This service exists to avoid extra instance restarts. While its dependencies
are slim, there are still some, so disable restartIfChanged to avoid any
switches from affecting instances.
SSH key generation was split out into its own systemd service in
https://github.com/NixOS/nixpkgs/pull/372979, but dependent service
definitions weren't updated.
The `apply-ec2-data` service needs to run before SSH key generation,
as it fetches host keys defined in ec2 user data and these keys should
take priority over generating new ones. Currently, the ordering
doesn't specify which should run first of `apply-ec2-data` and
`sshd-keygen`; in practice it seems that `sshd-keygen` often wins the
race, though.
Update the dependencies so that `apply-ec2-data` always runs first.
This disables the hard, not overridable, dependency on `runc`.
It also sharpens the description of `extraPackages` to highlight the
difference between those options.
Fixes#443274.
Eventually we'd like to change our posture on this, and somehow ensure
that 'init' is always our systemd binary, but for now containers
require us to do it this way.
If user already has qemu installed in their system, there might be a collision between normal qemu-system-i386, and qemu-system-i386 with Xen support enabled
In this case, we want Xen supported qemu to win, as otherwise systems won't start with the configuration we provide in NixOS wiki
This will ensure reproducibility between different nixos systems, where
one system has store optimization enabled (which will hardling similar
files in the nix store) and the other doesn't. Without the flag, the
same image, built on the two different systems, will have a different
number of inodes. The flag will dereference hardlinks and copy them
into the image as different inodes.
Signed-off-by: Paul Meyer <katexochen0@gmail.com>
This allows users to keep using `docker run --gpus`. Despite CDI is
the recommended way to expose GPU's to containers nowadays, allow
users to keep using the old `--gpus` method.
Integrated the flake container setup into the spawn script for systemd-nspawn.
The trickiest part of this was ensuring the underlying per-container is built.
With the .conf file created, running `nixos-container update` creates all the necessary per-container structure.
We call this command at start to ensure the structure is created only if the per-container system isnt there.
Note: This also means the flake gets updated to branch HEAD when the container is started for the first time.
While the nixos-container command allows for the creation of containers pointing to a flake, the declarative module doesn't have this option.
Adds the flake option for nixos-container declarative approach. Creates the /etc/nixos-container .conf file similar to how the command preforms it.
