nixos-container: Make configuration and state directories configurable

/etc/containers is also used by Podman, Skopeo & other popular
container tooling so we need to be able to move to another
configuration directory.

The state move is not strictly a requirement but is good for consistency.

2 files changed, 22 insertions, 11 deletions

diff --git a/pkgs/tools/virtualization/nixos-container/default.nix b/pkgs/tools/virtualization/nixos-container/default.nix
index 17065a2aa8b..4d46ec3299b 100644
--- a/pkgs/tools/virtualization/nixos-container/default.nix
+++ b/pkgs/tools/virtualization/nixos-container/default.nix
@@ -1,4 +1,10 @@
-{ substituteAll, perl, shadow, util-linux }:
+{ substituteAll
+, perl
+, shadow
+, util-linux
+, configurationDirectory ? "/etc/nixos-containers"
+, stateDirectory ? "/var/lib/nixos-containers"
+}:
 
 substituteAll {
     name = "nixos-container";
@@ -9,6 +15,8 @@ substituteAll {
     su = "${shadow.su}/bin/su";
     utillinux = util-linux;
 
+    inherit configurationDirectory stateDirectory;
+
     postInstall = ''
       t=$out/share/bash-completion/completions
       mkdir -p $t
diff --git a/pkgs/tools/virtualization/nixos-container/nixos-container.pl b/pkgs/tools/virtualization/nixos-container/nixos-container.pl
index d99b4cfba4a..e945bc70b6b 100755
--- a/pkgs/tools/virtualization/nixos-container/nixos-container.pl
+++ b/pkgs/tools/virtualization/nixos-container/nixos-container.pl
@@ -12,6 +12,9 @@ use Time::HiRes;
 my $nsenter = "@utillinux@/bin/nsenter";
 my $su = "@su@";
 
+my $configurationDirectory = "@configurationDirectory@";
+my $stateDirectory = "@stateDirectory@";
+
 # Ensure a consistent umask.
 umask 0022;
 
@@ -132,11 +135,11 @@ if (defined $flake && $flake =~ /^(.*)#([^#"]+)$/) {
 
 # Execute the selected action.
 
-mkpath("/etc/containers", 0, 0755);
-mkpath("/var/lib/containers", 0, 0700);
+mkpath("$configurationDirectory", 0, 0755);
+mkpath("$stateDirectory", 0, 0700);
 
 if ($action eq "list") {
-    foreach my $confFile (glob "/etc/containers/*.conf") {
+    foreach my $confFile (glob "$configurationDirectory/*.conf") {
         $confFile =~ /\/([^\/]+).conf$/ or next;
         print "$1\n";
     }
@@ -198,15 +201,15 @@ if ($action eq "create") {
     open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!";
     flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!";
 
-    my $confFile = "/etc/containers/$containerName.conf";
-    my $root = "/var/lib/containers/$containerName";
+    my $confFile = "$configurationDirectory/$containerName.conf";
+    my $root = "$stateDirectory/$containerName";
 
     # Maybe generate a unique name.
     if ($ensureUniqueName) {
         my $base = $containerName;
         for (my $nr = 0; ; $nr++) {
-            $confFile = "/etc/containers/$containerName.conf";
-            $root = "/var/lib/containers/$containerName";
+            $confFile = "$configurationDirectory/$containerName.conf";
+            $root = "$stateDirectory/$containerName";
             last unless -e $confFile || -e $root;
             $containerName = "$base-$nr";
         }
@@ -220,7 +223,7 @@ if ($action eq "create") {
 
     # Get an unused IP address.
     my %usedIPs;
-    foreach my $confFile2 (glob "/etc/containers/*.conf") {
+    foreach my $confFile2 (glob "$configurationDirectory/*.conf") {
         my $s = read_file($confFile2) or die;
         $usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m;
         $usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m;
@@ -292,10 +295,10 @@ if ($action eq "create") {
     exit 0;
 }
 
-my $root = "/var/lib/containers/$containerName";
+my $root = "$stateDirectory/$containerName";
 my $profileDir = "/nix/var/nix/profiles/per-container/$containerName";
 my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName";
-my $confFile = "/etc/containers/$containerName.conf";
+my $confFile = "$configurationDirectory/$containerName.conf";
 if (!-e $confFile) {
     if ($action eq "destroy") {
         exit 0;