From 143680787eb5e885b0d7e2af223c7884cef5ed32 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Wed, 1 Nov 2023 11:55:25 +0100 Subject: nixos/x11: move extraLayouts into xkb attrset [Motivation](NixOS#257817 (comment)) `extraLayouts` was missed in #259891, so moving it to the other xkb options with this PR. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .../doc/manual/configuration/x-windows.chapter.md | 6 ++-- nixos/doc/manual/release-notes/rl-2311.section.md | 2 +- nixos/modules/services/x11/extra-layouts.nix | 42 +++++++++++++--------- nixos/tests/keymap.nix | 2 +- 4 files changed, 30 insertions(+), 22 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/configuration/x-windows.chapter.md b/nixos/doc/manual/configuration/x-windows.chapter.md index 5a870a46cbb..0451e4d2526 100644 --- a/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixos/doc/manual/configuration/x-windows.chapter.md @@ -208,7 +208,7 @@ qt.style = "gtk2"; It is possible to install custom [ XKB ](https://en.wikipedia.org/wiki/X_keyboard_extension) keyboard layouts -using the option `services.xserver.extraLayouts`. +using the option `services.xserver.xkb.extraLayouts`. As a first example, we are going to create a layout based on the basic US layout, with an additional layer to type some greek symbols by @@ -235,7 +235,7 @@ xkb_symbols "us-greek" A minimal layout specification must include the following: ```nix -services.xserver.extraLayouts.us-greek = { +services.xserver.xkb.extraLayouts.us-greek = { description = "US layout with alt-gr greek"; languages = [ "eng" ]; symbolsFile = /yourpath/symbols/us-greek; @@ -298,7 +298,7 @@ xkb_symbols "media" As before, to install the layout do ```nix -services.xserver.extraLayouts.media = { +services.xserver.xkb.extraLayouts.media = { description = "Multimedia keys remapping"; languages = [ "eng" ]; symbolsFile = /path/to/media-key; diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 74d29ab1cf9..071d9a135e0 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -318,7 +318,7 @@ order, or relying on `mkBefore` and `mkAfter`, but may impact users calling `mkOrder n` with n ≤ 400. -- X keyboard extension (XKB) options have been reorganized into a single attribute set, `services.xserver.xkb`. Specifically, `services.xserver.layout` is now `services.xserver.xkb.layout`, `services.xserver.xkbModel` is now `services.xserver.xkb.model`, `services.xserver.xkbOptions` is now `services.xserver.xkb.options`, `services.xserver.xkbVariant` is now `services.xserver.xkb.variant`, and `services.xserver.xkbDir` is now `services.xserver.xkb.dir`. +- X keyboard extension (XKB) options have been reorganized into a single attribute set, `services.xserver.xkb`. Specifically, `services.xserver.layout` is now `services.xserver.xkb.layout`, `services.xserver.extraLayouts` is now `services.xserver.xkb.extraLayouts`, `services.xserver.xkbModel` is now `services.xserver.xkb.model`, `services.xserver.xkbOptions` is now `services.xserver.xkb.options`, `services.xserver.xkbVariant` is now `services.xserver.xkb.variant`, and `services.xserver.xkbDir` is now `services.xserver.xkb.dir`. - `networking.networkmanager.firewallBackend` was removed as NixOS is now using iptables-nftables-compat even when using iptables, therefore Networkmanager now uses the nftables backend unconditionally. diff --git a/nixos/modules/services/x11/extra-layouts.nix b/nixos/modules/services/x11/extra-layouts.nix index 3941f50b755..ab7e39739ee 100644 --- a/nixos/modules/services/x11/extra-layouts.nix +++ b/nixos/modules/services/x11/extra-layouts.nix @@ -3,7 +3,7 @@ with lib; let - layouts = config.services.xserver.extraLayouts; + layouts = config.services.xserver.xkb.extraLayouts; layoutOpts = { options = { @@ -15,10 +15,10 @@ let languages = mkOption { type = types.listOf types.str; description = - lib.mdDoc '' - A list of languages provided by the layout. - (Use ISO 639-2 codes, for example: "eng" for english) - ''; + lib.mdDoc '' + A list of languages provided by the layout. + (Use ISO 639-2 codes, for example: "eng" for english) + ''; }; compatFile = mkOption { @@ -80,29 +80,37 @@ let }; xkb_patched = pkgs.xorg.xkeyboardconfig_custom { - layouts = config.services.xserver.extraLayouts; + layouts = config.services.xserver.xkb.extraLayouts; }; in { + imports = [ + (lib.mkRenamedOptionModuleWith { + sinceRelease = 2311; + from = [ "services" "xserver" "extraLayouts" ]; + to = [ "services" "xserver" "xkb" "extraLayouts" ]; + }) + ]; + ###### interface - options.services.xserver = { + options.services.xserver.xkb = { extraLayouts = mkOption { type = types.attrsOf (types.submodule layoutOpts); - default = {}; + default = { }; example = literalExpression - '' - { - mine = { - description = "My custom xkb layout."; - languages = [ "eng" ]; - symbolsFile = /path/to/my/layout; - }; - } - ''; + '' + { + mine = { + description = "My custom xkb layout."; + languages = [ "eng" ]; + symbolsFile = /path/to/my/layout; + }; + } + ''; description = lib.mdDoc '' Extra custom layouts that will be included in the xkb configuration. Information on how to create a new layout can be found here: diff --git a/nixos/tests/keymap.nix b/nixos/tests/keymap.nix index 0e160269304..e8973a50f85 100644 --- a/nixos/tests/keymap.nix +++ b/nixos/tests/keymap.nix @@ -213,7 +213,7 @@ in pkgs.lib.mapAttrs mkKeyboardTest { extraConfig.console.useXkbConfig = true; extraConfig.services.xserver.xkb.layout = "us-greek"; - extraConfig.services.xserver.extraLayouts.us-greek = + extraConfig.services.xserver.xkb.extraLayouts.us-greek = { description = "US layout with alt-gr greek"; languages = [ "eng" ]; symbolsFile = pkgs.writeText "us-greek" '' -- cgit 1.4.1 From 1fff6a90316002764fee541e9ffa1bc7a9552521 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 20 Oct 2023 00:10:59 -0400 Subject: nixos/incus: init module and tests --- nixos/modules/module-list.nix | 1 + nixos/modules/virtualisation/incus.nix | 232 ++++++++++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/incus/container.nix | 76 +++++++++ nixos/tests/incus/default.nix | 14 ++ nixos/tests/incus/preseed.nix | 65 ++++++++ nixos/tests/incus/socket-activated.nix | 25 +++ nixos/tests/incus/virtual-machine.nix | 55 +++++++ pkgs/by-name/co/cowsql/package.nix | 4 +- pkgs/by-name/in/incus-unwrapped/package.nix | 3 + pkgs/by-name/in/incus/package.nix | 2 + pkgs/by-name/ra/raft-cowsql/package.nix | 9 +- 12 files changed, 481 insertions(+), 6 deletions(-) create mode 100644 nixos/modules/virtualisation/incus.nix create mode 100644 nixos/tests/incus/container.nix create mode 100644 nixos/tests/incus/default.nix create mode 100644 nixos/tests/incus/preseed.nix create mode 100644 nixos/tests/incus/socket-activated.nix create mode 100644 nixos/tests/incus/virtual-machine.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bfac651f5a8..55c74bc327d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1506,6 +1506,7 @@ ./virtualisation/docker.nix ./virtualisation/ecs-agent.nix ./virtualisation/hyperv-guest.nix + ./virtualisation/incus.nix ./virtualisation/kvmgt.nix ./virtualisation/libvirtd.nix ./virtualisation/lxc.nix diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix new file mode 100644 index 00000000000..d7ccc963f6a --- /dev/null +++ b/nixos/modules/virtualisation/incus.nix @@ -0,0 +1,232 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.virtualisation.incus; + preseedFormat = pkgs.formats.yaml { }; +in +{ + meta.maintainers = [ lib.maintainers.adamcstephens ]; + + options = { + virtualisation.incus = { + enable = lib.mkEnableOption (lib.mdDoc '' + incusd, a daemon that manages containers and virtual machines. + + Users in the "incus-admin" group can interact with + the daemon (e.g. to start or stop containers) using the + {command}`incus` command line tool, among others. + ''); + + package = lib.mkPackageOptionMD pkgs "incus" { }; + + lxcPackage = lib.mkPackageOptionMD pkgs "lxc" { }; + + preseed = lib.mkOption { + type = lib.types.nullOr ( + lib.types.submodule { freeformType = preseedFormat.type; } + ); + + default = null; + + description = lib.mdDoc '' + Configuration for Incus preseed, see + + for supported values. + + Changes to this will be re-applied to Incus which will overwrite existing entities or create missing ones, + but entities will *not* be removed by preseed. + ''; + + example = { + networks = [ + { + name = "incusbr0"; + type = "bridge"; + config = { + "ipv4.address" = "10.0.100.1/24"; + "ipv4.nat" = "true"; + }; + } + ]; + profiles = [ + { + name = "default"; + devices = { + eth0 = { + name = "eth0"; + network = "incusbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + size = "35GiB"; + type = "disk"; + }; + }; + } + ]; + storage_pools = [ + { + name = "default"; + driver = "dir"; + config = { + source = "/var/lib/incus/storage-pools/default"; + }; + } + ]; + }; + }; + + socketActivation = lib.mkEnableOption ( + lib.mdDoc '' + socket-activation for starting incus.service. Enabling this option + will stop incus.service from starting automatically on boot. + '' + ); + + startTimeout = lib.mkOption { + type = lib.types.ints.unsigned; + default = 600; + apply = toString; + description = lib.mdDoc '' + Time to wait (in seconds) for incusd to become ready to process requests. + If incusd does not reply within the configured time, `incus.service` will be + considered failed and systemd will attempt to restart it. