3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1174 commits

Author SHA1 Message Date
rnhmjoj 20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
Sascha Grunert 46a0aa4176 nixos/cri-o: unset hooks dir to avoid dir creation on startup
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-01 18:04:54 +10:00
Lassulus e453860b8f
Merge pull request #86236 from ThibautMarty/fix-nullOr-types
treewide: fix modules options types where the default is null
2020-08-26 18:21:29 +02:00
Antoine Eiche 8595a0d6b9 Remove docker-preloader module and test 2020-08-23 10:49:13 +02:00
Sascha Grunert ddfa221670 cri-o: add loobpack CNI config to module
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-23 09:32:40 +10:00
Sascha Grunert 71dd85bffa cri-o: add pinns path and witch to crio.conf.d config style
This adds the pinns path to the configuration let CRI-O start properly.
We also change the configuration to the new drop-in syntax.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-21 12:09:20 +10:00
Florian Klink da88c6eee5 nixos/railcar: fix typo 2020-08-07 18:00:28 +02:00
Jörg Thalheim ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
John Ericson 3a512ab84e
Merge pull request #60246 from dfordivam/virtualbox-add-extra-disk
nixos/modules/virtualization: Options to add an extra disk in virtualbox VM
2020-08-02 13:13:52 -04:00
ajs124 c708c41c11 qemu-vm: fix master eval 2020-07-21 20:14:49 +02:00
Bas van Dijk d06de760f8 nixos/modules/system/activation/top-level.nix: allow overriding system.name
The toplevel derivations of systems that have `networking.hostName`
set to `""` (because they want their hostname to be set by DHCP) used
to be all named
`nixos-system-unnamed-${config.system.nixos.label}`.
This makes them hard to distinguish.

A similar problem existed in NixOS tests where `vmName` is used in the
`testScript` to refer to the VM. It defaulted to the
`networking.hostName` which when set to `""` won't allow you to refer
to the machine from the `testScript`.

This commit makes the `system.name` configurable. It still defaults to:

```
if config.networking.hostName == ""
then "unnamed"
else config.networking.hostName;
```

but in case `networking.hostName` needs to be to `""` the
`system.name` can be set to a distinguishable name.
2020-07-20 13:44:18 +02:00
06kellyjac 9edb189fa1 nixos/containers: correct isNormaUser to isNormalUser
Correct a small spelling slip up
2020-07-19 16:26:14 +01:00
Jörg Thalheim eb66a32a56
Merge pull request #76487 from ryneeverett/lockkernelmodules-docker 2020-07-18 10:35:34 +01:00
ryneeverett f12581a7a3 nixos/docker: explicitly load kernel modules
This is analogous to #70447.

With security.lockKernelModules=true, docker commands result in the following
error without at least loading veth:

$ docker run hello-world
/nix/store/mr50kaan2vs4gc40ymwncb2vci25aq7z-docker-19.03.2/libexec/docker/docker: Error response from daemon: failed to create endpoint epic_kare on network bridge: failed to add the host (veth8b381f3) <=> sandbox (veth348e197) pair interfaces: operation not supported.
ERRO[0003] error waiting for container: context canceled
2020-07-18 02:31:25 +00:00
adisbladis 5733967290
nixos.users-groups: Set up subuid/subgid mappings for all normal users
This is required by (among others) Podman to run containers in rootless mode.

Other distributions such as Fedora and Ubuntu already set up these mappings.

The scheme with a start UID/GID offset starting at 100000 and increasing in 65536 increments is copied from Fedora.
2020-07-13 13:15:02 +02:00
Graham Christensen 84ecbc9a19
libvirtd: don't start libvirtd-tcp.socket by default
Per upstream:

> libvirtd-tcp.socket - the unit file corresponding to the TCP 16509
> port for non-TLS remote access. This socket should not be configured
> to start on boot until the administrator has configured a suitable
> authentication mechanism.
2020-07-08 19:50:23 -04:00
Niklas Hambüchen d4d9d9c552
Merge pull request #92122 from nh2/qemu-vm-fix-useBootLoader
qemu-vm: Fix useBootLoader, remove `/boot` read-only restriction
2020-07-06 22:06:20 +02:00
Daniel Fullmer 0b4e216775 qemu-vm: treat EFI vars as state, similarly to diskImage 2020-07-06 12:09:37 -07:00
Daniel Fullmer fec163d21c qemu-vm: add EFI support for aarch64 2020-07-06 12:09:36 -07:00
Daniel Fullmer d7e3312ab1 qemu-vm: split EFI NVRAM into CODE and VARS 2020-07-06 12:08:41 -07:00
Daniel Fullmer 4d14826825 qemu-vm: allow bootloader to set EFI vars
Without this, systemd-boot does not add an EFI boot entry for itself.
The reason it worked before this fix is because it would fall back to
the default installed \EFI\BOOT\BOOTX64.EFI
2020-07-06 12:07:49 -07:00
Divam d127d85173 Options to add an extra disk in virtual box VM. 2020-07-06 15:45:18 +09:00
Jan Tojnar 07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
Niklas Hambüchen 5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen 2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
Chuck a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Chuck 800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
zowoq e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
Pascal Bach f29063ff0b nixos/virtualbox-image: change graphics adapter to vmswga 2020-06-17 18:43:28 +02:00
Pascal Bach ec9792a3f5 nixos/virtualbox-guest: add vmware driver
VMSGVA is recommended by virtualbox for Linux clients.
Compared to VBoxVGA and VBoxSVGA it also supports 3D acceleration.

