Eventually we'd like to change our posture on this, and somehow ensure
that 'init' is always our systemd binary, but for now containers
require us to do it this way.
If user already has qemu installed in their system, there might be a collision between normal qemu-system-i386, and qemu-system-i386 with Xen support enabled
In this case, we want Xen supported qemu to win, as otherwise systems won't start with the configuration we provide in NixOS wiki
This will ensure reproducibility between different nixos systems, where
one system has store optimization enabled (which will hardling similar
files in the nix store) and the other doesn't. Without the flag, the
same image, built on the two different systems, will have a different
number of inodes. The flag will dereference hardlinks and copy them
into the image as different inodes.
Signed-off-by: Paul Meyer <katexochen0@gmail.com>
This allows users to keep using `docker run --gpus`. Despite CDI is
the recommended way to expose GPU's to containers nowadays, allow
users to keep using the old `--gpus` method.
Integrated the flake container setup into the spawn script for systemd-nspawn.
The trickiest part of this was ensuring the underlying per-container is built.
With the .conf file created, running `nixos-container update` creates all the necessary per-container structure.
We call this command at start to ensure the structure is created only if the per-container system isnt there.
Note: This also means the flake gets updated to branch HEAD when the container is started for the first time.
While the nixos-container command allows for the creation of containers pointing to a flake, the declarative module doesn't have this option.
Adds the flake option for nixos-container declarative approach. Creates the /etc/nixos-container .conf file similar to how the command preforms it.
Upstream, intentionally or not, no longer appends the EFI image
with a .pad section for us to hook the rest of the UKI to. This
simply dehardcodes .pad from the awk script, instead using the
very last section in the binary. (Currently .reloc)
Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
By being in sync with the pname, it makes it easier to walk back from
the pname that shows in the /nix/store back to the attribute.
This change should not cause any rebuild.
