gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
764,838 Commits 9 Branches 0 Tags
c2d4e8f4cb3e2394cc31a949426ccd38f0056339
Commit Graph

2039 Commits

Author SHA1 Message Date
Kevin Boulain
c2d4e8f4cb nixos/nixos-containers: user options take precedence over module ones 
I think this is the norm in NixOS modules. This allows to start a
container with '--volatile=overlay --link-journal=host' in order to
persist logs across runs of a container running with a temporary root.
While '--ephemeral' omits '--link-journal=try-guest', it's not possible
to run an ephemeral container when linking the journal:
https://github.com/systemd/systemd/issues/1666
 2025-03-09 11:08:56 +01:00
Maximilian Bosch
7d443d378b nixos/oci-containers: support rootless containers & healthchecks 
Closes #259770
Closes #207050

The motivation for the former is to not execute the container as root,
so you don't have to `sudo -i` to perform podman management tasks.

The idea behind healthchecks is to be able to keep the unit in the
activating state until the container is healthy, only then then unit is
marked as active.

The following changes were necessary:

* Move the ctr-id into `/run/${containerName}` to make podman can
  actually write to it since it's now in its RuntimeDirectory.

* Make `sdnotify` option configurable (`healthy` for healthchecks that
  must pass, default remains `conmon`).

* Set Delegate=yes for `sdnotify=healthy` to make sure a rootless
  container can actually talk to sd_notify[1].

* Add a warning that lingering must be enabled to have a `systemd --user`
  instance running which is required for the cgroup support to work
  properly.

* Added a testcase for rootless containers with both conmon and
  healthchecks.

[1] https://github.com/containers/podman/discussions/20573#discussioncomment-7612481
 2025-02-27 11:08:33 +01:00
Sandro
c2fbe453e6 nixos/libvirtd: fix path in hooks.network desc (#372951) 2025-02-19 21:32:22 +01:00
Ramses
51e84098b5 nixos-container: avoid subshell when testing $PRIVATE_USERS (#383056) 2025-02-19 10:46:48 +01:00
Jean-Baptiste Giraudeau
57c96ff6ef nixos-container: avoid subshell when testing $PRIVATE_USERS 
So that the script is not rejected by https://www.shellcheck.net/wiki/SC2235
 under `systemd.enableStrictShellChecks = true;`
 2025-02-18 09:41:55 +01:00
Sandro
86f9eeb816 nixos-container: add support for --private-users (#362210) 2025-02-18 00:09:56 +01:00
Adam C. Stephens
8780973144 incus.ui: 0.7 -> incus-0.14.6, rename to incus-ui-canonical (#382440) 2025-02-16 17:43:56 -05:00
Adam C. Stephens
ad53a8451f incus-ui-canonical: rename from incus.ui 2025-02-16 17:33:03 -05:00
Christian Kögler
bbd8de2fdd nixos-container: do not touch os-release if it is a symlink (#353366) 2025-02-16 07:43:34 +01:00
Jean-Baptiste Giraudeau
c8f83ec641 nixos-container: add support for --private-users 
imply bind mounts with idmap option when user namespacing is enabled,
 so that /nix/store and friends are correctly own by root user.
 2025-02-12 14:28:57 +01:00
Robert Hensing
0b47fba230 Revert "nixos/nixpkgs: make config.nixpkgs.{localSystem,crossSystem,buildPlatform,hostPlatform} write only" 
This reverts commit 0a19371146.
 2025-02-05 14:29:18 +01:00
Florian Klink
4742e5b16e nixos/azure: move image-specific configs from azure-common to azure-image, fix console output (#359365) 2025-02-02 22:57:49 +02:00
Adam C. Stephens
7a982a65fe nixos/incus: fix some nvidia container errors (#378352) 2025-02-02 14:31:29 -05:00
Wolfgang Walther
c0e2fbbcad nixos/amazon-image: fix eval 2025-02-02 13:29:03 +01:00
Wolfgang Walther
c1793a336b pkgs/top-level: make package sets composable (reapply) (#376988) 2025-02-02 11:41:17 +01:00
codgician
1460db45f6 waagent: optimize option descriptions 2025-02-02 16:12:00 +08:00
Wolfgang Walther
0a19371146 nixos/nixpkgs: make config.nixpkgs.{localSystem,crossSystem,buildPlatform,hostPlatform} write only 
The description for options.nixpkgs.system already hints at this:

  Neither ${opt.system} nor any other option in nixpkgs.* is meant
  to be read by modules and configurations.
  Use pkgs.stdenv.hostPlatform instead.

We can support this goal by not elaborating the systems anymore, forcing
users to go via pkgs.stdenv.

This will prevent problems when making the top-level package sets
composable in the next commit. For this to work, you should pass a fully
elaborated system to nixpkgs' localSystem or crossSystem options.
 2025-02-01 12:04:59 +01:00
Adam C. Stephens
0619ac75c2 nixos/incus: condition nvidia support, ensuring nvidia_uvm module is enabled 2025-01-31 15:53:38 -05:00
Jörg Thalheim
ce99e2aa18 amazon: make fileSystems option disko-compatible 
When using disko, the user can choose their own filesystem layout.
In that case we don't want to specify fileSystems with normal priority
as it would not allow disko to set its own values.
 2025-01-27 22:09:20 +01:00
Peder Bergebakken Sundt
953f72e76e nixos/*: tag manpage references 2025-01-27 02:47:01 +01:00
Adam C. Stephens
0e7fa5714c incus: fix instance unclean shutdown, add per-instance lxcfs support (#373920) 2025-01-25 10:05:03 -05:00
Bjørn Forsman
cb4d104baf nixos/libvirt-guests: add missing dependency on libvirtd.service 
Ensure that VMs get properly suspended (or shutdown) instead of "pulling
the plug" on them.

