Sandro
5f39678474
Merge pull request #292552 from diogotcorreia/oci-containers-fix-stop-one-shot
...
nixos/oci-containers: ignore nonexistent container when stopping
2024-03-07 21:23:51 +01:00
adisbladis
5cdb38bb16
Merge pull request #288579 from blitz/vbox-kvm-2
...
virtualboxKvm: init
2024-03-05 18:58:57 +13:00
nikstur
b6401f808a
Merge pull request #292636 from RaitoBezarius/smm-works-for-something-else-than-x86-actually
...
OVMF: remove invalid `assert` on SMM
2024-03-02 21:04:12 +01:00
Maciej Krüger
55ead8c56a
Merge pull request #290976 from adamcstephens/incus/nft
...
nixos/incus: assert nftables is used when firewall is enabled
2024-03-02 17:40:44 +01:00
nikstur
ce1d1f3e6c
nixos/qemu-vm: remove implicit dependency on SSM
...
The qemu module shouldn't implicitly (and for all architectures) enable
SSM when enabling Secure Boot.
Additionally, this breaks aarch64 Secure Boot tests because this module
doesn't use the right machine type for anything but X86.
2024-03-01 23:40:36 +01:00
Diogo Correia
81f21e3936
nixos/oci-containers: ignore nonexistent container when stopping
...
Fixes #292551
2024-03-01 10:41:00 +00:00
Sandro
b8ec4c1475
Merge pull request #290449 from Kiskae/patch-2
...
nixos/podman: pass proxy variables to podman API
2024-03-01 00:37:27 +01:00
Julian Stecklina
a9822fa200
nixos/virtualbox-host: expose option to run with KVM
2024-02-28 17:36:22 +01:00
Adam C. Stephens
af810fc67e
Merge pull request #284874 from shlevy/ovmf-ms
...
Enable MS-compatible secure boot with OVMF
2024-02-25 22:34:05 -05:00
Sandro
f8545e512d
Merge pull request #289166 from thanegill/remove-grub-version
...
treewide: remove deprecated grub.version references
2024-02-25 18:20:33 +01:00
Ryan Lahfa
077d41f9d8
Merge pull request #289856 from pennae/supfs-set
...
nixos/filesystems: make supportedFilesystems an attrset
2024-02-25 18:05:29 +01:00
Thane Gill
e3d82657a2
treewide: remove deprecated grub.version references
2024-02-25 08:29:58 -08:00
Peder Bergebakken Sundt
736c43fecc
Merge pull request #288215 from budimanjojo/patch-1
...
nixos/oci-containers: don't login if image exists locally
2024-02-25 14:32:32 +01:00
Adam Stephens
6a0ad369f2
nixos/incus: assert nftables is used when firewall is enabled
...
incus manages its own firewall rules and prefers nftables. The
advantages of nftables for segmenting multiple tools managing firewall
rules is sufficient to require nftables with incus.
https://linuxcontainers.org/incus/docs/main/howto/network_bridge_firewalld/#use-incus-firewall
2024-02-23 15:49:33 -05:00
Someone
ee3923ed7d
Merge pull request #284507 from ereslibre/containers-cdi
...
NixOS: Add support for CDI
2024-02-22 13:03:18 +00:00
Rafael Fernández López
8ba61ebb8a
services/hardware: add nvidia-container-toolkit
2024-02-21 22:17:07 +01:00
Kiskae
fe93ea4e8e
nixos/podman: pass proxy variables to podman API
2024-02-21 16:29:11 +01:00
Maciej Krüger
39b4c0d686
nixos/lxc-container: link to prepare-root when boot.initrd.systemd.enable is on
...
Previously we were doing some parts like activation in the init script,
so linking to that works for non-systemd init
With boot.initrd.systemd.enable we no longer run activation in the init script,
but instead a new script named prepare-root, which is used instead.
2024-02-20 23:12:41 +01:00
pennae
258b935d70
nixos/filesystems: make supportedFilesystems an attrset
...
this lets us *dis*able filesystem explicitly, as is required by e.g. the
zfs-less installer images. currently that specifically is only easily
possible by adding an overlay that stubs out `zfs`, with the obvious
side-effect of also removing tooling that could run without the kernel
module loaded.
