From e6c00e60c3eb6ba390e2081818d7ac30c916d3e0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Aug 2014 03:35:55 +0200 Subject: nixos-container destroy: Make idempotent --- nixos/modules/virtualisation/nixos-container.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index c0d30346e568..c6a5ecde9e32 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -154,7 +154,10 @@ my $root = "/var/lib/containers/$containerName"; my $profileDir = "/nix/var/nix/profiles/per-container/$containerName"; my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName"; my $confFile = "/etc/containers/$containerName.conf"; -die "$0: container ‘$containerName’ does not exist\n" if !-e $confFile; +if (!-e $confFile) { + exit 0 if $action eq "destroy"; + die "$0: container ‘$containerName’ does not exist\n" ; +} sub isContainerRunning { my $status = `systemctl show 'container\@$containerName'`; -- cgit 1.4.1 From e620be97fe212b43ee42865dd4d3c8bba7f26fa9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Aug 2014 04:04:28 +0200 Subject: Containers: Set up /etc/resolv.conf Systemd-nspawn is supposed to do this, but doesn't if any of the --network-* flags are used. --- nixos/modules/virtualisation/containers.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index d0d04d9a1e5d..7f545a9d3031 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -187,6 +187,8 @@ in "/nix/var/nix/profiles/per-container/$INSTANCE" \ "/nix/var/nix/gcroots/per-container/$INSTANCE" + cp -f /etc/resolv.conf "$root/etc/resolv.conf" + if [ "$PRIVATE_NETWORK" = 1 ]; then extraFlags+=" --network-veth" fi -- cgit 1.4.1 From 6ebe4a6a523bbab3388453ac119ab08e295a7e06 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sun, 17 Aug 2014 06:46:41 +0200 Subject: nixos-install: Fix copying symlink resolv.conf. On some non-NixOS systems (for example those using "resolvconf"), /etc/resolv.conf is a symlink. So let's dereference when copying hasts and resolv.conf. Signed-off-by: aszlig --- nixos/modules/installer/tools/nixos-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 9d62ba131dc7..a55eda1cb8fd 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -81,7 +81,7 @@ mount -t tmpfs -o "mode=0755" none $mountPoint/var/setuid-wrappers rm -rf $mountPoint/var/run ln -s /run $mountPoint/var/run rm -f $mountPoint/etc/{resolv.conf,hosts} -cp -f /etc/resolv.conf /etc/hosts $mountPoint/etc/ +cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/ if [ -n "$runChroot" ]; then -- cgit 1.4.1 From 7c4591d010ad827f9927ce84b2e1bd2db8762f92 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 14:21:45 +0200 Subject: Don't barf if /var/log doesn't support ACLs http://hydra.nixos.org/build/13462892 --- nixos/modules/system/boot/systemd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 455c40693b00..e353e9246b0e 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -744,7 +744,7 @@ in # Make all journals readable to users in the wheel and adm # groups, in addition to those in the systemd-journal group. # Users can always read their own journals. - ${pkgs.acl}/bin/setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal + ${pkgs.acl}/bin/setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal || true ''; # Target for ‘charon send-keys’ to hook into. -- cgit 1.4.1 From e7860f04c2ab813d696d876bcdcfd9331cedfa2e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 13:46:54 +0200 Subject: nixos-container: Add status command --- nixos/modules/virtualisation/nixos-container.pl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index c6a5ecde9e32..90a6986be4f7 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -21,6 +21,7 @@ Usage: nixos-container list nixos-container destroy nixos-container start nixos-container stop + nixos-container status nixos-container login nixos-container root-login nixos-container run -- args... @@ -155,7 +156,11 @@ my $profileDir = "/nix/var/nix/profiles/per-container/$containerName"; my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName"; my $confFile = "/etc/containers/$containerName.conf"; if (!-e $confFile) { - exit 0 if $action eq "destroy"; + if ($action eq "destroy") { + exit 0; + } else { + print "gone\n"; + } die "$0: container ‘$containerName’ does not exist\n" ; } @@ -190,6 +195,10 @@ elsif ($action eq "stop") { stopContainer; } +elsif ($action eq "status") { + print isContainerRunning() ? "up" : "down", "\n"; +} + elsif ($action eq "update") { my $nixosConfigFile = "$root/etc/nixos/configuration.nix"; -- cgit 1.4.1 From 2337a85fc3a0228ede448d74ed8a29e2b1190f8f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 14:04:39 +0200 Subject: Autostart containers at boot time --- nixos/modules/virtualisation/containers.