Adding the driver makes nixos work with all three supported graphics card
types.
2020-06-17 18:43:27 +02:00
Lassulus 98cac435f3
Merge pull request #89814 from alexfmpe/patch-3
Fix typo
2020-06-17 16:22:27 +02:00
Matthew Bauer 656783a3d1
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
2020-06-11 10:49:40 -05:00
Alexandre Esteves 063043fa63
Fix typo 2020-06-08 16:47:46 +01:00
Florian Klink 3590f02e7d
Merge pull request #88574 from JJJollyjim/qemu-vm-qboot-opt
nixos/qemu-vm: add option to use qboot
2020-06-08 10:46:11 +02:00
Jamie McClymont 55912f3535 nixos/qemu-vm: add option to use a non-standard BIOS
I'd like to change the default on x86 platforms to qboot at some point, since it
saves a fair bit of startup time.
2020-06-08 11:21:53 +12:00
Patryk Wychowaniec 6c6924b2eb
lxd: When lxcfs is enabled, start lxd with explicit LXD_LXC_TEMPLATE_CONFIG 2020-06-05 16:37:31 +02:00
Patryk Wychowaniec 72e80cdc54
lxd: Add proper support for nftables 2020-06-05 16:37:31 +02:00
Florian Klink 8a388c8296
Merge pull request #82258 from erikarvstedt/fix-xchg-caching
fix inconsistent caching of VM xchg dirs
2020-06-01 22:34:48 +02:00
Erik Arvstedt d85dc4f690
qemu-vm: fix inconsistent caching of xchg dirs
xchg is advertised as a bidirectional exchange dir, but file content
transfer from host to VM fails due to caching:
If a file is read in the VM and then modified on the host, subsequent
re-reads in the VM can yield old, cached data.
This is caused by the use of 9p's cache=loose mode that is explicitly
meant for read-only mounts.

9p doesn't provide any suitable cache modes, so fix this by disabling
caching.

Also, remove a now unnecessary sync in the test driver.
2020-06-01 21:55:33 +02:00
jakobrs 3052b4eafb
nixos/libvirtd: correct spelling
formally -> formerly
2020-05-31 08:38:09 +02:00
Edmund Wu 180d1d37b2
nixos/kvmgt: allow multiple uuids on same mdev 2020-05-30 12:13:54 -04:00
zowoq 2689dfaa08 nixos/cri-o: default to upstream pause 2020-05-25 12:27:49 +02:00
zowoq eeff166faa nixos/cri-o: add runtime option 2020-05-25 12:27:49 +02:00
zowoq 9e7fbc6f2c nixos/cri-o, cri-o: add wrapper 2020-05-25 12:27:49 +02:00
Sascha Grunert 6653328aef cri-o: update module configuration
- Update the default pause image
- Set the cgroup manager to systemd
- Enable `manage_ns_lifecycle` instead of the deprecated
  `manage_network_ns_lifecycle` option

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-25 02:24:57 +02:00
Evan Stoll 2f943ebc25
virtualisation: add vmware-image (#88523) 2020-05-22 10:03:46 +02:00
Florian Klink 45c03c0dd2 nixos/azure-agent: always run systemctl of the currently running systemd 2020-05-21 10:34:11 +02:00
Evan Stoll ef80f345be virtualisation/hyperv-image: remove diskImage after vhdx is generated 2020-05-20 19:56:38 -04:00
zowoq 5195aed617 rkt: remove 2020-05-16 09:23:07 +10:00
Jaka Hudoklin 056ab3d278 nixos/libvirtd: use polkit for auth 2020-05-13 21:00:04 +07:00
Vladimír Čunát 54eb2d1018
Merge branch 'staging-next'
Status on Hydra for linuxes seems good enough:
https://hydra.nixos.org/eval/1585703?filter=linux&compare=1585482&full=#tabs-now-fail
2020-05-06 08:20:05 +02:00
Daniel Fullmer 37676e77cb nixos/systemd-boot: Add basic test 2020-05-05 14:18:18 -04:00
Frederik Rietdijk 9875bbae75 Merge master into staging-next 2020-05-05 19:51:09 +02:00
zowoq a677738a23
podman: use $out instead of $bin with buildGoPackage 2020-05-04 20:55:21 +01:00
adisbladis b1ae5f864a
Merge pull request #86634 from zowoq/crio-upstream-config
nixos/cri-o: copy upstream config
2020-05-04 15:22:49 +02:00
adisbladis 2f7747526c
nixos/docker-containers: Rename to virtualisation.oci-containers.containers.
And allow the runtime to be configurable via the
`virtualisation.oci-containers.backend` option.

Valid choices are "podman" and "docker".
2020-05-04 13:47:25 +01:00
Jörg Thalheim 320f79365d
Merge pull request #86445 from zowoq/podman-staging 2020-05-04 08:07:37 +01:00
zowoq a44b3b6afc nixos/cri-o: copy upstream config 2020-05-03 17:17:05 +10:00
Frederik Rietdijk afb1041148 Merge master into staging-next 2020-05-02 09:39:00 +02:00
Florian Klink 0a98d10850
Merge pull request #82026 from andir/systemd-update-networkd-options
nixos/networkd: update configuration options
2020-05-01 13:49:24 +02:00
Andreas Rammhold 819e8bb35f
nixos/networkd: rename the networkd dhcpConfig option to dhcpV4Config
This follows upstreams change in documentation. While the `[DHCP]`
section might still work it is undocumented and we should probably not
be using it anymore. Users can just upgrade to the new option without
much hassle.