2024-02-19 11:46:52 +01:00
budimanjojo
fd3fa9f2d3
nixos/oci-containers: check if image exists locally before failing
...
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
2024-02-19 10:38:26 +07:00
Maciej Krüger
a6e237a86a
modules/incus: add ui flag
2024-02-17 16:49:32 +01:00
Rafael Fernández López
fd464f0543
virtualisation/containers: add support for providing static CDI definitions
2024-02-17 16:34:12 +01:00
Shea Levy
9188bb5186
OVMF: Add test with secure boot enabled
...
Co-authored-by: Arthur Gautier <arthur.gautier@arista.com>
2024-02-15 12:13:05 -05:00
Sandro
886449aef2
Merge pull request #268979 from con-f-use/warn_docker_storage_driver
...
nixos/docker: warn about changing storageDriver and remove `devicemapper` value
2024-02-12 19:46:05 +01:00
Will Fancher
d4ee957afa
Merge pull request #287445 from fricklerhandwerk/qemu-env-vars
...
doc: expand on parameters passed to QEMU VMs
2024-02-10 22:12:06 -05:00
Peder Bergebakken Sundt
c43fd32e03
Merge pull request #248315 from apeschar/oci-containers-backend-stop
...
nixos/oci-containers: stop container using backend
2024-02-10 17:12:56 +01:00
Arian van Putten
a1232992ac
nixos/amazon-image: Take over maintainership
...
I am actively working on bringing back Amazon Images for 24.05.
Please track progress in https://github.com/nixos/amis
2024-02-09 18:02:40 +01:00
Valentin Gagarin
e385b36a32
Merge pull request #287438 from fricklerhandwerk/qemu-docs-link
2024-02-09 15:37:35 +01:00
Valentin Gagarin
85f4b05e39
doc: add link to QEMU reference documentation in QEMU module
2024-02-09 11:21:07 +01:00
Valentin Gagarin
11c26d4cc5
use code for env var notation
2024-02-09 11:16:28 +01:00
Valentin Gagarin
d9009e0028
doc: expand on parameters passed to QEMU VMs
2024-02-09 10:48:52 +01:00
WilliButz
0139970416
nixos/qemu-vm: convert tmpfiles rules to settings
...
This change replaces the previously hard-coded `/boot` path with a
reference to `efiSysMountPoint` and more importantly this change makes
it possible to override these rules in scenarios in which they are not
desired.
One such scenario would be when `systemd-gpt-auto-generator(8)` is used
to automount the ESP. Consider this section from the mentioned manpage:
> The ESP is mounted to /boot/ if that directory exists and is not used
> for XBOOTLDR, and otherwise to /efi/. Same as for /boot/, an automount
> unit is used. The mount point will be created if necessary.
Prior to this change, the ESP would be automounted under `/efi` on first
boot, then the previous tmpfiles rules caused `/boot` to be created.
Following the quote above, this meant that the ESP is mounted under
`/boot` for each subsequent boot.
2024-02-07 16:25:30 +01:00
Izorkin
9ad115e5f3
nixos/libvirt: changing process priority for oom killer
2024-02-04 19:54:02 +03:00
Adam Stephens
7585f26855
nixos/incus: add zfs/lib/udev to path
...
Incus needs to find zvol_id for some operations, but zfs does not put
this executable in the bin directory. Exposing lib/udev into the Incus
path solves discovery of the executable
e5690705e8/internal/server/storage/drivers/driver_zfs_volumes.go (L1820C1-L1820C41)
2024-02-02 12:36:41 -05:00
Franz Pletz
e7279b9102
Merge pull request #281186 from Sohalt/podman-dns-firewall
2024-01-19 17:01:23 +01:00
Jade Lovelace
fe474ed61a
nixos: fix remaining services for network-online dep fix
2024-01-19 00:11:34 -08:00
Jade Lovelace
6c5ab28fce
nixos: fix a bunch of services missing dep on network-online.target
...
