Commit Graph

38 Commits

Author SHA1 Message Date
Jakub Okoński
12508ac79a nixos-container: force systemd-nspawn to use unified cgroups hierarchy 2022-11-06 17:12:02 +01:00
adisbladis
dc26602aed nixos-container: Add tests to passthru for CI 2022-04-27 18:35:51 +12:00
adisbladis
81d192cfa6 nixos-container: Add compatibility hack for pre-22.05 state/config directories 2022-04-27 18:35:13 +12:00
adisbladis
7d9a979b2e nixos-container: Make configuration and state directories configurable
/etc/containers is also used by Podman, Skopeo & other popular
container tooling so we need to be able to move to another
configuration directory.

The state move is not strictly a requirement but is good for consistency.
2022-04-27 18:35:03 +12:00
rnhmjoj
61b7cab481
treewide: use perl.withPackages when possible
Since 03eaa48 added perl.withPackages, there is a canonical way to
create a perl interpreter from a list of libraries, for use in script
shebangs or generic build inputs. This method is declarative (what we
are doing is clear), produces short shebangs[1] and needs not to wrap
existing scripts.

Unfortunately there are a few exceptions that I've found:

  1. Scripts that are calling perl with the -T switch. This makes perl
  ignore PERL5LIB, which is what perl.withPackages is using to inform
  the interpreter of the library paths.

  2. Perl packages that depends on libraries in their own path. This
  is not possible because perl.withPackages works at build time. The
  workaround is to add `-I $out/${perl.libPrefix}` to the shebang.

In all other cases I propose to switch to perl.withPackages.

[1]: https://lwn.net/Articles/779997/
2021-03-31 21:35:37 +02:00
Vojtěch Káně
7fc1efdac7 fixup! nixos-container: fix show-ip command to support IPv6 addresses 2021-02-17 14:17:28 +01:00
Vojtěch Káně
5e9811b552 nixos-container: fix show-ip command to support IPv6 addresses 2021-02-01 09:38:34 +01:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Jonas Chevalier
a7cb88c3de
tree-wide: unify Bash completions outputs (#103421)
Use $out/share/bash-completion/completions to store the Bash completions
2020-11-12 21:22:18 +00:00
Eelco Dolstra
ed49c901dd
nixos-container: Pass through several Nix flags
Since nixos-container calls nix-env / nix-build, it's useful to
support various evaluation-related options.
2020-06-30 15:01:53 +02:00
Maximilian Bosch
ebb6e385ea
Revert "nixos-container: use systemd-run instead of nsenter"
This reverts commit 7cb100b683.

See also #83432.

This appears to break at least the `container`-backend of `nixops`: when
running `switch-to-configuration` within `nixos-container run`, the
running `systemd`-instance gets reloaded which appears to kill the
`systemd-run` command and causes `nixos-container run` to hang.

The full issue is reported in the original PR[1].

[1] https://github.com/NixOS/nixpkgs/pull/67332#issuecomment-604145869

(cherry picked from commit 7f1ba606ac)
2020-03-26 17:55:12 +01:00
Danylo Hlynskyi
9336b084ae
Merge pull request #79736 from Ma27/minor-imperative-container-fixes
nixos-container: minor fixes
2020-02-22 21:26:04 +02:00
Sarah Zhang
a279b68571 Fixed typo 2020-02-12 16:22:47 +01:00
Maximilian Bosch
31bbcc21d3
nixos/nixos-container: use custom path if specified by --nixos-path 2020-02-11 14:44:38 +01:00
Maximilian Bosch
93943acbc5
nixos/nixos-container: ensure that the state-dir is cleaned up if a build fails 2020-02-11 14:42:30 +01:00
Eelco Dolstra
fb051f0dec nixos-{rebuild,container}: Use flakeref#attrpath syntax
This makes them consistent with the 'nix' command line.
2020-02-05 23:15:18 +01:00
Eelco Dolstra
20087bd553 nixos-container: Add flake support
E.g. to create a container that runs the NixOS homepage:

  $ nixos-container create homepage --flake nixos-homepage

And to upgrade it:

  $ nixos-container update homepage
2020-02-05 23:15:18 +01:00
Nikita Uvarov
7cb100b683
nixos-container: use systemd-run instead of nsenter
This is the first step for unprivileged nixos containers support.
Fixes #30019. See also #18825, #57083, and #67130.
2019-08-23 12:21:22 +02:00
Maximilian Bosch
c957341ef5
nixos-container: allow setting custom local and host address
I have a nixops network where I deploy containers using the `container`
backend which uses `nixos-container` intenrally to deploy several
containers to a certain host.

During that time I removed and added new containers and while trying to
deploy those to a different host I realized that it isn't guaranteed
that each container gets the same IP address which is a problem as some
parts of the deployment need to know which container is using which IP
(i.e. to configure port forwarding on the host).

