diff options
| author | Adam Stephens <adam@valkor.net> | 2023-10-27 12:57:37 -0400 |
|---|---|---|
| committer | Adam Stephens <adam@valkor.net> | 2023-11-28 15:14:29 -0500 |
| commit | e14da5c1b828e370eed56c3169bc01bbab7ff712 (patch) | |
| tree | 62d134cfd8775e8053ca1215ad308f638e12e153 /pkgs/tools/virtualization | |
| parent | 92ee9598125f78f4c625f7bb49746a9830d2c85c (diff) | |
| download | nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar.gz nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar.bz2 nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar.lz nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar.xz nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.tar.zst nixlib-e14da5c1b828e370eed56c3169bc01bbab7ff712.zip | |
distrobuilder: expose lxc systemd generator, patched for nixos
Diffstat (limited to 'pkgs/tools/virtualization')
3 files changed, 135 insertions, 0 deletions
diff --git a/pkgs/tools/virtualization/distrobuilder/default.nix b/pkgs/tools/virtualization/distrobuilder/default.nix index 71fbb1722ee4..f87d685979de 100644 --- a/pkgs/tools/virtualization/distrobuilder/default.nix +++ b/pkgs/tools/virtualization/distrobuilder/default.nix @@ -8,6 +8,7 @@ , gnutar , squashfsTools , debootstrap +, callPackage }: let @@ -35,6 +36,8 @@ buildGoModule rec { buildInputs = bins; + passthru.generator = callPackage ./generator.nix { inherit src version; }; + # tests require a local keyserver (mkg20001/nixpkgs branch distrobuilder-with-tests) but gpg is currently broken in tests doCheck = false; diff --git a/pkgs/tools/virtualization/distrobuilder/generator.nix b/pkgs/tools/virtualization/distrobuilder/generator.nix new file mode 100644 index 000000000000..e514a7df2e08 --- /dev/null +++ b/pkgs/tools/virtualization/distrobuilder/generator.nix @@ -0,0 +1,19 @@ +{ stdenvNoCC, lib, src, version, makeWrapper, coreutils, findutils, gnugrep, systemd }: + +stdenvNoCC.mkDerivation { + name = "distrobuilder-nixos-generator"; + + inherit src version; + + patches = [ + ./nixos-generator.patch + ]; + + dontBuild = true; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -D -m 0555 distrobuilder/lxc.generator $out/lib/systemd/system-generators/lxc + wrapProgram $out/lib/systemd/system-generators/lxc --prefix PATH : ${lib.makeBinPath [coreutils findutils gnugrep systemd]}:${systemd}/lib/systemd + ''; +} diff --git a/pkgs/tools/virtualization/distrobuilder/nixos-generator.patch b/pkgs/tools/virtualization/distrobuilder/nixos-generator.patch new file mode 100644 index 000000000000..6194f33e1918 --- /dev/null +++ b/pkgs/tools/virtualization/distrobuilder/nixos-generator.patch @@ -0,0 +1,113 @@ +diff --git a/distrobuilder/lxc.generator b/distrobuilder/lxc.generator +index 0ad81d1..69dbfe7 100644 +--- a/distrobuilder/lxc.generator ++++ b/distrobuilder/lxc.generator +@@ -25,16 +25,6 @@ is_incus_vm() { + [ -e /dev/virtio-ports/org.linuxcontainers.incus ] + } + +-# is_in_path succeeds if the given file exists in on of the paths +-is_in_path() { +- # Don't use $PATH as that may not include all relevant paths +- for path in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin; do +- [ -e "${path}/$1" ] && return 0 +- done +- +- return 1 +-} +- + ## Fix functions + # fix_ro_paths avoids udevd issues with /sys and /proc being writable + fix_ro_paths() { +@@ -45,35 +35,6 @@ BindReadOnlyPaths=/sys /proc + EOF + } + +-# fix_nm_link_state forces the network interface to a DOWN state ahead of NetworkManager starting up +-fix_nm_link_state() { +- [ -e "/sys/class/net/$1" ] || return 0 +- ip_path= +- if [ -f /sbin/ip ]; then +- ip_path=/sbin/ip +- elif [ -f /bin/ip ]; then +- ip_path=/bin/ip +- else +- return 0 +- fi +- cat <<-EOF > /run/systemd/system/network-device-down.service +-[Unit] +-Description=Turn off network device +-Before=NetworkManager.service +-Before=systemd-networkd.service +-[Service] +-# do not turn off if there is a default route to 169.254.0.1, i.e. the device is a routed nic +-ExecCondition=/bin/sh -c '! /usr/bin/grep -qs 00000000.0100FEA9 /proc/net/route' +-ExecStart=-${ip_path} link set $1 down +-Type=oneshot +-RemainAfterExit=true +-[Install] +-WantedBy=default.target +-EOF +- mkdir -p /run/systemd/system/default.target.wants +- ln -sf /run/systemd/system/network-device-down.service /run/systemd/system/default.target.wants/network-device-down.service +-} +- + # fix_systemd_override_unit generates a unit specific override + fix_systemd_override_unit() { + dropin_dir="/run/systemd/${1}.d" +@@ -112,16 +73,7 @@ fix_systemd_mask() { + # fix_systemd_udev_trigger overrides the systemd-udev-trigger.service to match the latest version + # of the file which uses "ExecStart=-" instead of "ExecStart=". + fix_systemd_udev_trigger() { +- cmd= +- if [ -f /usr/bin/udevadm ]; then +- cmd=/usr/bin/udevadm +- elif [ -f /sbin/udevadm ]; then +- cmd=/sbin/udevadm +- elif [ -f /bin/udevadm ]; then +- cmd=/bin/udevadm +- else +- return 0 +- fi ++ cmd=udevadm + + mkdir -p /run/systemd/system/systemd-udev-trigger.service.d + cat <<-EOF > /run/systemd/system/systemd-udev-trigger.service.d/zzz-lxc-override.conf +@@ -145,24 +97,12 @@ EOF + } + + ## Main logic +-# Nothing to do in Incus VM but deployed in case it is later converted to a container +-is_incus_vm || is_lxd_vm && exit 0 + + # Exit immediately if not an Incus/LXC container + is_lxc_container || exit 0 + +-# Check for NetworkManager +-nm_exists=0 +- +-is_in_path NetworkManager && nm_exists=1 +- + # Determine systemd version +-for path in /usr/lib/systemd/systemd /lib/systemd/systemd; do +- [ -x "${path}" ] || continue +- +- systemd_version="$("${path}" --version | head -n1 | cut -d' ' -f2)" +- break +-done ++systemd_version="$(systemd --version | head -n1 | cut -d' ' -f2)" + + # Determine distro name and release + ID="" +@@ -222,11 +162,6 @@ ACTION=="add|change|move", ENV{ID_NET_DRIVER}=="veth", ENV{INTERFACE}=="eth[0-9] + EOF + fi + +-# Workarounds for NetworkManager in containers +-if [ "${nm_exists}" -eq 1 ]; then +- fix_nm_link_state eth0 +-fi +- + # Allow masking units created by the lxc system-generator. + for d in /etc/systemd/system /usr/lib/systemd/system /lib/systemd/system; do + if ! [ -d "${d}" ]; then |