tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-13 19:29:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
811902 commits 206 branches 129 tags 14 GiB
Commit graph

2095 commits

Author SHA1 Message Date
Benedikt Ritter ef2bde5a13
docker: use serviceConfig.ExecStart instead of script 2025-03-19 11:12:59 +01:00
Benedikt Ritter ccdfb91b48
podman: use serviceConfig.ExecStart instead of script 2025-03-19 11:08:18 +01:00
Todd Brown b5c9cecbcc
nixos/docker: add auto prune randomizedDelaySec and persistent options (#301547) 
docker: add auto prune randomizedDelaySec and persistent options

Options mirror nix garbage collection
 2025-03-16 10:56:31 +01:00
Bruce Toll ae4750868c nixos/ec2-data fix host fingerprint output to console (regression) 
PR #322282 introduced a regression that causes the previous display of
the ssh host key fingerprints to get directed to the journal rather than
the console (as intended). Thus, the console only logs an empty set of
fingerprints:

    -----BEGIN SSH HOST KEY FINGERPRINTS-----
    -----END SSH HOST KEY FINGERPRINTS-----

The fix is to reorder the bash statement that invokes ssh-keygen so
that the ssh-keygen output is directed to /dev/console.
 2025-03-15 13:16:03 -04:00
Marie Ramlow 342c4f300b nixos/{renovate, libvirtd}: fix typo 2025-03-15 00:30:21 +05:30
Emma Miler 542a053b32 nixos/oci-containers: add autoRemoveOnStop option 
Adds the autoRemoveOnStop option to allow stopped or killed containers to stay around after stop. Default behaviour remains the same.
 2025-03-10 19:35:47 +01:00
Kevin Boulain c2d4e8f4cb nixos/nixos-containers: user options take precedence over module ones 
I think this is the norm in NixOS modules. This allows to start a
container with '--volatile=overlay --link-journal=host' in order to
persist logs across runs of a container running with a temporary root.
While '--ephemeral' omits '--link-journal=try-guest', it's not possible
to run an ephemeral container when linking the journal:
https://github.com/systemd/systemd/issues/1666
 2025-03-09 11:08:56 +01:00
Maximilian Bosch 7d443d378b
nixos/oci-containers: support rootless containers & healthchecks 
Closes #259770
Closes #207050

The motivation for the former is to not execute the container as root,
so you don't have to `sudo -i` to perform podman management tasks.

The idea behind healthchecks is to be able to keep the unit in the
activating state until the container is healthy, only then then unit is
marked as active.

The following changes were necessary:

* Move the ctr-id into `/run/${containerName}` to make podman can
  actually write to it since it's now in its RuntimeDirectory.

* Make `sdnotify` option configurable (`healthy` for healthchecks that
  must pass, default remains `conmon`).

* Set Delegate=yes for `sdnotify=healthy` to make sure a rootless
  container can actually talk to sd_notify[1].

* Add a warning that lingering must be enabled to have a `systemd --user`
  instance running which is required for the cgroup support to work
  properly.

* Added a testcase for rootless containers with both conmon and
  healthchecks.