With this change you can specify the container's IP like this (and don't
have to use the arbitrarily used 10.233.0.0/16 subnet):

```
$ nixos-container create test --config-file test-container.nix \
    --local-address 10.235.1.2 --host-address 10.235.1.1
```
2019-04-22 18:13:45 +02:00
volth
bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Peter Hoeg
b95a24fdf1 nixos-container: support restarts 2018-04-20 11:07:07 +08:00
Niklas Hambüchen
5d83988c1e nixos-container: Fix destroy terminating before it's done. Fixes #32545.
This also fixes the race condition found in #32551.

And it fixes nixops's repeated destroy/deploy being broken
(https://github.com/NixOS/nixops/issues/809).
2017-12-29 16:26:18 +01:00
Martin Bornhold
ac7edeebfd nixos-container: Make show-ip work together with ipv4 + netmask
The containers local address can be given as ipv4 only or with a subnetmask in
CIDR notation in the container configuration, see [1]. This works fine but the
'nixos-container show-ip' only supports plain ipv4 addresses without the netmask
suffix.

Changed the regex to also match in case of a CIDR netmask suffix.

[1] 9939032e35/nixos/modules/virtualisation/containers.nix (L382)
2017-11-16 20:25:45 +01:00
Robin Gloster
91e74ed3b2
nixos-container: check for correct path for chattr
Could fail on destroy if the container wasn't created correctly
2017-03-22 15:15:42 +01:00
Robin Gloster
3ac02dfc40
nixos-container: allow _ in container name
fixes #15089
2017-03-22 15:15:41 +01:00
Robin Gloster
9b9416cca4
nixos-container: don't use host's $NIXOS_CONFIG
fixes #22948
2017-03-22 15:15:41 +01:00
Eelco Dolstra
cb49c14324
Revert "nixos-container: Use machinectl shell (#18825)"
This reverts commit
c37e76b4d2. Unfortunately, using
"machinectl shell" has two bad side effects:

* It sends the command's stderr to stdout.

* It doesn't propagate the command's exit status.

This broke NixOps.

PR #18825.
2017-03-21 16:51:08 +01:00
Robin Gloster
492101dfce
nixos-container: fix destroy with immutable /var/empty
fixes #21573
2017-02-18 22:51:21 +01:00
Ian-Woo Kim
a238c8a575 nixos-container: add --port option for nixos-container (forward network ports to systemd-nspawn container) 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
3490508ed1 nixos-container: support bridge. 2017-02-15 05:12:46 +01:00
Wilhelm Schuster
c37e76b4d2 nixos-container: Use machinectl shell (#18825)
Using nsenter+su was suboptimal since the environment they provided was
not quite the same as the real container environment. See [1] for more
background.

Note that we directly invoke /bin/sh for `nixos-container root-login`
since setting the user's shell is quite complex. See [2] for a related
systemd issue.

[1]: https://github.com/systemd/systemd/issues/825#issuecomment-127917622
[2]: https://github.com/systemd/systemd/issues/1395
2016-09-24 00:40:41 +02:00
aszlig
9f0acda7eb
nixos-container: Fix missing comma in GetOptions
Regression introduced by fe8f0dbd53.

Tested using "nix-build nixos/tests/containers-imperative.nix".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @ericbmerritt
2016-08-07 14:29:33 +02:00
Joachim F
dece583a94 Merge pull request #17484 from srp/nixos-container-terminate
nixos-container: add 'terminate' command which 'destroy' now uses
2016-08-05 23:03:38 +02:00
Eric Merritt
a2feaf6d79 nixos-container: feature add 'config-file' option
This adds a config file option to nixos-container.pl that makes it quite
a bit easier to use.
2016-08-04 07:08:56 -07:00
Eric Merritt
fe8f0dbd53 nixos-container: fix allow alternative nixos paths
This should be completely backwards compatible. It allows the '-f' part
of the nix-env command to be configured. This greatly eases using
nixos-container as part of development where several nixpkgs
repositories might be tested at the same time.
2016-08-04 07:08:05 -07:00
Scott R. Parish
d6c55c16f6 nixos-container: replace 'kill' command with 'terminate'
My earlier commit to have `nixos-container destroy` use `kill` broke
the `container-imperative` test, see[1]. As suggested by @aszlig,
`machinectl terminate` doesn't have that problem, and is the command
that should have been used to begin with rather then `kill`.

1| 60c6c7bc9a (commitcomment-18478032)
2016-08-03 11:08:32 -07:00
Scott R. Parish
60c6c7bc9a nixos-container: add 'kill' command, 'destroy' to use 'kill'
Using 'machinectl kill' is much faster then gracefully stopping the
container.

In the case of 'destroy', since we're destroying it anyway, there's no
reason to do a graceful shutdown.
2016-07-21 14:58:05 -07:00
Eric Merritt
eb92804f91 nixos-containers: init package (#16959)
This moves nixos-containers into its own package so that it can be
relied upon by other packages/systems. This should make development
using dynamic containers much easier.
2016-07-19 08:13:06 +02:00