I had to create a bit of custom module deprecation code since the usual
approach doesn't support wildcards in the path.
2020-05-01 13:33:54 +02:00
zowoq b815de00f7 podman: use $out instead of $bin with buildGoPackage 2020-05-01 18:24:09 +10:00
Frederik Rietdijk 484ee79050 Merge staging-next into staging 2020-05-01 08:57:10 +02:00
adisbladis 1a70e4ffa6
Merge pull request #86097 from zowoq/docker
nixos/podman: add assertion for dockerCompat
2020-04-30 19:26:05 +02:00
adisbladis 78cba5ac1e
nixos.podman: Expose extraPackages from the podman wrapper 2020-04-29 11:53:06 +01:00
adisbladis b2a9a3e9cb
podman: Wrap packages required to run containers 2020-04-29 11:40:44 +01:00
Thibaut Marty 4a0beed5c0 treewide: fix modules options types where the default is null
They can be caught with `nixos-option -r` on an empty ({...}:{}) NixOS
configuration.
2020-04-28 19:13:59 +02:00
zowoq c59c4e3589 nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
worldofpeace a7ca287ecb nixos/qemu-vm: don't set -vga std
This has been default since QEMU 2.2, it also prevents using a different
-vga
2020-04-27 20:04:03 +02:00
Jörg Thalheim e92b11d964
Merge pull request #86104 from xaverdh/options-types 2020-04-27 11:03:43 +01:00
Dominik Xaver Hörl c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
zowoq 3c83386c6b nixos/podman: add assertion for dockerCompat 2020-04-27 14:08:19 +10:00
AmineChikhaoui 9cf9e66e6f
ec2-amis.nix: add NixOS 20.03 images
Fixes #85857.
2020-04-26 09:54:10 -04:00
Graham Christensen a2e9965d74
Merge pull request #82414 from AmineChikhaoui/update-ec2-amis-19-09
ec2 amis: update 19.09 AMIs
2020-04-25 18:15:41 -04:00
zowoq b464d76126 nixos/cri-o: share registries with nixos/containers 2020-04-24 20:53:36 +10:00
adisbladis 5a3b818368
Merge pull request #85894 from zowoq/podman-crio
podman team: add cri-o packages/module
2020-04-24 11:34:07 +02:00
zowoq 0944d77fc0 nixos/containers: move libpod to nixos/podman 2020-04-24 15:34:05 +10:00
zowoq 4484e7981e nixos/cri-o: update maintainers 2020-04-24 08:08:27 +10:00
zowoq 4102db2127 nixos/podman: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:17 +10:00
zowoq 54b59dd6c0 nixos/cri-o: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:11 +10:00
Piotr Bogdan 830733db24 nixos/manual: fix build 2020-04-22 16:56:44 +01:00
Ingo Blechschmidt 2e2da182fe
nixos-containers: add docs about nested containers 2020-04-22 05:30:48 +02:00
adisbladis 43f383c464
nixos.virtualisation.containers: Init common /etc/containers configuration module
What's happening now is that both cri-o and podman are creating
/etc/containers/policy.json.

By splitting out the creation of configuration files we can make the
podman module leaner & compose better with other container software.
2020-04-21 10:38:39 +01:00
adisbladis 650df709fb
nixos.virtualisation: Move containers.nix to nixos-containers.nix
In anticipation of the new containers module.
2020-04-21 10:36:56 +01:00
adisbladis f0a92ef1d9
nixos/podman: Add maintainer team & add myself to podman team 2020-04-21 10:03:22 +01:00
adisbladis b512a788a4
nixos/virtualisation.podman: Init module 2020-04-21 10:03:18 +01:00
adisbladis ab37d7e7ea
nixos-containers: Add support for custom nixpkgs argument 2020-04-20 07:33:46 +01:00
Thomas Bereknyei 274efede85 amazon-init: add xz to PATH 2020-04-14 14:39:48 -04:00
Jaka Hudoklin de6891ffd0
Merge pull request #83930 from xtruder/nixos/virtualisation/hyperv-image
modules/virtualisation: add hyperv-image
2020-04-14 03:27:22 +00:00
Silvan Mosberger 1d0fc9729d
nixos/treewide: Fix incorrectly rendered examples
Many options define their example to be a Nix value without using
literalExample. This sometimes gets rendered incorrectly in the manual,
causing confusion like in https://github.com/NixOS/nixpkgs/issues/25516

This fixes it by using literalExample for such options. The list of
option to fix was determined with this expression:

  let
    nixos = import ./nixos { configuration = {}; };
    lib = import ./lib;
    valid = d: {
      # escapeNixIdentifier from https://github.com/NixOS/nixpkgs/pull/82461
      set = lib.all (n: lib.strings.escapeNixIdentifier n == n) (lib.attrNames d) && lib.all (v: valid v) (lib.attrValues d);
      list = lib.all (v: valid v) d;
    }.${builtins.typeOf d} or true;

    optionList = lib.optionAttrSetToDocList nixos.options;

  in map (opt: {
    file = lib.elemAt opt.declarations 0;
    loc = lib.options.showOption opt.loc;
  }) (lib.filter (opt: if opt ? example then ! valid opt.example else false) optionList)

which when evaluated will output all options that use a Nix identifier
that would need escaping as an attribute name.
2020-04-02 07:49:25 +02:00
Jaka Hudoklin 54b04af86e modules/virtualisation: add hyperv-image
This module implements builder for hyper-v images.
2020-04-01 13:26:51 +07:00
Robin Gloster d6fa642608
Merge pull request #81161 from wedens/libvirt-6.0.0
libvirt: 5.4.0 -> 6.1.0
2020-03-30 13:19:00 +00:00
Robin Gloster b80edca6be
libvirt: fix escapeShellArg usage
Co-Authored-By: conferno <conferno@camfex.cz>
2020-03-30 09:45:28 +00:00
Cole Mickens 20f981de08 azure: init nixos/maintainers/scripts/azure-new 2020-03-29 13:56:55 -07:00
Cole Mickens a5a6d77508 azure: boot.growPartition = true 2020-03-29 13:56:55 -07:00
Cole Mickens f37aa7dd69 nixos/azure: add diskSize module option 2020-03-29 13:56:55 -07:00
volth d8664c78b1 libvirt: 6.0.0 -> 6.1.0, fix module 2020-03-15 11:29:04 +07:00
Jörg Thalheim 505d241ee3
nixos/kvmgt: add udev rules for unprivileged access 2020-03-13 07:04:26 +00:00
Jörg Thalheim 85aae79ca1
nixos/kvmgt: fix driver option
extraModprobeConfig could be applied too late i.e. if the driver has been
loaded in initrd, while the harddrive is still encrypted.
Using a kernelParams works in all cases however.
2020-03-13 07:03:45 +00:00
AmineChikhaoui 33b8f5dd21
ec2 amis: update 19.09 AMIs
this adds support for ap-east-1 and eu-north-1 regions as well.
Fixes: https://github.com/NixOS/nixos-org-configurations/issues/105
2020-03-12 11:32:24 -04:00
Yegor Timoshenko ab88bb26d1
Merge pull request #80736 from mmahut/vboximg
nixos/virtualbox-image: add params
2020-02-22 17:35:05 +03:00
Marek Mahut be255392dd nixos/virtualbox-image: add params 2020-02-21 16:53:32 +01:00
Jörg Thalheim 1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
CRTified c83cc9c364 nixos/docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
This commit fixes #76620. It moves ExecStartPre and ExecStopPost to
preStart and postStop, as these options are composable. It thus allows
adding additional initialisation scripts or cleanup scripts to the systemd
unit of the docker container.
2020-02-15 23:16:43 +01:00
Atemu 08ac06edba
docker-containers: Add autoStart option (#76480)
This option allows the user to control whether or not the docker container is
automatically started on boot. The previous default behavior (true) is preserved
2020-02-15 00:57:31 +02:00
jrp2014 788d8769f7 nixos/virtualisation.hypervGuest: use elevator=noop
Microsoft recommends the NOOP I/O scheduler for disk performance in HYPER-V:

