diff options
| author | Florian Klink <flokli@flokli.de> | 2022-10-15 22:10:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-15 22:10:55 +0200 |
| commit | 80e4946f38caf8692c2716cab631aae6697a490b (patch) | |
| tree | 0088ba82756a6725a8a025cc348b1fab09a8ef8d | |
| parent | 8ca3b674df3915ccf1ce7c3d483fef738b13a4df (diff) | |
| parent | 9f7e40205ee83731c450c034953a067ee724e487 (diff) | |
| download | nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar.gz nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar.bz2 nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar.lz nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar.xz nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.tar.zst nixpkgs-80e4946f38caf8692c2716cab631aae6697a490b.zip | |
Merge pull request #177406 from davidkna/podman-gen
nixos/virtualisation.oci-containers: follow podman-generated systemd units more closely
| -rw-r--r-- | nixos/modules/virtualisation/oci-containers.nix | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index 81cdf1dd72b..36a28efc6ce 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -227,6 +227,7 @@ let mkService = name: container: let dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; + escapedName = escapeShellArg name; in { wantedBy = [] ++ optional (container.autoStart) "multi-user.target"; after = lib.optionals (cfg.backend == "docker") [ "docker.service" "docker.socket" ] ++ dependsOn; @@ -250,16 +251,25 @@ let ${optionalString (container.imageFile != null) '' ${cfg.backend} load -i ${container.imageFile} ''} + ${optionalString (cfg.backend == "podman") '' + rm -f /run/podman-${escapedName}.ctr-id + ''} ''; script = concatStringsSep " \\\n " ([ "exec ${cfg.backend} run" "--rm" - "--name=${escapeShellArg name}" + "--name=${escapedName}" "--log-driver=${container.log-driver}" ] ++ optional (container.entrypoint != null) "--entrypoint=${escapeShellArg container.entrypoint}" - ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) + ++ lib.optionals (cfg.backend == "podman") [ + "--cidfile=/run/podman-${escapedName}.ctr-id" + "--cgroups=no-conmon" + "--sdnotify=conmon" + "-d" + "--replace" + ] ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) ++ map (f: "--env-file ${escapeShellArg f}") container.environmentFiles ++ map (p: "-p ${escapeShellArg p}") container.ports ++ optional (container.user != null) "-u ${escapeShellArg container.user}" @@ -270,8 +280,12 @@ let ++ map escapeShellArg container.cmd ); - preStop = "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; - postStop = "${cfg.backend} rm -f ${name} || true"; + preStop = if cfg.backend == "podman" + then "[ $SERVICE_RESULT = success ] || podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" + else "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; + postStop = if cfg.backend == "podman" + then "podman rm -f --ignore --cidfile=/run/podman-${escapedName}.ctr-id" + else "${cfg.backend} rm -f ${name} || true"; serviceConfig = { ### There is no generalized way of supporting `reload` for docker @@ -290,6 +304,9 @@ let # ExecReload = ...; ### + Environment=if cfg.backend == "podman" then "PODMAN_SYSTEMD_UNIT=podman-${name}.service" else {}; + Type=if cfg.backend == "podman" then "notify" else {}; + NotifyAccess=if cfg.backend == "podman" then "all" else {}; TimeoutStartSec = 0; TimeoutStopSec = 120; Restart = "always"; |