../../../modules/virtualisation/lxd-virtual-machine.nix

     

       12
       12
       +
             # Include the container-specific autogenerated configuration.

     

       13
       13
       +
             ./lxd.nix

     

       14
       14
       +
           ];

     

       15
       15
       +
       

     

       16
       16
       +
         networking.useDHCP = false;

     

       17
       17
       +
         networking.interfaces.eth0.useDHCP = true;

     

       18
       18
       +
       

     

       19
       19
       +
         system.stateVersion = "23.05"; # Did you read the comment?

     

       20
       20
       +
       }

+27

nixos/maintainers/scripts/lxd/lxd-virtual-machine-image.nix

···

       1
       1
       +
       { lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         imports = [

     

       5
       5
       +
           ../../../modules/virtualisation/lxd-virtual-machine.nix

     

       6
       6
       +
         ];

     

       7
       7
       +
       

     

       8
       8
       +
         virtualisation.lxc.templates.nix = {

     

       9
       9
       +
           enable = true;

     

       10
       10
       +
           target = "/etc/nixos/lxd.nix";

     

       11
       11
       +
           template = ./nix.tpl;

     

       12
       12
       +
           when = ["create" "copy"];

     

       13
       13
       +
         };

     

       14
       14
       +
       

     

       15
       15
       +
         # copy the config for nixos-rebuild

     

       16
       16
       +
         system.activationScripts.config = ''

     

       17
       17
       +
           if [ ! -e /etc/nixos/configuration.nix ]; then

     

       18
       18
       +
             mkdir -p /etc/nixos

     

       19
       19
       +
             cat ${./lxd-virtual-machine-image-inner.nix} > /etc/nixos/configuration.nix

     

       20
       20
       +
             ${lib.getExe pkgs.gnused} 's|../../../modules/virtualisation/lxd-virtual-machine.nix|<nixpkgs/nixos/modules/virtualisation/lxd-virtual-machine.nix>|g' -i /etc/nixos/configuration.nix

     

       21
       21
       +
           fi

     

       22
       22
       +
         '';

     

       23
       23
       +
       

     

       24
       24
       +
         # Network

     

       25
       25
       +
         networking.useDHCP = false;

     

       26
       26
       +
         networking.interfaces.enp5s0.useDHCP = true;

     

       27
       27
       +
       }

+6 -124

nixos/modules/virtualisation/lxc-container.nix

···

       1
       1
        
       { lib, config, pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       with lib;

     

       4
       4
       -
       

     

       5
       3
        
       let

     

       6
       6
       -
         templateSubmodule = { ... }: {

     

       7
       7
       -
           options = {

     

       8
       8
       -
             enable = mkEnableOption (lib.mdDoc "this template");

     

       9
       9
       -
       

     

       10
       10
       -
             target = mkOption {

     

       11
       11
       -
               description = lib.mdDoc "Path in the container";

     

       12
       12
       -
               type = types.path;

     

       13
       13
       -
             };

     

       14
       14
       -
             template = mkOption {

     

       15
       15
       -
               description = lib.mdDoc ".tpl file for rendering the target";

     

       16
       16
       -
               type = types.path;

     

       17
       17
       -
             };

     

       18
       18
       -
             when = mkOption {

     

       19
       19
       -
               description = lib.mdDoc "Events which trigger a rewrite (create, copy)";

     

       20
       20
       -
               type = types.listOf (types.str);

     

       21
       21
       -
             };

     

       22
       22
       -
             properties = mkOption {

     

       23
       23
       -
               description = lib.mdDoc "Additional properties";

     

       24
       24
       -
               type = types.attrs;

     

       25
       25
       -
               default = {};

     

       26
       26
       -
             };

     

       27
       27
       -
           };

     

       28
       28
       -
         };

     

       29
       29
       -
       

     

       30
       30
       -
         toYAML = name: data: pkgs.writeText name (generators.toYAML {} data);

     

