| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Hopefully this way we don't confuse people into thinking you have to set it to 21.05.
|
| |
|
|
|
|
|
| |
This commit makes auto-restarting declarative containers optional.
This is useful when you don't want changes to your config to automatically
restart the container and thus stop any applications running inside it.
|
| | |
|
| |
|
|
|
|
|
| |
Calling `eval-config.nix` without a `system` from a Nix flake fails with
`error: attribute 'currentSystem' missing` since #230523. Setting
`system = null` removes the use of `currentSystem` and instead uses the
value from the `nixpkgs` module.
|
| | |
|
| | |
|
| |\
| |
| | |
nixos-containers: Make sure same version of nixos-container is used
|
| | |
| |
| |
| | |
Fixes #185126 (I hope)
|
| |\ \
| | |
| | | |
[nixos-container] Make nixos containers use unified cgroupsv2
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
nixos/containers: now uses nixpkgs.hostPlatform
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Use hostPlatform if both the host and the containers nixpkgs supports
hostPlatform, otherwise fall back to localSystem. This preseves backwards
compatibility.
|
| |\ \ \
| |/ /
|/| | |
postgresql: remove 10.x
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running
nix-doc-munge nixos/**/*.nix
nix-doc-munge --import nixos/**/*.nix
the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
|
| |/ / |
|
| |\ \
| | |
| | | |
nixos/*: more options md conversion
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
now nix-doc-munge will not introduce whitespace changes when it replaces
manpage references with the MD equivalent.
no change to the manpage, changes to the HTML manual are whitespace only.
|
| |\ \ \
| |/ /
|/| | |
nixos/nixos-containers: Fix ineffective warning
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
A warning regarding enabling NixOS containers and
virtualisation.containers at the same time with state versions < 22.05
had been added in commit 3c49151f154a3872eb278c214863d926a4f8abf6. But
this warning had accidentally been defined in the wrong place, and the
warning has therefore not actually been in effect. This commit fixes
that.
|
| | |
| |
| |
| | |
once again using nix-doc-munge (https://github.com/pennae/nix-doc-munge/commit/69d080323ae27c0d8da3967c62b925a9aedb2828)
|
| |/
|
|
|
|
|
|
| |
we can't embed syntactic annotations of this kind in markdown code
blocks without yet another extension. replaceable is rare enough to make
this not much worth it, so we'll go with «thing» instead. the module
system already uses this format for its placeholder names in attrsOf
paths.
|
| |\
| |
| | |
treewide: automatically md-convert option descriptions
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
|
| |/
|
|
|
| |
localSystem is ill-defined because unlike hostPlatform, its
meaning is different in a cross or non-cross context.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this patch:
$ nix-instantiate --eval -E '
> with import ./. {
> localSystem.config = "aarch64-unknown-linux-musl";
> };
> (nixos {}).config.nixpkgs.localSystem.config
> '
"aarch64-unknown-linux-gnu"
Because only the system triple was being passed through, the Musl part
of the system specification was lost. This patch fixes various
occurrences of NixOS evaluation when a Nixpkgs evaluation is already
available, to pass through the full elaborated system attribute set,
to avoid this loss of precision.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We need to move NixOS containers somewhere else so these don't clash
with Podman, Skopeo & other container software in the libpod &
cri-o/cri-u/libcontainer ecosystems.
The state directory move is not strictly a requirement but is good for
consistency.
|
| | |
|
| | |
|
| |
|
|
|
| |
Changed the startup timeout from 15 seconds to one minute as 15 seconds is really low.
Also it's currently not possible to change it without editing your system configuration.
|
| |\
| |
| | |
nixos/nix-containers: use SIGTERM to stop containers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
systemd-nspawn can react to SIGTERM and send a shutdown signal to the container
init process. use that instead of going through dbus and machined to request
nspawn sending the signal, since during host shutdown machined or dbus may have
gone away by the point a container unit is stopped.
to solve the issue that a container that is still starting cannot be stopped
cleanly we must also handle this signal in containerInit/stage-2.
|
| |\ \
| |/
|/| |
nixos/nixos-containers: default boot.enableContainers to true
|
| | |
| |
| |
| |
| |
| | |
Related to #85746 which addresses documentation issue,
digging deeper for a reason why this was disabled
was simply because it wasn't working which is not the case anymore.
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Launching a container with a private network requires creating a
dedicated networking interface for it; name of that interface is derived
from the container name itself - e.g. a container named `foo` gets
attached to an interface named `ve-foo`.
An interface name can span up to IFNAMSIZ characters, which means that a
container name must contain at most IFNAMSIZ - 3 - 1 = 11 characters;
it's a limit that we validate using a build-time assertion.
This limit has been upgraded with Linux 5.8, as it allows for an
interface to contain a so-called altname, which can be much longer,
while remaining treated as a first-class citizen.
Since altnames have been supported natively by systemd for a while now,
due diligence on our side ends with dropping the name-assertion on newer
kernels.
This commit closes #38509.
systemd/systemd#14467
systemd/systemd#17220
https://lwn.net/Articles/794289/
|
| |\
| |
| | |
nixos-container: fix `nixpkgs` container options being ignored
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the introduction of option `containers.<name>.pkgs`, the
`nixpkgs.*` options (including `nixpkgs.pkgs`, `nixpkgs.config`, ...) were always
ignored in container configs, which broke existing containers.
This was due to `containers.<name>.pkgs` having two separate effects:
(1) It sets the source for the modules that are used to evaluate the container.
(2) It sets the `pkgs` arg (`_module.args.pkgs`) that is used inside the container
modules.
This happens even when the default value of `containers.<name>.pkgs` is unchanged, in which
case the container `pkgs` arg is set to the pkgs of the host system.
Previously, the `pkgs` arg was determined by the `containers.<name>.config.nixpkgs.*` options.
This commit reverts the breaking change (2) while adding a backwards-compatible way to achieve (1).
It removes option `pkgs` and adds option `nixpkgs` which implements (1).
Existing users of `pkgs` are informed by an error message to use option
`nixpkgs` or to achieve only (2) by setting option `containers.<name>.config.nixpkgs.pkgs`.
|
| | |
| |
| |
| | |
Set the default value directly instead of using a `null` proxy value.
|
| | |
| |
| |
| |
| |
| | |
The values of these args are identical to the default values defined
in `eval-config.nix`.
Note especially that `lib` is not reevaluated.
|
| | |
| |
| |
| | |
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes that `containers.<name>.extraVeths.<name>` configuration was not
always applied.
When configuring `containers.<name>.extraVeths.<name>` and not
configuring one of `containers.<name>.localAddress`, `.localAddress6`,
`.hostAddress`, `.hostAddress6` or `.hostBridge` the veth was created,
but otherwise no configuration (i.e. no ip) was applied.
nixos-container always configures the primary veth (when `.localAddress`
or `.hostAddress` is set) to be the containers default gateway, so
this fix is required to create a veth in containers that use a different
default gateway.
To test this patch configure the following container and check if the
addresses are applied:
```
containers.testveth = {
extraVeths.testveth = {
hostAddress = "192.168.13.2";
localAddress = "192.168.13.1";
};
config = {...}:{};
};
```
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This follows upstreams change in documentation. While the `[DHCP]`
section might still work it is undocumented and we should probably not
be using it anymore. Users can just upgrade to the new option without
much hassle.
I had to create a bit of custom module deprecation code since the usual
approach doesn't support wildcards in the path.
|
| | |
|
| | |
|