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/best-practices-for-running-linux-on-hyper-v

> NOOP is a first-in first-out queue that passes the schedule decision
> to be made by the hypervisor. It is recommended to use NOOP as the
> scheduler when running Linux virtual machine on Hyper-V.
2020-02-09 19:50:13 +01:00
Benjamin Staffin d04bdce3d1
docker-containers: Don't unconditionally prune images (#79253)
NixOS has `virtualisation.docker.autoPrune.enable` for this
functionality; we should not do it every time a container starts up.

(also, some trivial documentation fixes)
2020-02-05 16:30:31 -05:00
Jörg Thalheim 8a14852fd3
nixos/lxd: add package options for LXC, LXD and ZFS (#73902)
nixos/lxd: add package options for LXC, LXD and ZFS
2020-01-30 14:51:12 +00:00
Jörg Thalheim ccb3846596
lxd: also use default text for other package options 2020-01-30 14:26:54 +00:00
Yorick 508343962e nixos/docker-containers: add imageFile and dependsOn options
- the `imageFile` option allows to load an image from a derivation
- the  `dependsOn` option can be used to specify dependencies between container systemd units.

Co-authored-by: Christian Höppner <mkaito@users.noreply.github.com>
2020-01-28 22:00:54 +01:00
Christian Höppner 94899871b8
nixos/amazon-init.nix: Add gzip to amazon-init path 2020-01-23 14:15:26 +01:00
Christian Höppner 6d68699809
nixos/amazon-init.nix: Add gnutar to amazon-init PATH 2020-01-23 14:15:25 +01:00
Christian Höppner 52d5ce38fb
nixos/amazon-init.nix: add git to amazon-init script PATH 2020-01-23 14:15:18 +01:00
Graham Christensen ebb644a980
Merge pull request #76585 from serokell/mkaito/amazon-userdata-multiple-channels
virtualization/amazon-init: log multiple nix channels, fix nix path.
2020-01-22 19:02:44 -05:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Atemu a461f3fa9c Consider the exit status of docker run in ExecStop (#76444)
We don't need to stop the container if it already exited sucessfully
2020-01-01 18:28:46 -05:00
Florian Klink 90a3908ec3 nixos/containers: use machinectl poweroff
Previously, we were storing the leader pid in a runtime file and
signalled SIGRTMIN+4 manually.

In systemd 219, the `machinectl poweroff` command was introduced, which
does that for us.
2019-12-30 22:28:53 +01:00
Christian Höppner 76ad649dd8
virtualization/amazon-init: fix logging, nix path
The missing `\n` in the printf format string prevented multiple channels from
being logged.

The missing `nixpkgs=` in the `NIX_PATH` prevented `nixos-rebuild` from working
if the system configuration has any reference to `nixpkgs`.

Additionally:

* Use process substitution instead of piping printf to avoid creating a subshell.
* Set an empty `IFS` to avoid word splitting.
* Add the `-r` flag to `read` to avoid mangling backslashes.
2019-12-28 16:58:46 +00:00
Hugo Geoffroy 665d863fce nixos/lxd: add package options for LXC, LXD and ZFS
Currently, LXD always use pkgs.zfs, even if boot.zfs.enableUnstable is set. This
change provides the option to change the LXC, LXD and ZFS packages, and
determines the default ZFS package based on zfs.enableUnstable.
2019-12-23 18:21:48 +01:00
Anders Kaseorg 747cde6246 lxc: Fix lxc-usernet(5) man page reference in documentation
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-12-17 15:37:36 -08:00
Netix (Espinet François) cd3597b486
openvswitch: better integration with systemd
Systemd dependencies for scripted mode
were refactored according to analysis in #34586.

networking.vswitches can now be used with systemd-networkd,
although they are not supported by the daemon, a nixos receipe
creates the switch and attached required interfaces (just like
the scripted version).

Vlans and internal interfaces are implemented following the
  template format i.e. each interface is
described using an attributeSet (vlan and type at the moment).
If vlan is present, then interface is added to the vswitch with
given tag (access mode). Type internal enabled vswitch to create
interfaces (see openvswitch docs).

Added configuration for configuring supported openFlow version on
the vswitch

This commit is a split from the original PR #35127.
2019-12-15 21:16:26 +01:00
Danylo Hlynskyi d206f2304f
nixos containers: disable NixOS manual in container config. (#75659)
This makes ~2.5x speed up of an empty container instantiate, hence reduces
rebuild time of system with many declarative containers.