[1] https://github.com/containers/podman/discussions/20573#discussioncomment-7612481
 2025-02-27 11:08:33 +01:00
Sandro c2fbe453e6
nixos/libvirtd: fix path in hooks.network desc (#372951) 2025-02-19 21:32:22 +01:00
Ramses 51e84098b5
nixos-container: avoid subshell when testing $PRIVATE_USERS (#383056) 2025-02-19 10:46:48 +01:00
Jean-Baptiste Giraudeau 57c96ff6ef
nixos-container: avoid subshell when testing $PRIVATE_USERS 
So that the script is not rejected by https://www.shellcheck.net/wiki/SC2235
 under `systemd.enableStrictShellChecks = true;`
 2025-02-18 09:41:55 +01:00
Sandro 86f9eeb816
nixos-container: add support for --private-users (#362210) 2025-02-18 00:09:56 +01:00
Adam C. Stephens 8780973144
incus.ui: 0.7 -> incus-0.14.6, rename to incus-ui-canonical (#382440) 2025-02-16 17:43:56 -05:00
Adam C. Stephens ad53a8451f
incus-ui-canonical: rename from incus.ui 2025-02-16 17:33:03 -05:00
Christian Kögler bbd8de2fdd
nixos-container: do not touch os-release if it is a symlink (#353366) 2025-02-16 07:43:34 +01:00
Jean-Baptiste Giraudeau c8f83ec641
nixos-container: add support for --private-users 
imply bind mounts with idmap option when user namespacing is enabled,
 so that /nix/store and friends are correctly own by root user.
 2025-02-12 14:28:57 +01:00
Robert Hensing 0b47fba230 Revert "nixos/nixpkgs: make config.nixpkgs.{localSystem,crossSystem,buildPlatform,hostPlatform} write only" 
This reverts commit 0a19371146.
 2025-02-05 14:29:18 +01:00
Florian Klink 4742e5b16e
nixos/azure: move image-specific configs from azure-common to azure-image, fix console output (#359365) 2025-02-02 22:57:49 +02:00
Adam C. Stephens 7a982a65fe
nixos/incus: fix some nvidia container errors (#378352) 2025-02-02 14:31:29 -05:00
Wolfgang Walther c0e2fbbcad
nixos/amazon-image: fix eval 2025-02-02 13:29:03 +01:00
Wolfgang Walther c1793a336b
pkgs/top-level: make package sets composable (reapply) (#376988) 2025-02-02 11:41:17 +01:00
codgician 1460db45f6
waagent: optimize option descriptions 2025-02-02 16:12:00 +08:00
Wolfgang Walther 0a19371146
nixos/nixpkgs: make config.nixpkgs.{localSystem,crossSystem,buildPlatform,hostPlatform} write only 
The description for options.nixpkgs.system already hints at this:

  Neither ${opt.system} nor any other option in nixpkgs.* is meant
  to be read by modules and configurations.
  Use pkgs.stdenv.hostPlatform instead.

We can support this goal by not elaborating the systems anymore, forcing
users to go via pkgs.stdenv.

This will prevent problems when making the top-level package sets
composable in the next commit. For this to work, you should pass a fully
elaborated system to nixpkgs' localSystem or crossSystem options.
 2025-02-01 12:04:59 +01:00
Adam C. Stephens 0619ac75c2
nixos/incus: condition nvidia support, ensuring nvidia_uvm module is enabled 2025-01-31 15:53:38 -05:00
Jörg Thalheim ce99e2aa18 amazon: make fileSystems option disko-compatible 
When using disko, the user can choose their own filesystem layout.
In that case we don't want to specify fileSystems with normal priority
as it would not allow disko to set its own values.
 2025-01-27 22:09:20 +01:00
Peder Bergebakken Sundt 953f72e76e nixos/*: tag manpage references 2025-01-27 02:47:01 +01:00
Adam C. Stephens 0e7fa5714c
incus: fix instance unclean shutdown, add per-instance lxcfs support (#373920) 2025-01-25 10:05:03 -05:00
Bjørn Forsman cb4d104baf nixos/libvirt-guests: add missing dependency on libvirtd.service 
Ensure that VMs get properly suspended (or shutdown) instead of "pulling
the plug" on them.

Simulating shutdown with
`sudo systemctl stop libvirtd.service libvirtd-ro.socket libvirtd-admin.socket libvirtd.socket libvirt-guests`:

Before:

  systemd[1]: Stopping libvirt guests suspend/resume service...
  libvirt-guests.sh[1472512]: Can't connect to default. Skipping.
  systemd[1]: libvirt-guests.service: Deactivated successfully.