       31
       31
       -
       

     

       32
       4
        
         cfg = config.virtualisation.lxc;

     

       33
       33
       -
         templates = if cfg.templates != {} then let

     

       34
       34
       -
           list = mapAttrsToList (name: value: { inherit name; } // value)

     

       35
       35
       -
             (filterAttrs (name: value: value.enable) cfg.templates);

     

       36
       36
       -
         in

     

       37
       37
       -
           {

     

       38
       38
       -
             files = map (tpl: {

     

       39
       39
       -
               source = tpl.template;

     

       40
       40
       -
               target = "/templates/${tpl.name}.tpl";

     

       41
       41
       -
             }) list;

     

       42
       42
       -
             properties = listToAttrs (map (tpl: nameValuePair tpl.target {

     

       43
       43
       -
               when = tpl.when;

     

       44
       44
       -
               template = "${tpl.name}.tpl";

     

       45
       45
       -
               properties = tpl.properties;

     

       46
       46
       -
             }) list);

     

       47
       47
       -
           }

     

       48
       48
       -
         else { files = []; properties = {}; };

     

       49
       49
       -
       

     

       50
       50
       -
       in

     

       51
       51
       -
       {

     

       5
       5
       +
       in {

     

       52
       6
        
         imports = [

     

       53
       53
       -
           ../installer/cd-dvd/channel.nix

     

       54
       54
       -
           ../profiles/clone-config.nix

     

       55
       55
       -
           ../profiles/minimal.nix

     

       7
       7
       +
           ./lxc-instance-common.nix

     

       56
       8
        
         ];

     

       57
       9
        
       

     

       58
       10
        
         options = {

     

       59
       11
        
           virtualisation.lxc = {

     

       60
       60
       -
             templates = mkOption {

     

       61
       61
       -
               description = lib.mdDoc "Templates for LXD";

     

       62
       62
       -
               type = types.attrsOf (types.submodule (templateSubmodule));

     

       63
       63
       -
               default = {};

     

       64
       64
       -
               example = literalExpression ''

     

       65
       65
       -
                 {

     

       66
       66
       -
                   # create /etc/hostname on container creation. also requires networking.hostName = "" to be set

     

       67
       67
       -
                   "hostname" = {

     

       68
       68
       -
                     enable = true;

     

       69
       69
       -
                     target = "/etc/hostname";

     

       70
       70
       -
                     template = builtins.toFile "hostname.tpl" "{{ container.name }}";

     

       71
       71
       -
                     when = [ "create" ];

     

       72
       72
       -
                   };

     

       73
       73
       -
                   # create /etc/nixos/hostname.nix with a configuration for keeping the hostname applied

     

       74
       74
       -
                   "hostname-nix" = {

     

       75
       75
       -
                     enable = true;

     

       76
       76
       -
                     target = "/etc/nixos/hostname.nix";

     

       77
       77
       -
                     template = builtins.toFile "hostname-nix.tpl" "{ ... }: { networking.hostName = \"{{ container.name }}\"; }";

     

       78
       78
       -
                     # copy keeps the file updated when the container is changed

     

       79
       79
       -
                     when = [ "create" "copy" ];

     

       80
       80
       -
                   };

     

       81
       81
       -
                   # copy allow the user to specify a custom configuration.nix

     

       82
       82
       -
                   "configuration-nix" = {

     

       83
       83
       -
                     enable = true;

     

       84
       84
       -
                     target = "/etc/nixos/configuration.nix";

     

       85
       85
       -
                     template = builtins.toFile "configuration-nix" "{{ config_get(\"user.user-data\", properties.default) }}";

     

       86
       86
       -
                     when = [ "create" ];

     

       87
       87
       -
                   };

     

       88
       88
       -
                 };

     

       89
       89
       -
               '';

     

       90
       90
       -
             };

     

       91
       91
       -
       

     

       92
       92
       -
             privilegedContainer = mkOption {

     

