diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-03-20 15:09:53 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-03-24 12:19:28 +0100 |
| commit | 6010b0e8868b5a8058302a7b7839cddb21272043 (patch) | |
| tree | 84f6d9e89e562288f55875efa1285455e7357175 /nixos/modules | |
| parent | 29c469b88db31d56acf02478fffea14f15372b1f (diff) | |
| download | nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar.gz nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar.bz2 nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar.lz nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar.xz nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.tar.zst nixlib-6010b0e8868b5a8058302a7b7839cddb21272043.zip | |
nixos-container: NixOps helper functions
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/virtualisation/nixos-container.sh | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/nixos/modules/virtualisation/nixos-container.sh b/nixos/modules/virtualisation/nixos-container.sh index c72b6fb92814..a3fd9db56d82 100644 --- a/nixos/modules/virtualisation/nixos-container.sh +++ b/nixos/modules/virtualisation/nixos-container.sh @@ -1,21 +1,25 @@ #! @bash@/bin/sh -e usage() { - echo "Usage: $0 create <container-name> [--config <filename>]" >&2 + echo "Usage: $0 list" >&2 + echo " $0 create <container-name> [--config <filename>] [--ensure-unique-name]" >&2 echo " $0 update <container-name>" >&2 echo " $0 destroy <container-name>" >&2 echo " $0 login <container-name>" >&2 echo " $0 root-shell <container-name>" >&2 echo " $0 set-root-password <container-name> <password>" >&2 + echo " $0 show-ip <container-name>" >&2 } -args="`getopt --options '' -l help -l config: -- "$@"`" +args="`getopt --options '' -l help -l config: -l ensure-unique-name -- "$@"`" eval "set -- $args" extraConfigFile= +ensureUniqueName= while [ $# -gt 0 ]; do case "$1" in (--help) usage; exit 0;; (--config) shift; extraConfigFile=$1;; + (--ensure-unique-name) ensureUniqueName=1;; (--) shift; break;; (*) break;; esac @@ -34,12 +38,28 @@ getContainerRoot() { fi } +if [ $action = list ]; then + for i in $(cd /etc/containers && echo *.conf); do + echo "$(basename "$i" .conf)" + done + exit 0 +fi + container="$1" if [ -z "$container" ]; then usage; exit 1; fi shift if [ $action = create ]; then + if [ -n "$ensureUniqueName" ]; then + # FIXME: race + nr=0 + while [ -e "/etc/containers/$container-$nr.conf" -o -e "/var/lib/containers/$container-$nr" ]; do + : $((nr++)) + done + container="$container-$nr" + fi + confFile="/etc/containers/$container.conf" root="/var/lib/containers/$container" @@ -61,13 +81,19 @@ with pkgs.lib; networking.hostName = mkDefault \"$container\"; networking.useDHCP = false; imports = [ <nixpkgs/nixos/modules/virtualisation/container-login.nix> $extraConfigFile ]; + services.openssh.enable = true; + services.openssh.extraConfig = + '' + UseDNS no + ''; + users.extraUsers.root.openssh.authorizedKeys.keys = [ \"ssh-dss AAAAB3NzaC1kc3MAAACBAOo3foMFsYvc+LEVVTAeXpaxdOFG6O2NE9coxZYN6UtwE477GwkvZ4uKymAekq3TB8I6dDg4QFfE27fIip/rQHJ/Rus+KsxwnTbwPzE0WcZVpkKQsepsoqLkfwMpiPfn5/oxcnJsimwRY/E95aJmmOHdGaYWrc0t4ARa+6teUgdFAAAAFQCSQq2Wil0/X4hDypGGUKlKvYyaWQAAAIAy/0fSDnz1tZOQBGq7q78y406HfWghErrVlrW9g+foJQG5pgXXcdJs9JCIrlaKivUKITDsYnQaCjrZaK8eHnc4ksbkSLfDOxFnR5814ulCftrgEDOv9K1UU3pYketjFMvQCA2U48lR6jG/99CPNXPH55QEFs8H97cIsdLQw9wM4gAAAIEAmzWZlXLzIf3eiHQggXqvw3+C19QvxQITcYHYVTx/XYqZi1VZ/fkY8bNmdcJsWFyOHgEhpEca+xM/SNvH/14rXDmt0wtclLEx/4GVLi59hQCnnKqv7HzJg8RF4v6XTiROBAEEdb4TaFuFn+JCvqPzilTzXTexvZKJECOvfYcY+10= eelco.dolstra@logicblox.com\" ]; }" configFile="$root/etc/nixos/configuration.nix" echo "$config" > "$configFile" nix-env -p "$profileDir/system" -I "nixos-config=$configFile" -f '<nixpkgs/nixos>' --set -A system - # Allocate a new /8 network in the 10.233.* range. + # Allocate a new /8 network in the 10.233.* range. FIXME: race network="$(sed -e 's/.*_ADDRESS=10\.233\.\(.*\)\..*/\1/; t; d' /etc/containers/*.conf | sort -n | tail -n1)" if [ -z "$network" ]; then network=0; else : $((network++)); fi @@ -84,6 +110,11 @@ EOF echo "starting container@$container.service..." >&2 systemctl start "container@$container.service" + # Print generated container name on stdout. + if [ -n "$ensureUniqueName" ]; then + echo "$container" + fi + elif [ $action = update ]; then getContainerRoot @@ -101,7 +132,7 @@ elif [ $action = destroy ]; then getContainerRoot confFile="/etc/containers/$container.conf" - if [ ! -w "$confFile" ]; then + if [ -e "$confFile" -a ! -w "$confFile" ]; then echo "$0: cannot destroy declarative container (remove it from your configuration.nix instead)" exit 1 fi @@ -112,6 +143,7 @@ elif [ $action = destroy ]; then fi rm -f "$confFile" + rm -rf "$root" elif [ $action = login ]; then @@ -132,6 +164,12 @@ elif [ $action = set-root-password ]; then getContainerRoot (echo "passwd"; echo "$password"; echo "$password") | @socat@/bin/socat "unix:$root/var/lib/root-shell.socket" - +elif [ $action = show-ip ]; then + + getContainerRoot + . "/etc/containers/$container.conf" + echo "$LOCAL_ADDRESS" + else echo "$0: unknown action ‘$action’" >&2 exit 1 |