...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant openstack-zfs --flake .#my-host`
...for filesystem and bootloader options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant google-compute-config --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant digital-ocean --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant azure --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant hyperv --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant common --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant kubevirt --flake .#my-host`
...for filesystem and options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant virtualbox --flake .#my-host`
...for filesystem options. Before this change, users would typically encounter conflicting option definitions when trying to build an image for a generic nixos closure, i.e. `nixos-rebuild build-image --image-variant vmware --flake .#my-host`
...for filesystem options. Before this change, users would typically encounter conflicting option definitions when trying to build an image for a generic nixos closure, i.e. `nixos-rebuild build-image --image-variant qemu --flake .#my-host`
...for filesystem options. Before this change,
users would typically encounter conflicting option definitions
when trying to build an image for a generic nixos closure, i.e.
`nixos-rebuild build-image --image-variant proxmox --flake .#my-host`
This was an oversight in my commit
d37a3ea1ef, and results in the following
eval warning when proxmox images are used: `Obsolete option
`proxmox.qemuConf.diskSize' is used. It was renamed to
`virtualisation.diskSize'.`
...for filesystem options. Before this change, users would typically encounter conflicting option definitions when trying to build an image for a generic nixos closure, i.e. `nixos-rebuild build-image --image-variant linode --flake .#my-host`
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
This produced an unnecessarily infinitely deep config tree.
The "cut off" option can be written to, but not read from.
Being written to is important, because it allows users to
conveniently define vmVariant config without having to check
isVmVariant.
There's a small chance that someone *reads* from vmVariant config
in their normal config, and for them it will not be possible
to evaluate with `nixos-rebuild build-vm` anymore.
If this is a problem, we could perhaps make the vmVariant root
appear instead of the `throw` error.
This could also be done using mkOption apply.
PR #322282 introduced a regression that causes the previous display of
the ssh host key fingerprints to get directed to the journal rather than
the console (as intended). Thus, the console only logs an empty set of
fingerprints:
-----BEGIN SSH HOST KEY FINGERPRINTS-----
-----END SSH HOST KEY FINGERPRINTS-----
The fix is to reorder the bash statement that invokes ssh-keygen so
that the ssh-keygen output is directed to /dev/console.
I think this is the norm in NixOS modules. This allows to start a
container with '--volatile=overlay --link-journal=host' in order to
persist logs across runs of a container running with a temporary root.
While '--ephemeral' omits '--link-journal=try-guest', it's not possible
to run an ephemeral container when linking the journal:
https://github.com/systemd/systemd/issues/1666
Closes#259770Closes#207050
The motivation for the former is to not execute the container as root,
so you don't have to `sudo -i` to perform podman management tasks.
The idea behind healthchecks is to be able to keep the unit in the
activating state until the container is healthy, only then then unit is
marked as active.
The following changes were necessary:
* Move the ctr-id into `/run/${containerName}` to make podman can
actually write to it since it's now in its RuntimeDirectory.
* Make `sdnotify` option configurable (`healthy` for healthchecks that
must pass, default remains `conmon`).
* Set Delegate=yes for `sdnotify=healthy` to make sure a rootless
container can actually talk to sd_notify[1].
* Add a warning that lingering must be enabled to have a `systemd --user`
instance running which is required for the cgroup support to work
properly.
* Added a testcase for rootless containers with both conmon and
healthchecks.
[1] https://github.com/containers/podman/discussions/20573#discussioncomment-7612481
The description for options.nixpkgs.system already hints at this:
Neither ${opt.system} nor any other option in nixpkgs.* is meant
to be read by modules and configurations.
Use pkgs.stdenv.hostPlatform instead.
We can support this goal by not elaborating the systems anymore, forcing
users to go via pkgs.stdenv.
This will prevent problems when making the top-level package sets
composable in the next commit. For this to work, you should pass a fully
elaborated system to nixpkgs' localSystem or crossSystem options.
When using disko, the user can choose their own filesystem layout.
In that case we don't want to specify fileSystems with normal priority
as it would not allow disko to set its own values.
This option allows for TPM to provisionned before the control is handed
over to the qemu VM.
This is useful to add EK certificates.
The socket has been split in two, a server socket as well as the control
socket for compatibility with the tpm2-tss swtpm TCTI.
Because the control socket may now be used for provisioning, the swtpm
does not terminate when a client disconnects, and the stop of the swtpm
daemon is now controlled by a call to `swtpm_ioctl`.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
https://github.com/NixOS/nixpkgs/pull/347283 changed the default to
exclude non-physical network Kind, but that unfortunately also includes
`veth` which LXC uses for its network interfaces. Re-enable that
functionality so users can use networkd with useDHCP.
`/etc/os-release` of NixOS containers, which are
`/var/lib/nixos-containers/*/etc/os-release` on the host, are usually
symlinks to the absolute path `/etc/static/os-release` but it doesn't
exist in non-NixOS host. Since `startScript` is evaluated by the host
system, both `[ -e "$root/etc/os-release" ]` and
`touch "$root/etc/os-release"` fail, so that the container fails to
start on the second boot (on the first boot, the symlink doesn't exist,
so the command succeeds).
This commit avoids `touch "$root/etc/os-release"` if
`$root/etc/os-release` is a symlink, so imperative NixOS containers are
usable on non-NixOS host.
The script generation is using the *lib.imap* functions in several other places already so this spot using a shell script variable instead seems a bit off.
Moving the previous shell script code to Nix improves upon the Nix code by removing the additional *lib.optionalString* for the variable initialisation making the code more concise.
The shell code is reduced to a one-liner per disk image, making it much easier to determine that this is a templated loop.
Compare the previous:
```bash
idx=0
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
```
and the new:
```bash
test -e "empty0.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty0.qcow2" "20480M"
test -e "empty1.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty1.qcow2" "20480M"
test -e "empty2.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty2.qcow2" "20480M"
```
While the line becomes slightly longer it also becomes immediately obvious on a visual level which parts are changing for each invocation (i.e. different disk sizes as well as the incremented counter stick out).
Since the "idx" variable is now embedded, this also becomes copy&pastable, and also shows the maximum index readily in the last line, as opposed to having to count the number of if statements otherwise.
None of this is *needed* of course.
Signed-off-by: benaryorg <binary@benary.org>