       93
       93
       -
               type = types.bool;

     

       12
       12
       +
             privilegedContainer = lib.mkOption {

     

       13
       13
       +
               type = lib.types.bool;

     

       94
       14
        
               default = false;

     

       95
       15
        
               description = lib.mdDoc ''

     

       96
       16
        
                 Whether this LXC container will be running as a privileged container or not. If set to `true` then

     
···

       116
       36
        
               ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system

     

       117
       37
        
             '';

     

       118
       38
        
       

     

       119
       119
       -
           system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       120
       120
       -
             contents = [

     

       121
       121
       -
               {

     

       122
       122
       -
                 source = toYAML "metadata.yaml" {

     

       123
       123
       -
                   architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.system)) 0;

     

       124
       124
       -
                   creation_date = 1;

     

       125
       125
       -
                   properties = {

     

       126
       126
       -
                     description = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.system}";

     

       127
       127
       -
                     os = "${config.system.nixos.distroId}";

     

       128
       128
       -
                     release = "${config.system.nixos.codeName}";

     

       129
       129
       -
                   };

     

       130
       130
       -
                   templates = templates.properties;

     

       131
       131
       -
                 };

     

       132
       132
       -
                 target = "/metadata.yaml";

     

       133
       133
       -
               }

     

       134
       134
       -
             ] ++ templates.files;

     

       135
       135
       -
           };

     

       136
       136
       -
       

     

       137
       39
        
           # TODO: build rootfs as squashfs for faster unpack

     

       138
       40
        
           system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       139
       41
        
             extraArgs = "--owner=0";

     
···

       180
       82
        
                 ProtectKernelTunables=no

     

       181
       83
        
                 NoNewPrivileges=no

     

       182
       84
        
                 LoadCredential=

     

       183
       183
       -
               '' + optionalString cfg.privilegedContainer ''

     

       85
       85
       +
               '' + lib.optionalString cfg.privilegedContainer ''

     

       184
       86
        
                 # Additional settings for privileged containers

     

       185
       87
        
                 ProtectHome=no

     

       186
       88
        
                 ProtectSystem=no

     
···

       193
       95
        
             })

     

       194
       96
        
           ];

     

       195
       97
        
       

     

       196
       196
       -
           # Allow the user to login as root without password.

     

       197
       197
       -
           users.users.root.initialHashedPassword = mkOverride 150 "";

     

       198
       198
       -
       

     

       199
       199
       -
           system.activationScripts.installInitScript = mkForce ''

     

       98
       98
       +
           system.activationScripts.installInitScript = lib.mkForce ''

     

       200
       99
        
             ln -fs $systemConfig/init /sbin/init

     

       201
       100
        
           '';

     

       202
       202
       -
       

     

       203
       203
       -
           # Some more help text.

     

       204
       204
       -
           services.getty.helpLine =

     

       205
       205
       -
             ''

     

       206
       206
       -
       

     

       207
       207
       -
               Log in as "root" with an empty password.

     

       208
       208
       -
             '';

     

       209
       209
       -
       

     

       210
       210
       -
           # Containers should be light-weight, so start sshd on demand.

     

       211
       211
       -
           services.openssh.enable = mkDefault true;

     

       212
       212
       -
           services.openssh.startWhenNeeded = mkDefault true;

     

       213
       213
       -
       

     

       214
       214
       -
           # As this is intended as a standalone image, undo some of the minimal profile stuff

     

       215
       215
       -
           environment.noXlibs = false;

     

       216
       216
       -
           documentation.enable = true;

     

       217
       217
       -
           documentation.nixos.enable = true;

     

       218
       218
       -
           services.logrotate.enable = true;

     

       219
       101
        
         };

     

       220
       102
        
       }

+104

nixos/modules/virtualisation/lxc-image-metadata.nix

···

       1
       1
       +
       { lib, config, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         templateSubmodule = {...}: {

     

       5
       5
       +
           options = {

     

