This will ensure reproducibility between different nixos systems, where
one system has store optimization enabled (which will hardling similar
files in the nix store) and the other doesn't. Without the flag, the
same image, built on the two different systems, will have a different
number of inodes. The flag will dereference hardlinks and copy them
into the image as different inodes.
Signed-off-by: Paul Meyer <katexochen0@gmail.com>
This allows users to keep using `docker run --gpus`. Despite CDI is
the recommended way to expose GPU's to containers nowadays, allow
users to keep using the old `--gpus` method.
Integrated the flake container setup into the spawn script for systemd-nspawn.
The trickiest part of this was ensuring the underlying per-container is built.
With the .conf file created, running `nixos-container update` creates all the necessary per-container structure.
We call this command at start to ensure the structure is created only if the per-container system isnt there.
Note: This also means the flake gets updated to branch HEAD when the container is started for the first time.
While the nixos-container command allows for the creation of containers pointing to a flake, the declarative module doesn't have this option.
Adds the flake option for nixos-container declarative approach. Creates the /etc/nixos-container .conf file similar to how the command preforms it.
Upstream, intentionally or not, no longer appends the EFI image
with a .pad section for us to hook the rest of the UKI to. This
simply dehardcodes .pad from the awk script, instead using the
very last section in the binary. (Currently .reloc)
Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
By being in sync with the pname, it makes it easier to walk back from
the pname that shows in the /nix/store back to the attribute.
This change should not cause any rebuild.
This patch adds a NixOS test for Limine on BIOS systems. It also fixes
some formatting in `nixos/lib/make-disk-image.nix`.
Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
This patch adds the option `virtualisation.useBootPartition` which
creates a separate boot partition on BIOS systems using the new
`legacy+boot` partition layout type in `nixos/lib/make-disk-image.nix`.
After running this configuration for a while, we
noticed that the containers didn't get back up once and the services
failed with the following error:
Error: current system boot ID differs from cached boot ID; an unhandled reboot has occurred.
This is hard to reproduce and seems to be a timing issue. However,
the logs indicated another issue that this patch now solves:
* The ExecStartPost= indicated that the user session got stopped before
which is required or sdnotify=healthy. Add explicit ordering for
user@. This unfortunately requires a statically declared uid.
When using e.g. GitLab as container registry, the token name may be the
username. However, the token name can contain special characters
including spaces breaking the registry login like this:
Apr 25 15:35:48 test42 pre-start[294091]: image doesn't exist locally and login failed
Apr 25 15:35:52 test42 pre-start[294289]: Error: accepts at most 1 arg(s), received 2
Apr 25 15:35:52 test42 pre-start[294297]: Error: registry.example.com/foo/bar/baz: image not known
Applying `escapeShellArg` on it fixes the problem.
