From 6010b0e8868b5a8058302a7b7839cddb21272043 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 20 Mar 2014 15:09:53 +0100
Subject: nixos-container: NixOps helper functions

---
 nixos/modules/virtualisation/nixos-container.sh | 46 ++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 4 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/virtualisation/nixos-container.sh b/nixos/modules/virtualisation/nixos-container.sh
index c72b6fb92814..a3fd9db56d82 100644
--- a/nixos/modules/virtualisation/nixos-container.sh
+++ b/nixos/modules/virtualisation/nixos-container.sh
@@ -1,21 +1,25 @@
 #! @bash@/bin/sh -e
 
 usage() {
-    echo "Usage: $0 create <container-name> [--config <filename>]" >&2
+    echo "Usage: $0 list" >&2
+    echo "       $0 create <container-name> [--config <filename>] [--ensure-unique-name]" >&2
     echo "       $0 update <container-name>" >&2
     echo "       $0 destroy <container-name>" >&2
     echo "       $0 login <container-name>" >&2
     echo "       $0 root-shell <container-name>" >&2
     echo "       $0 set-root-password <container-name> <password>" >&2
+    echo "       $0 show-ip <container-name>" >&2
 }
 
-args="`getopt --options '' -l help -l config: -- "$@"`"
+args="`getopt --options '' -l help -l config: -l ensure-unique-name -- "$@"`"
 eval "set -- $args"
 extraConfigFile=
+ensureUniqueName=
 while [ $# -gt 0 ]; do
     case "$1" in
         (--help) usage; exit 0;;
         (--config) shift; extraConfigFile=$1;;
+        (--ensure-unique-name) ensureUniqueName=1;;
         (--) shift; break;;
         (*) break;;
     esac
@@ -34,12 +38,28 @@ getContainerRoot() {
     fi
 }
 
+if [ $action = list ]; then
+    for i in $(cd /etc/containers && echo *.conf); do
+        echo "$(basename "$i" .conf)"
+    done
+    exit 0
+fi
+
 container="$1"
 if [ -z "$container" ]; then usage; exit 1; fi
 shift
 
 if [ $action = create ]; then
 
+    if [ -n "$ensureUniqueName" ]; then
+        # FIXME: race
+        nr=0
+        while [ -e "/etc/containers/$container-$nr.conf" -o -e "/var/lib/containers/$container-$nr" ]; do
+            : $((nr++))
+        done
+        container="$container-$nr"
+    fi
+
     confFile="/etc/containers/$container.conf"
     root="/var/lib/containers/$container"
 
@@ -61,13 +81,19 @@ with pkgs.lib;
   networking.hostName = mkDefault \"$container\";
   networking.useDHCP = false;
   imports = [ <nixpkgs/nixos/modules/virtualisation/container-login.nix> $extraConfigFile ];
+  services.openssh.enable = true;
+  services.openssh.extraConfig =
+    ''
+      UseDNS no
+    '';
+  users.extraUsers.root.openssh.authorizedKeys.keys = [ \"ssh-dss AAAAB3NzaC1kc3MAAACBAOo3foMFsYvc+LEVVTAeXpaxdOFG6O2NE9coxZYN6UtwE477GwkvZ4uKymAekq3TB8I6dDg4QFfE27fIip/rQHJ/Rus+KsxwnTbwPzE0WcZVpkKQsepsoqLkfwMpiPfn5/oxcnJsimwRY/E95aJmmOHdGaYWrc0t4ARa+6teUgdFAAAAFQCSQq2Wil0/X4hDypGGUKlKvYyaWQAAAIAy/0fSDnz1tZOQBGq7q78y406HfWghErrVlrW9g+foJQG5pgXXcdJs9JCIrlaKivUKITDsYnQaCjrZaK8eHnc4ksbkSLfDOxFnR5814ulCftrgEDOv9K1UU3pYketjFMvQCA2U48lR6jG/99CPNXPH55QEFs8H97cIsdLQw9wM4gAAAIEAmzWZlXLzIf3eiHQggXqvw3+C19QvxQITcYHYVTx/XYqZi1VZ/fkY8bNmdcJsWFyOHgEhpEca+xM/SNvH/14rXDmt0wtclLEx/4GVLi59hQCnnKqv7HzJg8RF4v6XTiROBAEEdb4TaFuFn+JCvqPzilTzXTexvZKJECOvfYcY+10= eelco.dolstra@logicblox.com\" ];
 }"
     configFile="$root/etc/nixos/configuration.nix"
     echo "$config" > "$configFile"
 
     nix-env -p "$profileDir/system" -I "nixos-config=$configFile" -f '<nixpkgs/nixos>' --set -A system
 
-    # Allocate a new /8 network in the 10.233.* range.
+    # Allocate a new /8 network in the 10.233.* range.  FIXME: race
     network="$(sed -e 's/.*_ADDRESS=10\.233\.\(.*\)\..*/\1/; t; d' /etc/containers/*.conf | sort -n | tail -n1)"
     if [ -z "$network" ]; then network=0; else : $((network++)); fi
 
@@ -84,6 +110,11 @@ EOF
     echo "starting container@$container.service..." >&2
     systemctl start "container@$container.service"
 
+    # Print generated container name on stdout.
+    if [ -n "$ensureUniqueName" ]; then
+        echo "$container"
+    fi
+
 elif [ $action = update ]; then
 
     getContainerRoot
@@ -101,7 +132,7 @@ elif [ $action = destroy ]; then
     getContainerRoot
 
     confFile="/etc/containers/$container.conf"
-    if [ ! -w "$confFile" ]; then
+    if [ -e "$confFile" -a ! -w "$confFile" ]; then
         echo "$0: cannot destroy declarative container (remove it from your configuration.nix instead)"
         exit 1
     fi
@@ -112,6 +143,7 @@ elif [ $action = destroy ]; then
     fi
 
     rm -f "$confFile"
+    rm -rf "$root"
 
 elif [ $action = login ]; then
 
@@ -132,6 +164,12 @@ elif [ $action = set-root-password ]; then
     getContainerRoot
     (echo "passwd"; echo "$password"; echo "$password") | @socat@/bin/socat "unix:$root/var/lib/root-shell.socket" -
 
+elif [ $action = show-ip ]; then
+
+    getContainerRoot
+    . "/etc/containers/$container.conf"
+    echo "$LOCAL_ADDRESS"
+
 else
     echo "$0: unknown action ‘$action’" >&2
     exit 1
-- 
cgit 1.4.1