       6
       6
       +
             enable = lib.mkEnableOption "this template";

     

       7
       7
       +
       

     

       8
       8
       +
             target = lib.mkOption {

     

       9
       9
       +
               description = "Path in the container";

     

       10
       10
       +
               type = lib.types.path;

     

       11
       11
       +
             };

     

       12
       12
       +
             template = lib.mkOption {

     

       13
       13
       +
               description = ".tpl file for rendering the target";

     

       14
       14
       +
               type = lib.types.path;

     

       15
       15
       +
             };

     

       16
       16
       +
             when = lib.mkOption {

     

       17
       17
       +
               description = "Events which trigger a rewrite (create, copy)";

     

       18
       18
       +
               type = lib.types.listOf (lib.types.str);

     

       19
       19
       +
             };

     

       20
       20
       +
             properties = lib.mkOption {

     

       21
       21
       +
               description = "Additional properties";

     

       22
       22
       +
               type = lib.types.attrs;

     

       23
       23
       +
               default = {};

     

       24
       24
       +
             };

     

       25
       25
       +
           };

     

       26
       26
       +
         };

     

       27
       27
       +
       

     

       28
       28
       +
         toYAML = name: data: pkgs.writeText name (lib.generators.toYAML {} data);

     

       29
       29
       +
       

     

       30
       30
       +
         cfg = config.virtualisation.lxc;

     

       31
       31
       +
         templates = if cfg.templates != {} then let

     

       32
       32
       +
           list = lib.mapAttrsToList (name: value: { inherit name; } // value)

     

       33
       33
       +
             (lib.filterAttrs (name: value: value.enable) cfg.templates);

     

       34
       34
       +
         in

     

       35
       35
       +
           {

     

       36
       36
       +
             files = map (tpl: {

     

       37
       37
       +
               source = tpl.template;

     

       38
       38
       +
               target = "/templates/${tpl.name}.tpl";

     

       39
       39
       +
             }) list;

     

       40
       40
       +
             properties = lib.listToAttrs (map (tpl: lib.nameValuePair tpl.target {

     

       41
       41
       +
               when = tpl.when;

     

       42
       42
       +
               template = "${tpl.name}.tpl";

     

       43
       43
       +
               properties = tpl.properties;

     

       44
       44
       +
             }) list);

     

       45
       45
       +
           }

     

       46
       46
       +
         else { files = []; properties = {}; };

     

       47
       47
       +
       

     

       48
       48
       +
       in {

     

       49
       49
       +
         options = {

     

       50
       50
       +
           virtualisation.lxc = {

     

       51
       51
       +
             templates = lib.mkOption {

     

       52
       52
       +
               description = "Templates for LXD";

     

       53
       53
       +
               type = lib.types.attrsOf (lib.types.submodule templateSubmodule);

     

       54
       54
       +
               default = {};

     

       55
       55
       +
               example = lib.literalExpression ''

     

       56
       56
       +
                 {

     

       57
       57
       +
                   # create /etc/hostname on container creation

     

       58
       58
       +
                   "hostname" = {

     

       59
       59
       +
                     enable = true;

     

       60
       60
       +
                     target = "/etc/hostname";

     

       61
       61
       +
                     template = builtins.writeFile "hostname.tpl" "{{ container.name }}";

     

       62
       62
       +
                     when = [ "create" ];

     

       63
       63
       +
                   };

     

       64
       64
       +
                   # create /etc/nixos/hostname.nix with a configuration for keeping the hostname applied

     

       65
       65
       +
                   "hostname-nix" = {

     

       66
       66
       +
                     enable = true;

     

       67
       67
       +
                     target = "/etc/nixos/hostname.nix";

     

       68
       68
       +
                     template = builtins.writeFile "hostname-nix.tpl" "{ ... }: { networking.hostName = "{{ container.name }}"; }";

     

       69
       69
       +
                     # copy keeps the file updated when the container is changed