Note that this doesn't affect production systems much, becaseu those most
likely already include `minimal.nix` profile.
2019-12-15 18:21:52 +02:00
mt_caret 7358e4f93c nixos/lxd: add recommendedSysctlSettings
* nixos/lxd: add productionSetup option
* nixos/lxd: enable some settings by default
* nixos/lxd: rename option
2019-12-14 15:29:08 +01:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
adisbladis 4d78ab0561
Merge pull request #72996 from elohmeier/containers-fix
nixos/containers: fix handling of cfg.additionalCapabilities
2019-11-25 09:35:09 +00:00
worldofpeace 38178a9a5b
Merge pull request #74030 from ckauhaus/connman-to-services.networking
connman: move "networking.connman" options to "services.connman"
2019-11-24 21:24:33 +00:00
Christian Kauhaus edbf94d2ee connman: move options to services
As part of the networking.* name space cleanup, connman should be moved
to services.connman. The same will happen for example with
networkmanager in a separate PR.
2019-11-24 16:23:32 -05:00
Franz Pletz e315f34bb3
Merge pull request #53032 from netixx/update-openvswitch-2.9.2
openvswitch: 2.5.4 -> 2.12.0
2019-11-24 20:53:44 +00:00
Edward Amsden 8bba28260a nixos/digital-ocean-image: init 2019-11-24 08:11:33 -08:00
Franz Pletz f206184a47
nixos/libvirtd: fix typo 2019-11-14 05:39:47 +01:00
c0bw3b 8d3ef32135 nixos/libvirtd: install /etc/ethertypes
Fix #58200
2019-11-11 11:42:16 +01:00
Enno Lohmeier fc7070d133
nixos/containers: fix handling of cfg.additionalCapabilities 2019-11-07 20:35:17 +01:00
Wout Mertens 59e731b0ac
Merge pull request #55645 from eonpatapon/qemu-vm-drives
nixos/qemu-vm: declarative drives
2019-11-04 08:30:37 +01:00
Jörg Thalheim b55a7a3a57
ec2-utils: init at 0.5.1, include in amazon-image profile (#67347)
ec2-utils: init at 0.5.1, include in amazon-image profile
2019-11-01 20:57:44 +00:00
AmineChikhaoui dc13a7f26a
ec2-amis.nix: add 19.09 amis
replace /home/deploy -> $HOME to allow running the script from outside
the bastion.
2019-10-28 14:04:20 -04:00
Florian Klink 32fd88726b nixos/virtualbox: fix systemd-networkd-wait-online.service waiting for vboxnet0
While switching NixOS configurations with both

networking.useNetworkd = true;
virtualisation.virtualbox.host.enable;

You often end up waiting for systemd-networkd-wait-online.service.

This happens because the vboxnet0 device doesn't have a carrier until
virtualbox machines are started, so networkd gets stuck in
"Configuring":

⇒  networkctl list
IDX LINK          TYPE      OPERATIONAL SETUP
  1 lo            loopback  carrier     unmanaged
  2 wlp2s0        wlan      routable    unmanaged
  3 vboxnet0      ether     no-carrier  configuring

This updates the NixOS virtualbox host module to include a
RequiredForOnline=no statement in the generated 40-vboxnet0.network
file, so networkd doesn't consider it necessary for
systemd-networkd-wait-online.service to finish.
2019-10-26 00:45:42 +02:00
Vladimír Čunát f760f0ef48
Revert "Merge #67232: machinectl compliant NixOS installation"
This reverts commit 66967ec752, reversing
changes made to fb6595eafd.
Fixes #70442; discussion: https://github.com/NixOS/nixpkgs/pull/70027
2019-10-07 20:56:59 +02:00
Joachim F 103180155d
Merge pull request #70447 from joachifm/feat/containers-private-networking-lockKernelModules-compat
nixos/containers: explicitly load kernel modules for networking
2019-10-06 11:00:36 +00:00
Joachim Fasting fe3da83b7e
nixos/containers: explicitly load kernel modules for networking
List all modules that *may* be required depending on individual container
configurations; don't expect that further modules can be loaded after boot.

Fixes https://github.com/NixOS/nixpkgs/issues/38676
2019-10-05 12:25:12 +02:00
Netix (Espinet François) e8e980e0e7
openvswitch: 2.5.4 -> 2.12.0
Openvswitch was upgraded to the latest
stable version (currenty 2.12.0). This remove ovs-monitor-ipsec
commands.

LTS version is still available using
`config.virtualisation.vswitch.package = pkgs.openvswitch-lts`
it has been upgraded to 2.5.6.

This commit is a split from the original PR #35127.
2019-10-04 08:12:04 +02:00
Peter Hoeg 8cc9d24fe1
Merge pull request #69387 from peterhoeg/f/optimise
nixos/nix-optimise: be smarter about when we run the store optimiser
2019-09-26 13:10:39 +08:00
Franz Pletz 66967ec752
Merge pull request #67232 from ck3d/container-useHostResolvConf
machinectl compliant NixOS installation
2019-09-25 09:34:17 +00:00
Sascha Grunert 2c3dcbb9d0 Add cri-o service to modules (#68153)
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2019-09-21 14:18:42 +00:00
Christian Kögler 28853d8954
container config: better default in case of resolved
Avoid assertion in nixos/modules/system/boot/resolved.nix
if service systemd-resolved is enabled.
2019-09-13 17:29:50 +02:00
Frederik Rietdijk 66bc7fc1b3 Merge master into staging-next 2019-09-06 22:46:05 +02:00
Ivan Kozik 5a03f90525 nixos/railcar: remove use of the deprecated string type
This fixes the warning being emitted by nixos-rebuild switch:

building Nix...
building the system configuration...
trace: warning: types.string is deprecated because it quietly concatenates strings

It started emitting a warning in #66346.
2019-09-06 14:53:11 +00:00
Jan Tojnar cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Jan Tojnar ed54a5b51d
Merge branch 'gtk-no-plus' 2019-09-06 02:57:51 +02:00
Jan Tojnar 72e7d569a7
tree-wide: s/GTK+/GTK/g
GTK was renamed.
2019-09-06 02:54:53 +02:00
Katharina Fey 589c156869 nixos/railcar: small style changes 2019-09-04 22:46:42 +00:00
Katharina Fey 8f7da8ce0b nixos/railcar: init 2019-09-04 22:46:42 +00:00
Andrew Childs 5501274b5f amazon-image.nix: add EFI support, enable by default for aarch64 2019-09-05 00:52:17 +09:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Florian Klink 7f42adf7a2
Merge pull request #67848 from flokli/google-compute-config-units
google-compute-config.nix: fix comments, update google-*.service units, fix paths in gce
2019-09-01 19:04:06 +02:00
Florian Klink e95d4c734a google-compute-config.nix: use sysctl snippets from gce
We make them available at ${gce}/sysctl.d and add them to
environments.etc, like we do with the systemd ones.
2019-09-01 02:55:28 +02:00
Florian Klink d658dd4ce0 google-compute-config.nix: add coreutils to google-instance-setup's $PATH
It executes bin/google_set_multiqueue which will execute basename
2019-09-01 01:23:18 +02:00
Florian Klink 106a1fe265 google-compute-config: sync with upstream units
With local-fs.target part of sysinit.target
(https://github.com/NixOS/nixpkgs/pull/61321), we don't need to add it
explicitly to certain units anymore, and can change dependencies like
they are in other distros (I picked from Google's official CentOS 7
image here).