Simulating shutdown with
`sudo systemctl stop libvirtd.service libvirtd-ro.socket libvirtd-admin.socket libvirtd.socket libvirt-guests`:

Before:

  systemd[1]: Stopping libvirt guests suspend/resume service...
  libvirt-guests.sh[1472512]: Can't connect to default. Skipping.
  systemd[1]: libvirt-guests.service: Deactivated successfully.

After:

  systemd[1]: Stopping libvirt guests suspend/resume service...
  libvirt-guests.sh[1524073]: Running guests on default URI:
  libvirt-guests.sh[1524067]: ubuntu22.04
  libvirt-guests.sh[1524100]: Suspending guests on default URI...
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: ...
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: 1.421 GiB
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: 2.618 GiB
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: done
  systemd[1]: libvirt-guests.service: Deactivated successfully.
 2025-01-25 14:38:55 +01:00
codgician
b5a03db807 waagent: patch openssl path 2025-01-21 21:33:50 +08:00
Adam C. Stephens
80e73d690a nixos/incus: add lxc hook path to service env 
Fixes nvidia.runtime container passing
 2025-01-17 10:11:08 -05:00
Adam C. Stephens
274e0fd934 incus: support per-instance lxcfs 
This was added in 6.4 and backported to LTS 6.0.2
 2025-01-17 10:11:06 -05:00
Adam C. Stephens
9b660dff6d incus: fix instance shutdown when softDaemonRestart enabled 2025-01-17 10:11:04 -05:00
K900
ae2abfc64a nixos/hyperv-guest: drop fb_hyperv in favor of drm_hyperv (#372743) 2025-01-17 17:29:47 +03:00
K900
b20e6abfaf nixos/hyperv-guest: remove the now useless videoMode option 2025-01-14 09:47:22 +03:00
Jonas Heinrich
58c5aeb53c nixos/libvirtd: Add proper UEFI support 2025-01-13 22:49:50 +01:00
codgician
b5592e1165 nixos/azure: enable networking.useNetworkd 2025-01-12 11:47:55 +08:00
codgician
6c443658e6 nixos/azure: improve code readability 2025-01-12 11:43:32 +08:00
codgician
d3d6adec36 waagent: fix typo 2025-01-12 11:43:32 +08:00
codgician
2249c0859e nixos/waagent: specify OS.OpensslPath by default 2025-01-12 11:43:32 +08:00
codgician
538efe3263 nixos/azure: improve documentation 2025-01-12 11:43:32 +08:00
codgician
0a0f6543ad azure-image: set font & splashImage to null to force text mode, so console for Gen 2 VM could work 2025-01-12 11:43:31 +08:00
codgician
6b9a77767a nixos/azure: move image specific config out of azure-common 2025-01-12 11:43:31 +08:00
vdbe
2adcab08d2 nixos/libvirtd: fix path in hooks.network desc 
`virtualisation.libvirtd.hooks.network` places the hooks under
`/var/lib/libvirt/hooks/network.d/`.
 2025-01-11 15:41:02 +01:00
Donovan Glover
310cc42940 anbox: drop (#370821) 2025-01-05 22:19:09 +00:00
Thiago Kenji Okada
6e6188af7b image/images: Adapt remaining images to system.build.image & normalized filenames, (#359345) 2025-01-05 20:28:23 +00:00
Thomas Gerbet
9330230e47 anbox: drop 
Upstream project is not maintained anymore and the package
currently does not build.

https://github.com/anbox/.github/blob/main/profile/README.md
 2025-01-05 16:16:26 +01:00
Gaétan Lepage
af96c38e09 nixos/oci-containers: option to set the service name of a oci-ontainer (#370089) 2025-01-04 15:39:41 +01:00
Ryan Hendrickson
a7f712ad6e vmware-guest: Don't use lib directly for maintainers (#364628) 2025-01-03 18:31:30 -05:00
Sandro
7cdeae9904 nixos/google-compute-image: fix image build (#368313) 2025-01-02 23:29:32 +01:00
andre4ik3
0725951bfc nixos/libvirtd: link Microsoft-templated OVMF files to shared folder (#346904) 
Link MS OVMF files to shared folder as well
 2025-01-02 16:21:44 +01:00
lucasew
d01038921c nixos/oci-containers: option to set the service name of a oci-container 
Signed-off-by: lucasew <lucas59356@gmail.com>
 2025-01-01 22:51:04 -03:00
Christian Kögler
fe6b667206 nixos/qemu-vm: set permissions for tmpfs root (#363628) 2025-01-01 21:03:57 +01:00
Arthur Gautier
28e1cce57e qemu-vm: implement virtualization.tpm.provisioning (#364379) 2024-12-26 14:58:02 -08:00
illustris
9cf8344f71 nixos/google-compute-image: fix image build 2024-12-26 17:50:39 +05:30
Friedrich Altheide
c792c60b8a virtualboxGuestAdditions: Additional 7.1.4 fixes (#366080) 
* virtualboxGuestAddtitions: Load required dynamic libs

* virtualboxGuestAdditions: Remove unused code

* virtualboxGuestAdditions: introduce verbose logging option

* virtualboxGuestAdditions: only load vboxsf if enabled in module options
 2024-12-25 22:09:11 +01:00
Jörg Thalheim
8aca0d9450 podman: backport removing incomplete layers fix (#367629) 2024-12-24 09:01:57 +01:00