Merge pull request #124589 from hercules-ci/containers-dnsname

nixos/podman-dnsname: init
author: Robert Hensing <roberth@users.noreply.github.com> 2021-06-02 08:18:48 +0200
committer: GitHub <noreply@github.com> 2021-06-02 08:18:48 +0200
commit: d9e45124431c887bedf665169d20d98e5854d113 (patch)
tree: ef668ee66fd5ff1bef3ac50c637ccdaadae968ed /nixos/modules/virtualisation
parent: 6a882635f23e709968e77b584ca452e04c5a4ee4 (diff)
parent: 1d781e5c80d3c392933479a114e9e3857a1d9529 (diff)
download: nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.gz
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.bz2
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.lz
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.xz
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.zst
nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.zip
3 files changed, 80 insertions, 2 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 3974caf2233..45d4f877ae5 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -48,6 +48,23 @@ in
       description = "containers.conf configuration";
     };
 
+    containersConf.cniPlugins = mkOption {
+      type = types.listOf types.package;
+      defaultText = ''
+        [
+          pkgs.cni-plugins
+        ]
+      '';
+      example = lib.literalExample ''
+        [
+          pkgs.cniPlugins.dnsname
+        ]
+      '';
+      description = ''
+        CNI plugins to install on the system.
+      '';
+    };
+
     registries = {
       search = mkOption {
         type = types.listOf types.str;
@@ -97,8 +114,11 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+
+    virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
+
     virtualisation.containers.containersConf.settings = {
-      network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
+      network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
       engine = {
         init_path = "${pkgs.catatonit}/bin/catatonit";
       } // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {
diff --git a/nixos/modules/virtualisation/podman-dnsname.nix b/nixos/modules/virtualisation/podman-dnsname.nix
new file mode 100644
index 00000000000..beef1975507
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-dnsname.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib)
+    mkOption
+    mkIf
+    types
+    ;
+
+  cfg = config.virtualisation.podman;
+
+in
+{
+  options = {
+    virtualisation.podman = {
+
+      defaultNetwork.dnsname.enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable DNS resolution in the default podman network.
+        '';
+      };
+
+    };
+  };
+
+  config = {
+    virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
+    virtualisation.podman.defaultNetwork.extraPlugins =
+      lib.optional cfg.defaultNetwork.dnsname.enable {
+        type = "dnsname";
+        domainName = "dns.podman";
+        capabilities.aliases = true;
+      };
+  };
+}
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index b16afb66894..e245004e04a 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -2,6 +2,7 @@
 let
   cfg = config.virtualisation.podman;
   toml = pkgs.formats.toml { };
+  json = pkgs.formats.json { };
 
   inherit (lib) mkOption types;
 
@@ -22,9 +23,23 @@ let
     done
   '';
 
+  net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
+    nativeBuildInputs = [ pkgs.jq ];
+    extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
+    jqScript = ''
+      . + { "plugins": (.plugins + $extraPlugins) }
+    '';
+  } ''
+    jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
+      --argjson extraPlugins "$extraPlugins" \
+      "$jqScript" \
+      >$out
+  '';
+
 in
 {
   imports = [
+    ./podman-dnsname.nix
     ./podman-network-socket.nix
     (lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
   ];
@@ -99,6 +114,13 @@ in
       '';
     };
 
+    defaultNetwork.extraPlugins = lib.mkOption {
+      type = types.listOf json.type;
+      default = [];
+      description = ''
+        Extra CNI plugin configurations to add to podman's default network.
+      '';
+    };
 
   };
 
@@ -107,7 +129,7 @@ in
       environment.systemPackages = [ cfg.package ]
         ++ lib.optional cfg.dockerCompat dockerCompat;
 
-      environment.etc."cni/net.d/87-podman-bridge.conflist".source = "${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist";
+      environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
 
       virtualisation.containers = {
         enable = true; # Enable common /etc/containers configuration
author	Robert Hensing <roberth@users.noreply.github.com>	2021-06-02 08:18:48 +0200
committer	GitHub <noreply@github.com>	2021-06-02 08:18:48 +0200
commit	d9e45124431c887bedf665169d20d98e5854d113 (patch)
tree	ef668ee66fd5ff1bef3ac50c637ccdaadae968ed /nixos/modules/virtualisation
parent	6a882635f23e709968e77b584ca452e04c5a4ee4 (diff)
parent	1d781e5c80d3c392933479a114e9e3857a1d9529 (diff)
download	nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.gz nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.bz2 nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.lz nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.xz nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.tar.zst nixpkgs-d9e45124431c887bedf665169d20d98e5854d113.zip