This was done by generating a truly hilarious configuration:
rg 'services\.[^.]+\.enable\t' opts-tags | cut -f1 > allonconfig.nix
The following were not tested due to other evaluation errors. They
should probably be manually audited.
services.amule
services.castopod
services.ceph
services.chatgpt-retrieval-plugin
services.clamsmtp
services.clight
services.dante
services.dex
services.discourse
services.dwm-status
services.engelsystem
services.foundationdb
services.frigate
services.frp
services.grocy
services.guacamole-client
services.hedgedoc
services.home-assistant
services.honk
services.imaginary
services.jitsi-meet
services.kerberos_server
services.limesurvey
services.mastodon
services.mediawiki
services.mobilizon
services.moodle
services.mosquitto
services.nextcloud
services.nullmailer
services.patroni
services.pfix-srsd
services.pgpkeyserver-lite
services.postfixadmin
services.roundcube
services.schleuder
services.self-deploy
services.slskd
services.spacecookie
services.statsd
services.step-ca
services.sympa
services.tsmBackup
services.vdirsyncer
services.vikunja
services.yandex-disk
services.zabbixWeb
2024-01-19 00:11:34 -08:00
Adam C. Stephens
887d3f54c6
Merge pull request #278753 from adamcstephens/incus/migrate-test
...
incus, lxd: ensure lxd->incus migration is supported and tested
2024-01-18 08:01:23 -05:00
sohalt
38b2778765
nixos/podman: open firewall for aardvark-dns
2024-01-15 18:43:48 +01:00
Adam Stephens
ffdcec2d94
nixos/tests/incus: add lxd-to-incus migration test
2024-01-14 09:26:49 -05:00
Alois Wohlschlager
77e5fa5ea6
nixos/libvirtd: support out-of-tree vhost-user drivers
...
Add an option allowing packages containing out-of-tree vhost-user drivers for
QEMU to be specified. The relevant configurations are then linked at runtime
where libvirt expects them.
An example use case for this is virtiofs.
2024-01-13 00:39:33 +01:00
Peder Bergebakken Sundt
92327152cd
Merge pull request #274813 from pbsds/lxd-package-option-fix
...
nixos/lxd: convert cfg.package and company to mkPackageOption
2024-01-09 23:36:42 +01:00
Philip Taron
da90576aac
nixos/lxd-agent: fix evaluation regression caused by nixos/nixpkgs#271326
2023-12-30 08:45:30 -08:00
nikstur
682cb1d640
nixos/vmware-host: replace activationScript
...
Replace with a dedicated system servie ordered before the other VMWare
services.
2023-12-29 03:16:03 +01:00
Adam Stephens
3f8b1d2d26
nixos/lxd-agent: add system path for exec
2023-12-28 14:27:05 -05:00
nikstur
c9569af3e0
Merge pull request #271326 from philiptaron/shutdown.target
...
treewide: depend on `shutdown.target` if `DefaultDependencies=no` in almost every case
2023-12-27 08:33:26 +01:00
Mihai-Drosi Câju
800af4240b
nixos/waydroid: Replace requirement for ASHMEM with MEMFD_CREATE
...
* fixes #250302
* ASHMEM was removed in Linux 5.18 and waydroid can use MEMFD instead.
MEMFD is enabled by default in 4.18 and later kernels while we
already require this version for namespace support.
2023-12-24 16:04:20 +02:00
Florian Klink
b6cad0fd94
Merge pull request #274220 from flokli/waagent-cleanups
...
waagent: cleanups
2023-12-19 19:19:40 +02:00
Adam C. Stephens
6b43e4b0bc
Merge pull request #260128 from adamcstephens/lxd/no-restart-agent
...
nixos/lxd-agent: prevent restarting on change
2023-12-19 08:41:21 -05:00
Florian Klink
f1c8d0709b
nixos/waagent: provide waagent udev rules in initrd
...
This should make /dev/disk/azure appear in-initrd too.
2023-12-18 13:18:11 +02:00