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + # https://github.com/lxc/incus/blob/f145309929f849b9951658ad2ba3b8f10cbe69d1/doc/reference/server_settings.md + boot.kernel.sysctl = { + "fs.aio-max-nr" = lib.mkDefault 524288; + "fs.inotify.max_queued_events" = lib.mkDefault 1048576; + "fs.inotify.max_user_instances" = lib.mkOverride 1050 1048576; # override in case conflict nixos/modules/services/x11/xserver.nix + "fs.inotify.max_user_watches" = lib.mkOverride 1050 1048576; # override in case conflict nixos/modules/services/x11/xserver.nix + "kernel.dmesg_restrict" = lib.mkDefault 1; + "kernel.keys.maxbytes" = lib.mkDefault 2000000; + "kernel.keys.maxkeys" = lib.mkDefault 2000; + "net.core.bpf_jit_limit" = lib.mkDefault 1000000000; + "net.ipv4.neigh.default.gc_thresh3" = lib.mkDefault 8192; + "net.ipv6.neigh.default.gc_thresh3" = lib.mkDefault 8192; + # vm.max_map_count is set higher in nixos/modules/config/sysctl.nix + }; + + boot.kernelModules = [ + "veth" + "xt_comment" + "xt_CHECKSUM" + "xt_MASQUERADE" + "vhost_vsock" + ] ++ lib.optionals (!config.networking.nftables.enable) [ "iptable_mangle" ]; + + environment.systemPackages = [ cfg.package ]; + + # Note: the following options are also declared in virtualisation.lxc, but + # the latter can't be simply enabled to reuse the formers, because it + # does a bunch of unrelated things. + systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; + + security.apparmor = { + packages = [ cfg.lxcPackage ]; + policies = { + "bin.lxc-start".profile = '' + include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start + ''; + "lxc-containers".profile = '' + include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers + ''; + }; + }; + + systemd.services.incus = { + description = "Incus Container and Virtual Machine Management Daemon"; + + wantedBy = lib.mkIf (!cfg.socketActivation) [ "multi-user.target" ]; + after = [ + "network-online.target" + "lxcfs.service" + ] ++ (lib.optional cfg.socketActivation "incus.socket"); + requires = [ + "lxcfs.service" + ] ++ (lib.optional cfg.socketActivation "incus.socket"); + wants = [ + "network-online.target" + ]; + + path = lib.mkIf config.boot.zfs.enabled [ config.boot.zfs.package ]; + + environment = { + # Override Path to the LXC template configuration directory + INCUS_LXC_TEMPLATE_CONFIG = "${pkgs.lxcfs}/share/lxc/config"; + }; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/incusd --group incus-admin"; + ExecStartPost = "${cfg.package}/bin/incusd waitready --timeout=${cfg.startTimeout}"; + + KillMode = "process"; # when stopping, leave the containers alone + Delegate = "yes"; + LimitMEMLOCK = "infinity"; + LimitNOFILE = "1048576"; + LimitNPROC = "infinity"; + TasksMax = "infinity"; + + Restart = "on-failure"; + TimeoutStartSec = "${cfg.startTimeout}s"; + TimeoutStopSec = "30s"; + }; + }; + + systemd.sockets.incus = lib.mkIf cfg.socketActivation { + description = "Incus UNIX socket"; + wantedBy = [ "sockets.target" ]; + + socketConfig = { + ListenStream = "/var/lib/incus/unix.socket"; + SocketMode = "0660"; + SocketGroup = "incus-admin"; + Service = "incus.service"; + }; + }; + + systemd.services.incus-preseed = lib.mkIf (cfg.preseed != null) { + description = "Incus initialization with preseed file"; + wantedBy = [ "multi-user.target" ]; + requires = [ "incus.service" ]; + after = [ "incus.service" ]; + + script = '' + ${cfg.package}/bin/incus admin init --preseed <${ + preseedFormat.generate "incus-preseed.yaml" cfg.preseed + } + ''; + + serviceConfig = { + Type = "oneshot"; + }; + }; + + users.groups.incus-admin = { }; + + users.users.root = { + # match documented default ranges https://linuxcontainers.org/incus/docs/main/userns-idmap/#allowed-ranges + subUidRanges = [ + { + startUid = 1000000; + count = 1000000000; + } + ]; + subGidRanges = [ + { + startGid = 1000000; + count = 1000000000; + } + ]; + }; + + virtualisation.lxc.lxcfs.enable = true; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2f6d5a8dae8..69549c8d534 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -392,6 +392,7 @@ in { icingaweb2 = handleTest ./icingaweb2.nix {}; iftop = handleTest ./iftop.nix {}; incron = handleTest ./incron.nix {}; + incus = pkgs.recurseIntoAttrs (handleTest ./incus { inherit handleTestOn; }); influxdb = handleTest ./influxdb.nix {}; influxdb2 = handleTest ./influxdb2.nix {}; initrd-network-openvpn = handleTest ./initrd-network-openvpn {}; diff --git a/nixos/tests/incus/container.nix b/nixos/tests/incus/container.nix new file mode 100644 index 00000000000..ce9a8a10fb2 --- /dev/null +++ b/nixos/tests/incus/container.nix @@ -0,0 +1,76 @@ +import ../make-test-python.nix ({ pkgs, lib, ... } : + +let + releases = import ../../release.nix { + configuration = { + # Building documentation makes the test unnecessarily take a longer time: + documentation.enable = lib.mkForce false; + }; + }; + + container-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system}; + container-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system}; +in +{ + name = "incus-container"; + + meta.maintainers = with lib.maintainers; [ adamcstephens ]; + + nodes.machine = { ... }: { + virtualisation = { + # Ensure test VM has enough resources for creating and managing guests + cores = 2; + memorySize = 1024; + diskSize = 4096; + + incus.enable = true; + }; + }; + + testScript = '' + def instance_is_up(_) -> bool: + status, _ = machine.execute("incus exec container --disable-stdin --force-interactive /run/current-system/sw/bin/true") + return status == 0 + + machine.wait_for_unit("incus.service") + + # no preseed should mean no service + machine.fail("systemctl status incus-preseed.service") + + machine.succeed("incus admin init --minimal") + + with subtest("Container image can be imported"): + machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs}/*/*.tar.xz --alias nixos") + + with subtest("Container can be launched and managed"): + machine.succeed("incus launch nixos container") + with machine.nested("Waiting for instance to start and be usable"): + retry(instance_is_up) + machine.succeed("echo true | incus exec container /run/current-system/sw/bin/bash -") + + with subtest("Container CPU limits can be managed"): + machine.succeed("incus config set container limits.cpu 1") + # give container a chance to apply new resource limit + machine.sleep(1) + cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip() + assert cpuinfo == "1", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 1, got: {cpuinfo}" + + machine.succeed("incus config set container limits.cpu 2") + machine.sleep(1) + cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip() + assert cpuinfo == "2", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 2, got: {cpuinfo}" + + with subtest("Container memory limits can be managed"): + machine.succeed("incus config set container limits.memory 64MB") + machine.sleep(1) + meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip() + meminfo_bytes = " ".join(meminfo.split(' ')[-2:]) + assert meminfo_bytes == "62500 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'" + + machine.succeed("incus config set container limits.memory 128MB") + machine.sleep(1) + meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip() + meminfo_bytes = " ".join(meminfo.split(' ')[-2:]) + assert meminfo_bytes == "125000 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'" + ''; +}) diff --git a/nixos/tests/incus/default.nix b/nixos/tests/incus/default.nix new file mode 100644 index 00000000000..c88974605e3 --- /dev/null +++ b/nixos/tests/incus/default.nix @@ -0,0 +1,14 @@ +{ + system ? builtins.currentSystem, + config ? { }, + pkgs ? import ../../.. { inherit system config; }, + handleTestOn, +}: +{ + container = import ./container.nix { inherit system pkgs; }; + preseed = import ./preseed.nix { inherit system pkgs; }; + socket-activated = import ./socket-activated.nix { inherit system pkgs; }; + virtual-machine = handleTestOn [ "x86_64-linux" ] ./virtual-machine.nix { + inherit system pkgs; + }; +} diff --git a/nixos/tests/incus/preseed.nix b/nixos/tests/incus/preseed.nix new file mode 100644 index 00000000000..19ec3889093 --- /dev/null +++ b/nixos/tests/incus/preseed.nix @@ -0,0 +1,65 @@ +import ../make-test-python.nix ({ pkgs, lib, ... } : + +{ + name = "incus-preseed"; + + meta.maintainers = with lib.maintainers; [ adamcstephens ]; + + nodes.machine = { lib, ... }: { + virtualisation = { + incus.enable = true; + + incus.preseed = { + networks = [ + { + name = "nixostestbr0"; + type = "bridge"; + config = { + "ipv4.address" = "10.0.100.1/24"; + "ipv4.nat" = "true"; + }; + } + ]; + profiles = [ + { + name = "nixostest_default"; + devices = { + eth0 = { + name = "eth0"; + network = "nixostestbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + size = "35GiB"; + type = "disk"; + }; + }; + } + ]; + storage_pools = [ + { + name = "nixostest_pool"; + driver = "dir"; + } + ]; + }; + }; + }; + + testScript = '' + def wait_for_preseed(_) -> bool: + _, output = machine.systemctl("is-active incus-preseed.service") + return ("inactive" in output) + + machine.wait_for_unit("incus.service") + with machine.nested("Waiting for preseed to complete"): + retry(wait_for_preseed) + + with subtest("Verify preseed resources created"): + machine.succeed("incus profile show nixostest_default") + machine.succeed("incus network info nixostestbr0") + machine.succeed("incus storage show nixostest_pool") + ''; +}) diff --git a/nixos/tests/incus/socket-activated.nix b/nixos/tests/incus/socket-activated.nix new file mode 100644 index 00000000000..e48831cd3cb --- /dev/null +++ b/nixos/tests/incus/socket-activated.nix @@ -0,0 +1,25 @@ +import ../make-test-python.nix ({ pkgs, lib, ... } : + +{ + name = "incus-socket-activated"; + + meta.maintainers = with lib.maintainers; [ adamcstephens ]; + + nodes.machine = { lib, ... }: { + virtualisation = { + incus.enable = true; + incus.socketActivation = true; + }; + }; + + testScript = '' + machine.wait_for_unit("incus.socket") + + # ensure service is not running by default + machine.fail("systemctl is-active incus.service") + + # access the socket and ensure the service starts + machine.succeed("incus list") + machine.wait_for_unit("incus.service") + ''; +}) diff --git a/nixos/tests/incus/virtual-machine.nix b/nixos/tests/incus/virtual-machine.nix new file mode 100644 index 00000000000..bfa116679d4 --- /dev/null +++ b/nixos/tests/incus/virtual-machine.nix @@ -0,0 +1,55 @@ +import ../make-test-python.nix ({ pkgs, lib, ... }: + +let + releases = import ../../release.nix { + configuration = { + # Building documentation makes the test unnecessarily take a longer time: + documentation.enable = lib.mkForce false; + + # Our tests require `grep` & friends: + environment.systemPackages = with pkgs; [busybox]; + }; + }; + + vm-image-metadata = releases.lxdVirtualMachineImageMeta.${pkgs.stdenv.hostPlatform.system}; + vm-image-disk = releases.lxdVirtualMachineImage.${pkgs.stdenv.hostPlatform.system}; + + instance-name = "instance1"; +in +{ + name = "incus-virtual-machine"; + + meta.maintainers = with lib.maintainers; [ adamcstephens ]; + + nodes.machine = {...}: { + virtualisation = { + # Ensure test VM has enough resources for creating and managing guests + cores = 2; + memorySize = 1024; + diskSize = 4096; + + incus.enable = true; + }; + }; + + testScript = '' + def instance_is_up(_) -> bool: + status, _ = machine.execute("incus exec ${instance-name} --disable-stdin --force-interactive /run/current-system/sw/bin/true") + return status == 0 + + machine.wait_for_unit("incus.service") + + machine.succeed("incus admin init --minimal") + + with subtest("virtual-machine image can be imported"): + machine.succeed("incus image import ${vm-image-metadata}/*/*.tar.xz ${vm-image-disk}/nixos.qcow2 --alias nixos") + + with subtest("virtual-machine can be launched and become available"): + machine.succeed("incus launch nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false") + with machine.nested("Waiting for instance to start and be usable"): + retry(instance_is_up) + + with subtest("lxd-agent is started"): + machine.succeed("incus exec ${instance-name} systemctl is-active lxd-agent") + ''; +}) diff --git a/pkgs/by-name/co/cowsql/package.nix b/pkgs/by-name/co/cowsql/package.nix index c7b7b97e979..e0ce2660912 100644 --- a/pkgs/by-name/co/cowsql/package.nix +++ b/pkgs/by-name/co/cowsql/package.nix @@ -39,9 +39,7 @@ stdenv.mkDerivation (finalAttrs: { outputs = [ "dev" "out" ]; passthru = { - tests = { - inherit incus; - }; + inherit (incus) tests; updateScript = gitUpdater { rev-prefix = "v"; diff --git a/pkgs/by-name/in/incus-unwrapped/package.nix b/pkgs/by-name/in/incus-unwrapped/package.nix index 051527357ca..4c256481bfc 100644 --- a/pkgs/by-name/in/incus-unwrapped/package.nix +++ b/pkgs/by-name/in/incus-unwrapped/package.nix @@ -11,6 +11,7 @@ , udev , installShellFiles , nix-update-script +, nixosTests }: buildGoModule rec { @@ -79,6 +80,8 @@ buildGoModule rec { ''; passthru = { + tests.incus = nixosTests.incus; + updateScript = nix-update-script { extraArgs = [ "-vr" "incus-\(.