After:

  systemd[1]: Stopping libvirt guests suspend/resume service...
  libvirt-guests.sh[1524073]: Running guests on default URI:
  libvirt-guests.sh[1524067]: ubuntu22.04
  libvirt-guests.sh[1524100]: Suspending guests on default URI...
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: ...
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: 1.421 GiB
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: 2.618 GiB
  libvirt-guests.sh[1524067]: Suspending ubuntu22.04: done
  systemd[1]: libvirt-guests.service: Deactivated successfully.
 2025-01-25 14:38:55 +01:00
codgician b5a03db807
waagent: patch openssl path 2025-01-21 21:33:50 +08:00
Adam C. Stephens 80e73d690a
nixos/incus: add lxc hook path to service env 
Fixes nvidia.runtime container passing
 2025-01-17 10:11:08 -05:00
Adam C. Stephens 274e0fd934
incus: support per-instance lxcfs 
This was added in 6.4 and backported to LTS 6.0.2
 2025-01-17 10:11:06 -05:00
Adam C. Stephens 9b660dff6d
incus: fix instance shutdown when softDaemonRestart enabled 2025-01-17 10:11:04 -05:00
K900 ae2abfc64a
nixos/hyperv-guest: drop fb_hyperv in favor of drm_hyperv (#372743) 2025-01-17 17:29:47 +03:00
K900 b20e6abfaf nixos/hyperv-guest: remove the now useless videoMode option 2025-01-14 09:47:22 +03:00
Jonas Heinrich 58c5aeb53c nixos/libvirtd: Add proper UEFI support 2025-01-13 22:49:50 +01:00
codgician b5592e1165
nixos/azure: enable networking.useNetworkd 2025-01-12 11:47:55 +08:00
codgician 6c443658e6
nixos/azure: improve code readability 2025-01-12 11:43:32 +08:00
codgician d3d6adec36
waagent: fix typo 2025-01-12 11:43:32 +08:00
codgician 2249c0859e
nixos/waagent: specify OS.OpensslPath by default 2025-01-12 11:43:32 +08:00
codgician 538efe3263
nixos/azure: improve documentation 2025-01-12 11:43:32 +08:00
codgician 0a0f6543ad
azure-image: set font & splashImage to null to force text mode, so console for Gen 2 VM could work 2025-01-12 11:43:31 +08:00
codgician 6b9a77767a
nixos/azure: move image specific config out of azure-common 2025-01-12 11:43:31 +08:00
vdbe 2adcab08d2
nixos/libvirtd: fix path in hooks.network desc 
`virtualisation.libvirtd.hooks.network` places the hooks under
`/var/lib/libvirt/hooks/network.d/`.
 2025-01-11 15:41:02 +01:00
Donovan Glover 310cc42940
anbox: drop (#370821) 2025-01-05 22:19:09 +00:00
Thiago Kenji Okada 6e6188af7b
image/images: Adapt remaining images to system.build.image & normalized filenames, (#359345) 2025-01-05 20:28:23 +00:00
Thomas Gerbet 9330230e47 anbox: drop 
Upstream project is not maintained anymore and the package
currently does not build.

https://github.com/anbox/.github/blob/main/profile/README.md
 2025-01-05 16:16:26 +01:00
Gaétan Lepage af96c38e09
nixos/oci-containers: option to set the service name of a oci-ontainer (#370089) 2025-01-04 15:39:41 +01:00
Ryan Hendrickson a7f712ad6e
vmware-guest: Don't use lib directly for maintainers (#364628) 2025-01-03 18:31:30 -05:00
Sandro 7cdeae9904
nixos/google-compute-image: fix image build (#368313) 2025-01-02 23:29:32 +01:00
andre4ik3 0725951bfc
nixos/libvirtd: link Microsoft-templated OVMF files to shared folder (#346904) 
Link MS OVMF files to shared folder as well
 2025-01-02 16:21:44 +01:00
lucasew d01038921c nixos/oci-containers: option to set the service name of a oci-container 
Signed-off-by: lucasew <lucas59356@gmail.com>
 2025-01-01 22:51:04 -03:00
Christian Kögler fe6b667206
nixos/qemu-vm: set permissions for tmpfs root (#363628) 2025-01-01 21:03:57 +01:00
Arthur Gautier 28e1cce57e
qemu-vm: implement virtualization.tpm.provisioning (#364379) 2024-12-26 14:58:02 -08:00
illustris 9cf8344f71
nixos/google-compute-image: fix image build 2024-12-26 17:50:39 +05:30
Friedrich Altheide c792c60b8a
virtualboxGuestAdditions: Additional 7.1.4 fixes (#366080) 
* virtualboxGuestAddtitions: Load required dynamic libs