     

       70
       70
       +
                     when = [ "create" "copy" ];

     

       71
       71
       +
                   };

     

       72
       72
       +
                   # copy allow the user to specify a custom configuration.nix

     

       73
       73
       +
                   "configuration-nix" = {

     

       74
       74
       +
                     enable = true;

     

       75
       75
       +
                     target = "/etc/nixos/configuration.nix";

     

       76
       76
       +
                     template = builtins.writeFile "configuration-nix" "{{ config_get(\"user.user-data\", properties.default) }}";

     

       77
       77
       +
                     when = [ "create" ];

     

       78
       78
       +
                   };

     

       79
       79
       +
                 };

     

       80
       80
       +
               '';

     

       81
       81
       +
             };

     

       82
       82
       +
           };

     

       83
       83
       +
         };

     

       84
       84
       +
       

     

       85
       85
       +
         config = {

     

       86
       86
       +
           system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       87
       87
       +
             contents = [

     

       88
       88
       +
               {

     

       89
       89
       +
                 source = toYAML "metadata.yaml" {

     

       90
       90
       +
                   architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.system)) 0;

     

       91
       91
       +
                   creation_date = 1;

     

       92
       92
       +
                   properties = {

     

       93
       93
       +
                     description = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.system}";

     

       94
       94
       +
                     os = "${config.system.nixos.distroId}";

     

       95
       95
       +
                     release = "${config.system.nixos.codeName}";

     

       96
       96
       +
                   };

     

       97
       97
       +
                   templates = templates.properties;

     

       98
       98
       +
                 };

     

       99
       99
       +
                 target = "/metadata.yaml";

     

       100
       100
       +
               }

     

       101
       101
       +
             ] ++ templates.files;

     

       102
       102
       +
           };

     

       103
       103
       +
         };

     

       104
       104
       +
       }

+30

nixos/modules/virtualisation/lxc-instance-common.nix

···

       1
       1
       +
       {lib, ...}:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         imports = [

     

       5
       5
       +
           ./lxc-image-metadata.nix

     

       6
       6
       +
       

     

       7
       7
       +
           ../installer/cd-dvd/channel.nix

     

       8
       8
       +
           ../profiles/clone-config.nix

     

       9
       9
       +
           ../profiles/minimal.nix

     

       10
       10
       +
         ];

     

       11
       11
       +
       

     

       12
       12
       +
         # Allow the user to login as root without password.

     

       13
       13
       +
         users.users.root.initialHashedPassword = lib.mkOverride 150 "";

     

       14
       14
       +
       

     

       15
       15
       +
         # Some more help text.

     

       16
       16
       +
         services.getty.helpLine = ''

     

       17
       17
       +
       

     

       18
       18
       +
           Log in as "root" with an empty password.

     

       19
       19
       +
         '';

     

       20
       20
       +
       

     

       21
       21
       +
         # Containers should be light-weight, so start sshd on demand.

     

       22
       22
       +
         services.openssh.enable = lib.mkDefault true;

     

       23
       23
       +
         services.openssh.startWhenNeeded = lib.mkDefault true;

     

       24
       24
       +
       

     

       25
       25
       +
         # As this is intended as a standalone image, undo some of the minimal profile stuff

     

       26
       26
       +
         environment.noXlibs = false;

     

       27
       27
       +
         documentation.enable = true;

     

       28
       28
       +
         documentation.nixos.enable = true;

     

       29
       29
       +
         services.logrotate.enable = true;

     

       30
       30
       +
       }

+46

nixos/modules/virtualisation/lxd-virtual-machine.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         serialDevice =

     

       5
       5
       +
           if pkgs.stdenv.hostPlatform.isx86

     

       6
       6
       +
           then "ttyS0"

     

       7
       7
       +
           else "ttyAMA0"; # aarch64

     

       8
       8
       +
       in {

     

       9
       9
       +
         imports = [

     