Like them, use StandardOutput=journal+console to pipe google-*.service
output to the serial console as well.
2019-08-31 22:49:29 +02:00
Florian Klink a811437e6e google-compute-config.nix: update comment about ssh login
also move OS Login next to it, for better understandability
2019-08-31 22:49:29 +02:00
Florian Klink bbb525d541 google-compute-config: remove amazon pv-grub comment 2019-08-31 22:49:29 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
davidak eba686ddfa nixos-containers: add TimeoutStartSec option
Default is now 1m instead of global default of 15sec. It is also
configurable.

Fixes issue where start of many containers (40+) fail
https://github.com/NixOS/nixpkgs/issues/65001
2019-08-28 14:54:51 +02:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Alexander Bakker d20022018e libvirtd: add onBoot option
This adds a new ``onBoot`` option that allows specifying the action taken on
guests when the host boots. Specifying "start" ensures all guests that were
running prior to shutdown are started, regardless of their autostart settings.
Specifying "ignore" will make libvirtd ignore such guests. Any guest marked as
autostart will still be automatically started by libvirtd.
2019-08-23 17:52:12 +02:00
Andrew Childs 4c446b8268 amazon-image: include ec2-utils in udev rules
This sets up device mappings like /dev/xvda -> /dev/nvme0n1
2019-08-23 23:27:49 +09:00
Marek Mahut 4aef2212ee
Revert "nixos/containers: add unprivileged option" 2019-08-23 08:24:06 +02:00
Marek Mahut 27acea73b8
Merge pull request #67130 from uvNikita/containers/unprivileged
nixos/containers: add unprivileged option
2019-08-23 08:00:35 +02:00
Nikita Uvarov 578d712af4
nixos/containers: fix imperative containers
Fixes #67174.
2019-08-21 20:48:27 +02:00
Nikita Uvarov 7e7fc6471e
nixos/containers: add unprivileged option
Fixes #57083.
2019-08-21 00:01:29 +02:00
Marek Mahut 94c51859df
Merge pull request #66846 from uvNikita/containers/ephemeral
nixos/containers: add 'ephemeral' option
2019-08-19 20:55:33 +02:00
Nikita Uvarov c740f0d400
nixos/containers: add 'ephemeral' option 2019-08-19 15:21:35 +02:00
Florian Klink 9be0327a49 nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.

These enable:
 - Loose reverse path filtering
 - Source route filtering
 - `fq_codel` as a packet scheduler (this helps to fight bufferbloat)

This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.

Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.

In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
Peter Hoeg 503ca1f40c nixos aws: use in-kernel ixgbevf driver (#58956) 2019-08-15 02:58:22 +03:00
worldofpeace a6ce6c1052
Merge pull request #61981 from ambrop72/no-opengl-ld-library-path
nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
2019-07-11 13:15:51 -04:00
Frederik Rietdijk 74c24385cb Merge master into staging-next 2019-07-09 15:46:00 +02:00
Nikolay Amiantov 13b8156030 kvmgt service: use modprobe, force-load module 2019-07-08 22:21:09 +03:00
Frederik Rietdijk 25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Peter Hoeg 897834f015 nixos/nix-optimise: be smarter about when we run the store optimiser
We might be inside a NixOS container on a non-NixOS host, so instead of not
running at all inside a container, check if the nix-daemon socket is writable as
it will tell us if the store is managed from here or outside.

Fixes #63578
2019-07-03 09:37:14 +08:00
worldofpeace 3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
Peter Hoeg 67cca52fd9
Merge pull request #53204 from peterhoeg/m/libvirt
libvirt: support proper networking in user session
2019-06-27 11:39:48 +08:00
Eelco Dolstra aef7f1b31a
Typo 2019-06-25 14:46:04 +02:00
Peter Hoeg 28563ef5cb libvirtd (nixos): support bridging for user sessions 2019-06-21 11:11:48 +08:00
Jörg Thalheim 55e2c850a3
nixos/kvmgt: fix starting condition (#62096)
nixos/kvmgt: fix starting condition
2019-06-17 16:32:54 +01:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Danylo Hlynskyi e718eb6243
Merge pull request #62712 from danbst/module-conflict-naming
NixOS module system: improve one of error messages
2019-06-13 11:59:54 +03:00
Graham Christensen b2fbbad107
nixos containers: restart containers with autoStart = true when their conf changes 2019-06-06 11:57:08 -04:00
Graham Christensen e7872cda4b
nixos containers: don't shadow config, rename to containerConfig 2019-06-06 11:57:05 -04:00
danbst f7940bb95d nixos/containers: give a name to an anonymous container module
See https://github.com/NixOS/nixpkgs/issues/15747. Previously this module was called `<unknown-file>`
in error messages, now it is called a bit more close to real:
```
module at /home/danbst/dev/nixpkgs/nixos/modules/virtualisation/containers.nix:470
```
2019-06-05 03:11:09 +03:00
Ding Xiang Fei 359fd5b729 nixos/modules/virtualisation/google-compute-config.nix: pin filesystem type to ext4 for now
Fix #61859.
Assertion fails when a Google Compute Engine image is built, because
now choices of filesystem types are restricted to `f2fs` and `ext` family if
auto-resizing is enabled.
This change will pin the filesystem used on such an image to be `ext4` for now.
2019-05-27 14:15:02 +08:00
gnidorah eac62f61d1 nixos/kvmgt: fix starting condition 2019-05-26 22:02:43 +03:00
Ambroz Bizjak 370d3af0c4 nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
A new internal option `hardware.opengl.setLdLibraryPath` is added which controls if `LD_LIBRARY_PATH` should be set to `/run/opengl-driver(-32)/lib`. It is false by default and is meant to be set to true by any driver which requires it. If this option is false, then `opengl.nix` and `xserver.nix` will not set `LD_LIBRARY_PATH`.

Currently Mesa and NVidia drivers don't set `setLdLibraryPath` because they work with libglvnd and do not override libraries, while `amdgpu-pro`, `ati` and `parallels-guest` set it to true (the former two really need it, the last one doesn't build so is presumed to).