*\)" diff --git a/pkgs/by-name/in/incus/package.nix b/pkgs/by-name/in/incus/package.nix index 1eda9cf3ea7..e02876407a7 100644 --- a/pkgs/by-name/in/incus/package.nix +++ b/pkgs/by-name/in/incus/package.nix @@ -24,6 +24,7 @@ , rsync , spice-gtk , squashfsTools +, util-linux , virtiofsd , xz }: @@ -44,6 +45,7 @@ let qemu-utils rsync squashfsTools + util-linux virtiofsd xz diff --git a/pkgs/by-name/ra/raft-cowsql/package.nix b/pkgs/by-name/ra/raft-cowsql/package.nix index 821abd91727..a377f966241 100644 --- a/pkgs/by-name/ra/raft-cowsql/package.nix +++ b/pkgs/by-name/ra/raft-cowsql/package.nix @@ -41,9 +41,12 @@ stdenv.mkDerivation rec { outputs = [ "dev" "out" ]; - passthru.tests = { - inherit incus; - updateScript = gitUpdater { }; + passthru = { + inherit (incus) tests; + + updateScript = gitUpdater { + rev-prefix = "v"; + }; }; meta = with lib; { -- cgit 1.4.1 From 3087595a6bead1d30cab95a886ef0eba99fa5dae Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 27 Oct 2023 18:05:58 -0400 Subject: nixos/incus: preseed should not trigger socket-activation --- nixos/modules/virtualisation/incus.nix | 9 ++++++--- nixos/tests/incus/preseed.nix | 7 +------ nixos/tests/incus/socket-activated.nix | 1 + 3 files changed, 8 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix index d7ccc963f6a..7bf1f67eb3c 100644 --- a/nixos/modules/virtualisation/incus.nix +++ b/nixos/modules/virtualisation/incus.nix @@ -194,9 +194,11 @@ in systemd.services.incus-preseed = lib.mkIf (cfg.preseed != null) { description = "Incus initialization with preseed file"; - wantedBy = [ "multi-user.target" ]; - requires = [ "incus.service" ]; - after = [ "incus.service" ]; + + wantedBy = ["incus.service"]; + after = ["incus.service"]; + bindsTo = ["incus.service"]; + partOf = ["incus.service"]; script = '' ${cfg.package}/bin/incus admin init --preseed <${ @@ -206,6 +208,7 @@ in serviceConfig = { Type = "oneshot"; + RemainAfterExit = true; }; }; diff --git a/nixos/tests/incus/preseed.nix b/nixos/tests/incus/preseed.nix index 19ec3889093..47b2d0cd622 100644 --- a/nixos/tests/incus/preseed.nix +++ b/nixos/tests/incus/preseed.nix @@ -49,13 +49,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... } : }; testScript = '' - def wait_for_preseed(_) -> bool: - _, output = machine.systemctl("is-active incus-preseed.service") - return ("inactive" in output) - machine.wait_for_unit("incus.service") - with machine.nested("Waiting for preseed to complete"): - retry(wait_for_preseed) + machine.wait_for_unit("incus-preseed.service") with subtest("Verify preseed resources created"): machine.succeed("incus profile show nixostest_default") diff --git a/nixos/tests/incus/socket-activated.nix b/nixos/tests/incus/socket-activated.nix index e48831cd3cb..4d25b26a15f 100644 --- a/nixos/tests/incus/socket-activated.nix +++ b/nixos/tests/incus/socket-activated.nix @@ -17,6 +17,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... } : # ensure service is not running by default machine.fail("systemctl is-active incus.service") + machine.fail("systemctl is-active incus-preseed.service") # access the socket and ensure the service starts machine.succeed("incus list") -- cgit 1.4.1 From 3132ba6cdaf663f51e2dce3b67d9d6c83fd6f729 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Tue, 31 Oct 2023 08:34:57 -0400 Subject: nixos/incus: shutdown instances on service stop --- nixos/modules/virtualisation/incus.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix index 7bf1f67eb3c..3a4f0d7157a 100644 --- a/nixos/modules/virtualisation/incus.nix +++ b/nixos/modules/virtualisation/incus.nix @@ -166,6 +166,7 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/incusd --group incus-admin"; ExecStartPost = "${cfg.package}/bin/incusd waitready --timeout=${cfg.startTimeout}"; + ExecStop = "${cfg.package}/bin/incus admin shutdown"; KillMode = "process"; # when stopping, leave the containers alone Delegate = "yes"; -- cgit 1.4.1 From f12af77bd8af86a2b2709dc9c14256e1a2c3aca1 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 2 Nov 2023 22:09:37 -0400 Subject: nixos/tests/incus: improve test resiliency under load --- nixos/tests/incus/container.