       10
       10
       +
           ./lxc-instance-common.nix

     

       11
       11
       +
       

     

       12
       12
       +
           ../profiles/qemu-guest.nix

     

       13
       13
       +
         ];

     

       14
       14
       +
       

     

       15
       15
       +
         config = {

     

       16
       16
       +
           system.build.qemuImage = import ../../lib/make-disk-image.nix {

     

       17
       17
       +
             inherit pkgs lib config;

     

       18
       18
       +
       

     

       19
       19
       +
             partitionTableType = "efi";

     

       20
       20
       +
             format = "qcow2-compressed";

     

       21
       21
       +
             copyChannel = true;

     

       22
       22
       +
           };

     

       23
       23
       +
       

     

       24
       24
       +
           fileSystems = {

     

       25
       25
       +
             "/" = {

     

       26
       26
       +
               device = "/dev/disk/by-label/nixos";

     

       27
       27
       +
               autoResize = true;

     

       28
       28
       +
               fsType = "ext4";

     

       29
       29
       +
             };

     

       30
       30
       +
             "/boot" = {

     

       31
       31
       +
               device = "/dev/disk/by-label/ESP";

     

       32
       32
       +
               fsType = "vfat";

     

       33
       33
       +
             };

     

       34
       34
       +
           };

     

       35
       35
       +
       

     

       36
       36
       +
           boot.growPartition = true;

     

       37
       37
       +
           boot.loader.systemd-boot.enable = true;

     

       38
       38
       +
       

     

       39
       39
       +
           # image building needs to know what device to install bootloader on

     

       40
       40
       +
           boot.loader.grub.device = "/dev/vda";

     

       41
       41
       +
       

     

       42
       42
       +
           boot.kernelParams = ["console=tty1" "console=${serialDevice}"];

     

       43
       43
       +
       

     

       44
       44
       +
           virtualisation.lxd.agent.enable = lib.mkDefault true;

     

       45
       45
       +
         };

     

       46
       46
       +
       }

+1 -1

nixos/modules/virtualisation/lxd.nix

···

       196
       196
        
             "kernel.keys.maxkeys" = 2000;

     

       197
       197
        
           };

     

       198
       198
        
       

     

       199
       199
       -
           boot.kernelModules = [ "veth" "xt_comment" "xt_CHECKSUM" "xt_MASQUERADE" ]

     

       199
       199
       +
           boot.kernelModules = [ "veth" "xt_comment" "xt_CHECKSUM" "xt_MASQUERADE" "vhost_vsock" ]

     

       200
       200
        
             ++ optionals (!config.networking.nftables.enable) [ "iptable_mangle" ];

     

       201
       201
        
         };

     

       202
       202
        
       }

+36 -4

nixos/release.nix

···

       310
       310
        
         );

     

       311
       311
        
       

     

       312
       312
        
         # An image that can be imported into lxd and used for container creation

     

       313
       313
       -
         lxdImage = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       313
       313
       +
         lxdContainerImage = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       314
       314
        
       

     

       315
       315
        
           with import ./.. { inherit system; };

     

       316
       316
        
       

     
···

       319
       319
        
             modules =

     

       320
       320
        
               [ configuration

     

       321
       321
        
                 versionModule

     

       322
       322
       -
                 ./maintainers/scripts/lxd/lxd-image.nix

     

       322
       322
       +
                 ./maintainers/scripts/lxd/lxd-container-image.nix

     

       323
       323
        
               ];

     

       324
       324
        
           }).config.system.build.tarball)

     

       325
       325
        
       

     

       326
       326
        
         );

     

       327
       327
        
       

     

       328
       328
        
         # Metadata for the lxd image

     

       329
       329
       -
         lxdMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       329
       329
       +
         lxdContainerMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       330
       330
        
       

     

       331
       331
        
           with import ./.. { inherit system; };

     

       332
       332
        
       

     
···

       335
       335
        
             modules =

     

       336
       336
        
               [ configuration

     