* virtualboxGuestAdditions: Remove unused code

* virtualboxGuestAdditions: introduce verbose logging option

* virtualboxGuestAdditions: only load vboxsf if enabled in module options
 2024-12-25 22:09:11 +01:00
Jörg Thalheim 8aca0d9450
podman: backport removing incomplete layers fix (#367629) 2024-12-24 09:01:57 +01:00
Michael Hoang a6a7341fef nixos/podman: expose virtualisation.podman.package 2024-12-24 15:08:43 +11:00
Nico Felbinger e65d6fba75
nixos-containers: add networkNamespace option 2024-12-23 00:18:02 +01:00
Adam C. Stephens cbe221c56a
nixos/incus: seabios is x86_64 only 2024-12-20 19:18:09 +00:00
Adam C. Stephens d441bda392
incus: refactor tests and fix VM CSM support (#365778) 2024-12-19 19:55:14 -05:00
Adam C. Stephens 6cd3dd3c64
incus: fix CSM support 2024-12-18 23:45:33 -05:00
Sandro 5f88672973
nixos/podman: add systemd to extraPackages (#362372) 2024-12-18 22:48:34 +01:00
phaer 48ec455ae8 virtualisation/disk-image: init 
New module to support qemu, qemu-efi, raw, raw-efi outputs as known
from nixos-generators in system.build.images.
 2024-12-16 15:35:22 +01:00
Arthur Gautier b82554d2a4 qemu-vm: implement virtualization.tpm.provisioning 
This option allows for TPM to provisionned before the control is handed
over to the qemu VM.

This is useful to add EK certificates.

The socket has been split in two, a server socket as well as the control
socket for compatibility with the tpm2-tss swtpm TCTI.

Because the control socket may now be used for provisioning, the swtpm
does not terminate when a client disconnects, and the stop of the swtpm
daemon is now controlled by a call to `swtpm_ioctl`.
 2024-12-12 09:00:31 -08:00
Yethal 91bb1c6d75
oci-containers: consolidate capabilities interface (#363574) 
* oci-containers: consolidate capabilities interface