Additionally, the `libPath` attribute within entries of `services.xserver.drivers` is removed. This made `xserver.nix` add the driver path directly to the `LD_LIBRARY_PATH` for the display manager (including X server). Not only is it redundant when the driver is added to `hardware.opengl.package` (assuming that `hardware.opengl.enable` is true), in fact all current drivers except `ati` set it incorrectly to the package path instead of package/lib.

This removal of `LD_LIBRARY_PATH` could break certain packages using CUDA, but only those that themselves load `libcuda` or other NVidia driver libraries using `dlopen` (not if they just use `cudatoolkit`). A few have already been fixed but it is practically impossible to test all because most packages using CUDA are libraries/frameworks without a simple way to test.

Fixes #11434 if only Mesa or NVidia graphics drivers are used.
2019-05-26 10:23:46 +02:00
mkenigs 42232ebea4
docker: fix typo 2019-05-22 08:40:01 -07:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Eelco Dolstra de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
Ambroz Bizjak 5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Samuel Dionne-Riel 429e554714 nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer dbc4543812 nixos/virtualbox: add swap file
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.

Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
AmineChikhaoui 548932640b
ec2-amis.nix: add 19.03 amis 2019-04-18 23:07:14 -04:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
aszlig 68efd790b8
nixos: Don't enable Docker by default
Regression introduced by c94005358c.

The commit introduced declarative docker containers and subsequently
enables docker whenever any declarative docker containers are defined.

This is done via an option with type "attrsOf somesubmodule" and a check
on whether the attribute set is empty.

Unfortunately, the check was whether a *list* is empty rather than
wether an attribute set is empty, so "mkIf (cfg != [])" *always*
evaluates to true and thus subsequently enables docker by default:

$ nix-instantiate --eval nixos --arg configuration {} \
    -A config.virtualisation.docker.enable
true

Fixing this is simply done by changing the check to "mkIf (cfg != {})".

Tested this by running the "docker-containers" NixOS test and it still
passes.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @benley, @danbst, @Infinisil, @nlewo
2019-03-26 07:10:18 +01:00
Samuel Dionne-Riel 60847311e6 nixos/virtualbox-image: set the root fsType to reenable root FS resizing
This otherwise does not eval `:tested` any more, which means no nixos
channel updates.

Regression comes from 0eb6d0735f (#57751)
which added an assertion stopping the use of `autoResize` when the
filesystem cannot be resized automatically.
2019-03-24 22:41:26 -04:00
Benjamin Staffin c94005358c NixOS: Run Docker containers as declarative systemd services (#55179)
* WIP: Run Docker containers as declarative systemd services

* PR feedback round 1

* docker-containers: add environment, ports, user, workdir options

* docker-containers: log-driver, string->str, line wrapping

* ExecStart instead of script wrapper, %n for container name

* PR feedback: better description and example formatting

* Fix docbook formatting (oops)

* Use a list of strings for ports, expand documentation

* docker-continers: add a simple nixos test

* waitUntilSucceeds to avoid potential weird async issues

* Don't enable docker daemon unless we actually need it

* PR feedback: leave ExecReload undefined
2019-03-25 00:59:09 +02:00
Bob van der Linden d8dc1226f4
nixos/openvswitch: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden 8c1e00095a
nixos/docker: /var/run -> /run 2019-03-24 21:15:34 +01:00
Andreas Rammhold af27dbf1d1
Merge pull request #57897 from rnhmjoj/fix-ipv6
nixos/containers: create veths if only IPv6 is configured
2019-03-24 18:17:06 +01:00
Gabriel Ebner 03f7c82e62
Merge pull request #57826 from gebner/anbox
anbox: init at 2019-03-07
2019-03-22 19:19:47 +01:00
Antoine Eiche f116d046f6 openstackImage: set the / fsType to reenable root FS resizing
Since 34234dcb51, the reisizefs tool is
embeded only if the `fsType` starts with `ext`. The default `fsType`
value is `auto`.
2019-03-21 10:04:07 +01:00
rnhmjoj 552e583ef0
nixos/containers: create veths if only IPv6 is configured
This fixes the failing nixos.tests.containers-ipv6 test. Thanks to andir.
2019-03-20 04:38:10 +01:00
Edward Tjörnhammar 0f03f28b75 nixos/anbox: init module
Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
2019-03-18 09:28:02 +01:00
talyz 261372b69c amazon-image.nix: Resolve failure to include resize2fs
Since 34234dcb51, for resize2fs to be automatically included in
initrd, a filesystem needed for boot must be explicitly defined as an
ext* type filesystem.
2019-03-15 17:33:45 +01:00
Aristid Breitkreuz 3671047632 virtualbox-host module: fix warnings syntax 2019-03-09 11:39:22 +01:00
Silvan Mosberger 70ed39d899
Merge pull request #56322 from bendlas/warn-virtualbox-config
virtualbox: add warning for ineffective nixpkgs config
2019-03-08 21:06:50 +01:00
Herwig Hochleitner 8b6a38ce7e nixos/virtualbox: add warning when for ineffective nixpkgs config
nixpkgs.config.virtualbox.enableExtensionPack doesn't do anything, but
used to. Add a warning for the unsuspecting.
2019-03-06 17:31:54 +01:00
Averell Dalton 7f7209ef9a nixos/docker: add enableNvidia option 2019-02-27 09:56:03 +01:00
Ryan Mulligan d14f102334
Merge pull request #44573 from vincentbernat/feature/cloudstack
nixos/cloudstack-image: initial import
2019-02-24 08:28:42 -08:00
Peter Hoeg ecb3c507f5
Merge pull request #54917 from peterhoeg/f/vmware
vmware: move from services to virtualisation and add support for paravirtual controller
2019-02-20 14:34:25 +08:00
Jean-Philippe Braun 376b2ef2b8 nixos/qemu-vm: declarative drives
Adds `virtualisation.qemu.drives` option to specify drives to be used by
qemu.