       337
       337
        
                 versionModule

     

       338
       338
       -
                 ./maintainers/scripts/lxd/lxd-image.nix

     

       338
       338
       +
                 ./maintainers/scripts/lxd/lxd-container-image.nix

     

       339
       339
       +
               ];

     

       340
       340
       +
           }).config.system.build.metadata)

     

       341
       341
       +
       

     

       342
       342
       +
         );

     

       343
       343
       +
       

     

       344
       344
       +
         # An image that can be imported into lxd and used for container creation

     

       345
       345
       +
         lxdVirtualMachineImage = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       346
       346
       +
       

     

       347
       347
       +
           with import ./.. { inherit system; };

     

       348
       348
       +
       

     

       349
       349
       +
           hydraJob ((import lib/eval-config.nix {

     

       350
       350
       +
             inherit system;

     

       351
       351
       +
             modules =

     

       352
       352
       +
               [ configuration

     

       353
       353
       +
                 versionModule

     

       354
       354
       +
                 ./maintainers/scripts/lxd/lxd-virtual-machine-image.nix

     

       355
       355
       +
               ];

     

       356
       356
       +
           }).config.system.build.qemuImage)

     

       357
       357
       +
       

     

       358
       358
       +
         );

     

       359
       359
       +
       

     

       360
       360
       +
         # Metadata for the lxd image

     

       361
       361
       +
         lxdVirtualMachineImageMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

     

       362
       362
       +
       

     

       363
       363
       +
           with import ./.. { inherit system; };

     

       364
       364
       +
       

     

       365
       365
       +
           hydraJob ((import lib/eval-config.nix {

     

       366
       366
       +
             inherit system;

     

       367
       367
       +
             modules =

     

       368
       368
       +
               [ configuration

     

       369
       369
       +
                 versionModule

     

       370
       370
       +
                 ./maintainers/scripts/lxd/lxd-virtual-machine-image.nix

     

       339
       371
        
               ];

     

       340
       372
        
           }).config.system.build.metadata)

     

       341
       373

+5 -5

nixos/tests/lxd/container.nix

···

       1
       1
        
       import ../make-test-python.nix ({ pkgs, lib, ... } :

     

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
       -
         lxd-image = import ../../release.nix {

     

       4
       4
       +
         releases = import ../../release.nix {

     

       5
       5
        
           configuration = {

     

       6
       6
        
             # Building documentation makes the test unnecessarily take a longer time:

     

       7
       7
        
             documentation.enable = lib.mkForce false;

     
···

       11
       11
        
           };

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
       -
         lxd-image-metadata = lxd-image.lxdMeta.${pkgs.stdenv.hostPlatform.system};

     

       15
       15
       -
         lxd-image-rootfs = lxd-image.lxdImage.${pkgs.stdenv.hostPlatform.system};

     

       14
       14
       +
         lxd-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};

     

       15
       15
       +
         lxd-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};

     

       16
       16
        
       

     

       17
       17
        
       in {

     

       18
       18
       -
         name = "lxd";

     

       18
       18
       +
         name = "lxd-container";

     

       19
       19
        
       

     

       20
       20
        
         meta = with pkgs.lib.maintainers; {

     

       21
       21
       -
           maintainers = [ patryk27 ];

     

       21
       21
       +
           maintainers = [ patryk27 adamcstephens ];

     

       22
       22
        
         };

     

       23
       23
        
       

     

       24
       24
        
         nodes.machine = { lib, ... }: {

nixos/tests/lxd/default.nix

···

       6
       6
        
         container = import ./container.nix {inherit system pkgs;};

     

       7
       7
        
         nftables = import ./nftables.nix {inherit system pkgs;};

     

       8
       8
        
         ui = import ./ui.nix {inherit system pkgs;};

     

       9
       9
       +
         virtual-machine = import ./virtual-machine.nix { inherit system pkgs; };

     