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/incus/container.nix b/nixos/tests/incus/container.nix index ce9a8a10fb2..79b9e2fbabd 100644 --- a/nixos/tests/incus/container.nix +++ b/nixos/tests/incus/container.nix @@ -29,8 +29,14 @@ in testScript = '' def instance_is_up(_) -> bool: - status, _ = machine.execute("incus exec container --disable-stdin --force-interactive /run/current-system/sw/bin/true") - return status == 0 + status, _ = machine.execute("incus exec container --disable-stdin --force-interactive /run/current-system/sw/bin/true") + return status == 0 + + def set_container(config): + machine.succeed(f"incus config set container {config}") + machine.succeed("incus restart container") + with machine.nested("Waiting for instance to start and be usable"): + retry(instance_is_up) machine.wait_for_unit("incus.service") @@ -49,28 +55,23 @@ in machine.succeed("echo true | incus exec container /run/current-system/sw/bin/bash -") with subtest("Container CPU limits can be managed"): - machine.succeed("incus config set container limits.cpu 1") - # give container a chance to apply new resource limit - machine.sleep(1) + set_container("limits.cpu 1") cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip() assert cpuinfo == "1", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 1, got: {cpuinfo}" - machine.succeed("incus config set container limits.cpu 2") - machine.sleep(1) + set_container("limits.cpu 2") cpuinfo = machine.succeed("incus exec container grep -- -c ^processor /proc/cpuinfo").strip() assert cpuinfo == "2", f"Wrong number of CPUs reported from /proc/cpuinfo, want: 2, got: {cpuinfo}" with subtest("Container memory limits can be managed"): - machine.succeed("incus config set container limits.memory 64MB") - machine.sleep(1) + set_container("limits.memory 64MB") meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip() meminfo_bytes = " ".join(meminfo.split(' ')[-2:]) assert meminfo_bytes == "62500 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'" - machine.succeed("incus config set container limits.memory 128MB") - machine.sleep(1) + set_container("limits.memory 128MB") meminfo = machine.succeed("incus exec container grep -- MemTotal /proc/meminfo").strip() meminfo_bytes = " ".join(meminfo.split(' ')[-2:]) - assert meminfo_bytes == "125000 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '62500 kB', got: '{meminfo_bytes}'" + assert meminfo_bytes == "125000 kB", f"Wrong amount of memory reported from /proc/meminfo, want: '125000 kB', got: '{meminfo_bytes}'" ''; }) -- cgit 1.4.1 From fe4c776ae9c4289d848096fba1621b3c5c6d0bde Mon Sep 17 00:00:00 2001 From: the-furry-hubofeverything Date: Sun, 29 Oct 2023 20:39:27 -0700 Subject: blender: allow functional declaration within withPackages Based on #257780, separated since it introduces significant changes. bpycv: update passthru.tests.render blender-with-packages: deprecated it is still backwards compatible, but no longer preferred. --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 ++ pkgs/applications/misc/blender/default.nix | 9 +++++++-- pkgs/applications/misc/blender/wrapper.nix | 24 ++++++++++------------- pkgs/development/python-modules/bpycv/default.nix | 8 +------- pkgs/top-level/aliases.nix | 3 +++ pkgs/top-level/all-packages.nix | 2 -- 6 files changed, 23 insertions(+), 25 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index ffe977bf33b..4c2f8a84e4e 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -337,6 +337,8 @@ - The `services.mtr-exporter.target` has been removed in favor of `services.mtr-exporter.jobs` which allows specifying multiple targets. +- `blender-with-packages` has been deprecated in favor of `blender.withPackages`, for example `blender.withPackages (ps: [ps.bpycv])`. It behaves similarly to `python3.withPackages`. + - Setting `nixpkgs.config` options while providing an external `pkgs` instance will now raise an error instead of silently ignoring the options. NixOS modules no longer set `nixpkgs.config` to accomodate this. This specifically affects `services.locate`, `services.xserver.displayManager.lightdm.greeters.tiny` and `programs.firefox` NixOS modules. No manual intervention should be required in most cases, however, configurations relying on those modules affecting packages outside the system environment should switch to explicit overlays. - `service.borgmatic.settings.location` and `services.borgmatic.configurations..location` are deprecated, please move your options out of sections to the global scope. diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix index 8e7fde6d9c2..7a6db59bf66 100644 --- a/pkgs/applications/misc/blender/default.nix +++ b/pkgs/applications/misc/blender/default.nix @@ -18,10 +18,13 @@ , openpgl , mesa , runCommand +, callPackage }: let - python = python310Packages.python; + pythonPackages = python310Packages; + inherit (pythonPackages) python; + buildEnv = callPackage ./wrapper.nix {}; optix = fetchzip { # url taken from the archlinux blender PKGBUILD url = "https://developer.download.nvidia.com/redist/optix/v7.3/OptiX-7.3.0-Include.zip"; @@ -189,7 +192,9 @@ stdenv.mkDerivation (finalAttrs: rec { ''; passthru = { - inherit python; + inherit python pythonPackages; + + withPackages = f: let packages = f pythonPackages; in buildEnv.override { blender = finalAttrs.finalPackage; extraModules = packages; }; tests = { render = runCommand "${pname}-test" { } '' diff --git a/pkgs/applications/misc/blender/wrapper.nix b/pkgs/applications/misc/blender/wrapper.nix index 3828d61a864..7450827a8fa 100644 --- a/pkgs/applications/misc/blender/wrapper.nix +++ b/pkgs/applications/misc/blender/wrapper.nix @@ -2,32 +2,28 @@ , lib , blender , makeWrapper -, python3Packages +, extraModules ? [] }: -{ name ? "wrapped" -, packages ? [] -}: -stdenv.mkDerivation { - pname = "blender-${name}"; - inherit (blender) version; +stdenv.mkDerivation (finalAttrs: { + pname = blender.pname + "-wrapped"; src = blender; - nativeBuildInputs = [ python3Packages.wrapPython makeWrapper ]; + inherit (blender) version meta; + + nativeBuildInputs = [ blender.pythonPackages.wrapPython makeWrapper ]; installPhase = '' mkdir $out/{share/applications,bin} -p - sed 's/Exec=blender/Exec=blender-${name}/g' $src/share/applications/blender.desktop > $out/share/applications/blender-${name}.desktop + sed 's/Exec=blender/Exec=${finalAttrs.finalPackage.pname}/g' $src/share/applications/blender.desktop > $out/share/applications/${finalAttrs.finalPackage.pname}.desktop cp -r $src/share/blender $out/share cp -r $src/share/doc $out/share cp -r $src/share/icons $out/share buildPythonPath "$pythonPath" - makeWrapper ${blender}/bin/blender $out/bin/blender-${name} \ + makeWrapper ${blender}/bin/blender $out/bin/${finalAttrs.finalPackage.pname} \ --prefix PATH : $program_PATH \ --prefix PYTHONPATH : $program_PYTHONPATH ''; - pythonPath = packages; - - meta = blender.meta; -} + pythonPath = extraModules; +}) diff --git a/pkgs/development/python-modules/bpycv/default.nix b/pkgs/development/python-modules/bpycv/default.nix index a6d385e9778..4a3eb5b88f7 100644 --- a/pkgs/development/python-modules/bpycv/default.nix +++ b/pkgs/development/python-modules/bpycv/default.nix @@ -2,7 +2,6 @@ , lib , beautifulsoup4 , blender -, blender-with-packages , boxx , bpycv , buildPythonPackage @@ -52,13 +51,8 @@ buildPythonPackage rec { hash = "sha256-dGb6KvbXTGTu5f4AqhA+i4AwTqBoR5SdXk0vsMEcD3Q="; rev = "6ce0e65c107d572011394da16ffdf851e988dbb4"; }; - nativeBuildInputs = [ - ((blender-with-packages.override {inherit blender python3Packages;}) { - packages = [ bpycv ]; - }) - ]; } '' - blender-wrapped -b -P ${./bpycv-test.py} + ${blender.withPackages (ps: [ps.bpycv])}/bin/blender-wrapped -b -P ${./bpycv-test.py} ''; }; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 38c4126a20f..927a0b530d4 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -92,6 +92,9 @@ mapAliases ({ bird2 = bird; # Added 2022-02-21 bitwig-studio1 = throw "bitwig-studio1 has been removed, you can upgrade to 'bitwig-studio'"; # Added 2023-01-03 bitwig-studio2 = throw "bitwig-studio2 has been removed, you can upgrade to 'bitwig-studio'"; # Added 2023-01-03 + blender-with-packages = args: + lib.warn "blender-with-packages is deprecated in favor of blender.withPackages, e.g. `blender.withPackages(ps: [ ps.foobar ])`" + (blender.withPackages (_: args.packages)).overrideAttrs (lib.optionalAttrs (args ? name) { pname = "blender-" + args.name; }); # Added 2023-10-30 bluezFull = throw "'bluezFull' has been renamed to/replaced by 'bluez'"; # Converted to throw 2023-09-10 boost168 = throw "boost168 has been deprecated in favor of the latest version"; # Added 2023-06-08 boost169 = throw "boost169 has been deprecated in favor of the latest version"; # Added 2023-06-08 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 53d02142446..2d6f150549d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -30674,8 +30674,6 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Cocoa CoreGraphics ForceFeedback OpenAL OpenGL; }; - blender-with-packages = callPackage ../applications/misc/blender/wrapper.nix { }; - blender-hip = blender.override { hipSupport = true; }; blflash = callPackage ../tools/misc/blflash { }; -- cgit 1.4.1