Also fix boot when `virtualisation.useBootLoader` is set to true. Since
the boot disk is second qemu doesn't boot on it. Added `bootindex=1` to
the boot disk device.
2019-02-12 16:55:02 +01:00
lewo b2f3738336
Merge pull request #55589 from johanot/docker-preloader-mkif-guard
nixos/dockerPreloader: guard the entire implemetation with mkIf on image list
2019-02-12 10:16:21 +01:00
Johan Thomsen 302c4df41d nixos/dockerPreloader: guard the entire implemetation with mkIf on image list 2019-02-11 23:35:25 +01:00
Florian Klink e6df4dfe59
Merge pull request #54800 from nlewo/nova
Remove cloud-init from the Openstack image configuration
2019-02-11 22:23:32 +01:00
Antoine Eiche 933da6de91 nixos: Add ec2-metadata-fetcher.nix file
To share the metadata fetcher script between ec2 and Openstack images.
2019-02-11 20:58:45 +01:00
Antoine Eiche 78acac050f nixos/openstackImage: default hostname is empty string
This is to let the `ec2-data.nix` module sets the hostname from the
metadata API value.
2019-02-11 20:58:45 +01:00
Antoine Eiche d190b204f0 Rename novaImage to openstackImage
People don't necessary know `nova` is related to Openstack (it is a
component of Openstack). So, it is more explicit to call it
`openstackImage`.
2019-02-11 20:58:44 +01:00
Antoine Eiche 849460f878 nova-image: add amazon-init module to the nova image
This allows the VM to provide a `configuration.nix` file to the VM.

The test doesn't work in sandbox because it needs Internet (however it
works interactively).
2019-01-28 14:44:41 +01:00
Florian Klink 38be383a6f
Merge pull request #53419 from uvNikita/containers/fix-bridge
nixos/containers: add bridge without address specified
2019-01-28 12:39:13 +01:00
Antoine Eiche 2858b35100 nova-image: use wget instead of cloud-init (via EC2 API)
The Openstack metadata service exposes the EC2 API. We use the
existing `ec2.nix` module to configure the hostname and ssh keys of an
Openstack Instance.

A test checks the ssh server is well configured.

This is mainly to reduce the size of the image (700MB). Also,
declarative features provided by cloud-init are not really useful
since we would prefer to use our `configuration.nix` file instead.
2019-01-28 11:59:18 +01:00
Franz Pletz ca0639837c
Merge pull request #53871 from elseym/fix-container-extraveths
nixos/containers: explicitly set link up on host for extraVeths
2019-01-14 03:59:19 +00:00
Profpatsch c8c53fcb11 modules/profiles/minimal: sound is disabled by default
The option is `false` by default since
e349ccc77f, so we don’t need to mention
it explicitely in these minimal configs.
2019-01-13 13:47:36 +01:00
elseym 8a8bf886b5
nixos/containers: explicitly set link up on host for extraVeths 2019-01-13 11:27:39 +01:00
Nikita Uvarov 53013ead39
nixos/containers: add bridge without address specified
According to systemd-nspawn(1), --network-bridge implies --network-veth,
and --port option is supported only when private networking is enabled.
Fixes #52417.
2019-01-07 14:21:17 +01:00
Florian Klink 706efadcb6 nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon
Use googleOsLogin for login instead.
This allows setting users.mutableUsers back to false, and to strip the
security.sudo.extraConfig.

security.sudo.enable is default anyhow, so we can remove that as well.
2018-12-21 17:52:37 +01:00
Florian Klink 0834e98ece
Merge pull request #51393 from arianvp/container-names
nixos/containers: Add assertion for container name length
2018-12-05 01:25:16 +01:00
Jörg Thalheim 958d8e625e
Merge pull request #49392 from uvNikita/nixos/containers/veths
nixos/containers: don't create veths if not configured
2018-12-03 23:44:50 +00:00
Arian van Putten bf102825ef nixos/containers: Add assertion for container name length
When privateNetwork is enabled, currently the container's interface name
is derived from the container name. However, there's a hard limit
on the size of interface names. To avoid conflicts and other issues,
we set a limit on the container name when privateNetwork is enabled.

Fixes #38509
2018-12-02 15:26:39 +01:00
Erik Arvstedt c64a9718ce nixos/containers: simplify env var definition
Also clear up the misleading comment: This env var isn't
root-specific, it's needed for all users.
2018-11-26 23:06:56 +01:00
Ding Xiang Fei 88570538b3 google-compute-image: make it a module and the size tuneable (#49854)
* move GCE system configuration to `google-compute-config.nix`
* remove `fetch-ssh-keys` service (disabled in comment)
2018-11-26 14:51:00 +00:00
Ding Xiang Fei b011049cf6 Merge branch 'master' of https://github.com/nixos/nixpkgs into tarball-closureinfo 2018-11-26 12:04:07 +08:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 (#50934)
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
Jörg Thalheim 50daffc4b8
nixos/docker-image: add example usage 2018-11-23 15:40:10 +00:00
Vincent Bernat 15f98b7192 nixos/cloudstack-image: initial import
Cloudstack images are simply using cloud-init. They are not headless
as a user usually have access to a console. Otherwise, the difference
with Openstack are mostly handled by cloud-init.

This is still some minor issues. Notably, there is no non-root user.
Other cloud images usually come with a user named after the
distribution and with sudo. Would it make sense for NixOS?

Cloudstack gives the user the ability to change the password.
Cloud-init support for this is imperfect and the set-passwords module
should be declared as `- [set-passwords, always]` for this to work. I
don't know if there is an easy way to "patch" default cloud-init
configuration. However, without a non-root user, this is of no use.

Similarly, hostname is usually set through cloud-init using
`set_hostname` and `update_hostname` modules. While the patch to
declare nixos to cloud-init contains some code to set hostname, the
previously mentioned modules are not enabled.
2018-11-17 20:40:11 +01:00
Rob Vermaas 02b60418b1 Update GCE image for 18.09
(cherry picked from commit e0eb712136)
2018-11-16 11:43:42 +01:00
Matthew Bauer 2b604c2836
Merge pull request #49670 from matthewbauer/pkgs-i686-remove
Fix pkgsi686Linux assertion
2018-11-04 12:49:09 -06:00
Sarah Brofeldt 99c052bac4 nixos/google-network-daemon: systemd job type simple instead of oneshot (#49692) 2018-11-03 16:16:17 +01:00
Florian Klink 4d51002216
Merge pull request #49650 from srghma/srghma-patch-1
amazon-image: fix typo in comment
2018-11-03 16:04:47 +01:00
Matthew Bauer 4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00