       9
       10
        
       }

+64

nixos/tests/lxd/virtual-machine.nix

···

       1
       1
       +
       import ../make-test-python.nix ({ pkgs, lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         releases = import ../../release.nix {

     

       5
       5
       +
           configuration = {

     

       6
       6
       +
             # Building documentation makes the test unnecessarily take a longer time:

     

       7
       7
       +
             documentation.enable = lib.mkForce false;

     

       8
       8
       +
       

     

       9
       9
       +
             # Our tests require `grep` & friends:

     

       10
       10
       +
             environment.systemPackages = with pkgs; [busybox];

     

       11
       11
       +
           };

     

       12
       12
       +
         };

     

       13
       13
       +
       

     

       14
       14
       +
         lxd-image-metadata = releases.lxdVirtualMachineImageMeta.${pkgs.stdenv.hostPlatform.system};

     

       15
       15
       +
         lxd-image-disk = releases.lxdVirtualMachineImage.${pkgs.stdenv.hostPlatform.system};

     

       16
       16
       +
       

     

       17
       17
       +
         instance-name = "instance1";

     

       18
       18
       +
       in {

     

       19
       19
       +
         name = "lxd-virtual-machine";

     

       20
       20
       +
       

     

       21
       21
       +
         meta = with pkgs.lib.maintainers; {

     

       22
       22
       +
           maintainers = [adamcstephens];

     

       23
       23
       +
         };

     

       24
       24
       +
       

     

       25
       25
       +
         nodes.machine = {lib, ...}: {

     

       26
       26
       +
           virtualisation = {

     

       27
       27
       +
             diskSize = 4096;

     

       28
       28
       +
       

     

       29
       29
       +
             cores = 2;

     

       30
       30
       +
       

     

       31
       31
       +
             # Ensure we have enough memory for the nested virtual machine

     

       32
       32
       +
             memorySize = 1024;

     

       33
       33
       +
       

     

       34
       34
       +
             lxc.lxcfs.enable = true;

     

       35
       35
       +
             lxd.enable = true;

     

       36
       36
       +
           };

     

       37
       37
       +
         };

     

       38
       38
       +
       

     

       39
       39
       +
         testScript = ''

     

       40
       40
       +
           def instance_is_up(_) -> bool:

     

       41
       41
       +
             status, _ = machine.execute("lxc exec ${instance-name} --disable-stdin --force-interactive /run/current-system/sw/bin/true")

     

       42
       42
       +
             return status == 0

     

       43
       43
       +
       

     

       44
       44
       +
           machine.wait_for_unit("sockets.target")

     

       45
       45
       +
           machine.wait_for_unit("lxd.service")

     

       46
       46
       +
           machine.wait_for_file("/var/lib/lxd/unix.socket")

     

       47
       47
       +
       

     

       48
       48
       +
           # Wait for lxd to settle

     

       49
       49
       +
           machine.succeed("lxd waitready")

     

       50
       50
       +
       

     

       51
       51
       +
           machine.succeed("lxd init --minimal")

     

       52
       52
       +
       

     

       53
       53
       +
           with subtest("virtual-machine image can be imported"):

     

       54
       54
       +
               machine.succeed("lxc image import ${lxd-image-metadata}/*/*.tar.xz ${lxd-image-disk}/nixos.qcow2 --alias nixos")

     

       55
       55
       +
       

     

       56
       56
       +
           with subtest("virtual-machine can be launched and become available"):

     

       57
       57
       +
               machine.succeed("lxc launch nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false")

     

       58
       58
       +
               with machine.nested("Waiting for instance to start and be usable"):

     

       59
       59
       +
                 retry(instance_is_up)

     

       60
       60
       +
       

     

       61
       61
       +
           with subtest("lxd-agent is started"):

     

       62
       62
       +
               machine.succeed("lxc exec ${instance-name} systemctl is-active lxd-agent")

     

       63
       63
       +
         '';

     

       64
       64
       +
       })