* Update nixos/modules/virtualisation/oci-containers.nix

Improved wording

Co-authored-by: Benjamin Staffin <benley@zoiks.net>

---------

Co-authored-by: Benjamin Staffin <benley@zoiks.net>
 2024-12-12 11:50:13 -05:00
Jeremy Kolb 7d4abac4b5
vmware-guest: Don't use lib directly for maintainers 2024-12-12 10:35:08 -05:00
Florian Klink 4e7a971fe4
nixos/waagent: init module (#362101) 2024-12-12 14:11:39 +02:00
Silvan Mosberger 4f0dadbf38 treewide: format all inactive Nix files 
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build a08b3a4d19.tar.gz \
      --argstr baseRev b32a094368
    result/bin/apply-formatting $NIXPKGS_PATH
 2024-12-10 20:26:33 +01:00
Illia Ostapyshyn 43300fe72a
nixos/qemu-vm: set permissions for tmpfs root 
World-writable fs root breaks ssh key authentication (and likely other
programs).
 2024-12-09 16:44:16 +01:00
Arne Keller 6137b22220
nixos/qemu-vm: minor readability improvements (#339681) 2024-12-09 06:35:00 +01:00
codgician d07d8a5589
waagent: improve code readability and doc 2024-12-08 11:05:57 +08:00
codgician 0d7c515332
waagent: init module 2024-12-06 23:32:16 +08:00
Nikita Pedorich 77e81fd860
nixos/podman: add systemd to extraPackages 2024-12-06 19:48:00 +09:00
Yethal 04bf3d8774
nixos/modules/virtualisation: additional configuration options (#349537) 
oci-containers: additional configuration options
 2024-12-05 12:48:41 -05:00
Sefa Eyeoglu d2f5c28d0d
containerd: 1.7.23 -> 2.0.0 (#356618) 2024-12-02 17:19:46 +01:00
Adam C. Stephens 9ab59bb5fb
incus: format 2024-11-30 00:04:54 -05:00
phaer 91d74082c4 virtualisation/proxmox-lxc: use system.build.image 2024-11-29 17:13:54 +01:00
phaer 06ad3811a8 virtualisation/lxc-container: use system.build.image 2024-11-29 17:13:52 +01:00
phaer f3563c996e virtualisation/azure-image: use system.build.image 2024-11-29 17:12:27 +01:00
phaer 77fce1dc58 virtualisation/digital-ocean: use system.build.image 2024-11-29 17:12:26 +01:00
phaer 41db5209c7 virtualisation/google-compute: use system.build.image 2024-11-29 17:12:26 +01:00
phaer a230d5228d virtualisation/hyperv-image: hyperv.vmFileName -> image.fileName 2024-11-29 17:12:26 +01:00
phaer 6d50a8c57f virtualisation/kubevirt: use system.build.image 2024-11-29 17:12:26 +01:00
phaer d8410d8366 virtualisation/oci-image: use system.build.image 2024-11-29 17:12:26 +01:00
phaer a0ce661c99 virtualisation/proxmox-image: use system.build.image 2024-11-29 17:12:26 +01:00
phaer 342a5021df virtualisation/vagrant-virtualbox: use system.build.image 2024-11-29 17:12:26 +01:00
phaer 6cc7449e30 virtualisation/virtualbox: virtualbox.vmFileName -> image.fileName 2024-11-29 17:12:26 +01:00
phaer b0b3a75676 virtualisation/vmware-image: vmware.vmFileName -> image.fileName 2024-11-29 17:12:26 +01:00
phaer 47c83cb438 virtualisation/linode-image: Use system.build.image 2024-11-29 17:12:26 +01:00
phaer 40142caad0 format files with nixfmt 2024-11-29 17:12:26 +01:00
Adam C. Stephens 6de1312a38
nixos/lxc/container: fix useDhcp with veth (#358806) 2024-11-29 10:45:09 -05:00
Adam C. Stephens f50a1bd99d
nixos/lxc/container: fix useDhcp with veth 
https://github.com/NixOS/nixpkgs/pull/347283 changed the default to
exclude non-physical network Kind, but that unfortunately also includes
`veth` which LXC uses for its network interfaces. Re-enable that
functionality so users can use networkd with useDHCP.
 2024-11-29 10:37:14 -05:00
Franz Pletz c6369bb94a
nixos-containers: fix enableTun option (#357276) 2024-11-23 17:18:57 +01:00
Franz Pletz c1fb3d817b
nixos/virtualisation: fix rendering of example in diskSize (#355944) 2024-11-23 17:06:13 +01:00
seth 328ebf2094
nixos/containerd: load after local-fs.target & dbus.service 
18e4ea9a6c
 2024-11-22 14:11:36 -05:00
Paul Grandperrin 853d34898d
nixos-containers: fix enableTun option 
When using private users, `mknod /dev/net/tun` is run from the guest and therefor needs the `m` modifier.
 2024-11-19 14:43:02 +01:00
Sandro 12afb73784
nixos/virtualisation: fix rendering of example in diskSize 2024-11-14 18:12:16 +01:00
Dawid Dziurla ea9923c62f
nixos/incus: add incus-user service and socket 2024-11-13 12:25:40 +01:00
Sandro 681bc920f8
nixos/libvirt: fix shellcheck findings with enableStrictShellChecks enabled (#349620) 2024-11-12 19:18:26 +01:00
Sandro cd67342284
nixos/docker: keep live-restore disabled by default (#348983) 2024-11-05 16:44:19 +01:00