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 7f545a9d3031..01f63315b9cb 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -292,5 +292,27 @@ in environment.systemPackages = [ nixos-container ]; + # Start containers at boot time. + systemd.services.all-containers = + { description = "All Containers"; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig.Type = "oneshot"; + + script = + '' + res=0 + for i in /etc/containers/*.conf; do + AUTO_START= + source "$i" + if [ "$AUTO_START" = 1 ]; then + systemctl start "container@$(basename "$i" .conf).service" || res=1 + fi + done + exit $res + ''; # */ + }; + }; } -- cgit 1.4.1 From b10a3e91458817b5e12f1e81241ef6272cb1175f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 15:56:27 +0200 Subject: nixos-container: Allow auto-starting containers --- nixos/modules/virtualisation/nixos-container.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index 90a6986be4f7..3975e4b62f23 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -17,7 +17,7 @@ umask 0022; sub showHelp { print < [--config ] [--ensure-unique-name] + nixos-container create [--config ] [--ensure-unique-name] [--auto-start] nixos-container destroy nixos-container start nixos-container stop @@ -32,11 +32,13 @@ EOF } my $ensureUniqueName = 0; +my $autoStart = 0; my $extraConfig; GetOptions( "help" => sub { showHelp() }, "ensure-unique-name" => \$ensureUniqueName, + "auto-start" => \$autoStart, "config=s" => \$extraConfig ) or exit 1; @@ -123,6 +125,7 @@ if ($action eq "create") { push @conf, "PRIVATE_NETWORK=1\n"; push @conf, "HOST_ADDRESS=$hostAddress\n"; push @conf, "LOCAL_ADDRESS=$localAddress\n"; + push @conf, "AUTO_START=$autoStart\n"; write_file($confFile, \@conf); close($lock); -- cgit 1.4.1 From 32b977d4a7f4615859827780513fdcd7cb21ade7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 02:33:30 +0200 Subject: Containers: Fix reboot and poweroff Previously "machinectl reboot/poweroff" brutally killed the container, as did "systemctl stop/restart". And reboot didn't actually work. Now everything is fine. --- nixos/modules/virtualisation/containers.nix | 43 +++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 12 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 01f63315b9cb..6131d75e478f 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -168,6 +168,9 @@ in preStart = '' + # Clean up existing machined registration. + machinectl terminate "$INSTANCE" 2> /dev/null || true + mkdir -p -m 0755 $root/var/lib # Create a named pipe to get a signal when the container @@ -205,6 +208,7 @@ in fi ''} + EXIT_ON_REBOOT=1 \ exec ${config.systemd.package}/bin/systemd-nspawn \ --keep-unit \ -M "$INSTANCE" -D "$root" $extraFlags \ @@ -242,23 +246,38 @@ in preStop = '' - machinectl poweroff "$INSTANCE" + machinectl poweroff "$INSTANCE" || true ''; restartIfChanged = false; #reloadIfChanged = true; # FIXME - serviceConfig.ExecReload = pkgs.writeScript "reload-container" - '' - #! ${pkgs.stdenv.shell} -e - SYSTEM_PATH=/nix/var/nix/profiles/system - echo $SYSTEM_PATH/bin/switch-to-configuration test | \ - ${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket - - ''; - - serviceConfig.SyslogIdentifier = "container %i"; - - serviceConfig.EnvironmentFile = "-/etc/containers/%i.conf"; + serviceConfig = { + ExecReload = pkgs.writeScript "reload-container" + '' + #! ${pkgs.stdenv.shell} -e + SYSTEM_PATH=/nix/var/nix/profiles/system + echo $SYSTEM_PATH/bin/switch-to-configuration test | \ + ${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket - + ''; + + SyslogIdentifier = "container %i"; + + EnvironmentFile = "-/etc/containers/%i.conf"; + + # Note that on reboot, systemd-nspawn returns 10, so this + # unit will be restarted. On poweroff, it returns 0, so the + # unit won't be restarted. + Restart = "on-failure"; + + # Hack: we don't want to kill systemd-nspawn, since we call + # "machinectl poweroff" in preStop to shut down the + # container cleanly. But systemd requires sending a signal + # (at least if we want remaining processes to be killed + # after the timeout). So send an ignored signal. + KillMode = "mixed"; + KillSignal = "WINCH"; + }; }; # Generate a configuration file in /etc/containers for each -- cgit 1.4.1 From a7a08188bf650ababa36300a9a6f34169e2a73bf Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 02:51:20 +0200 Subject: Containers: Don't remount / --- nixos/modules/system/boot/stage-2-init.sh | 4 +++- nixos/modules/virtualisation/container-config.nix | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index fcefdfa88a36..6fff776f8581 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -29,7 +29,9 @@ setPath "@path@" # Normally, stage 1 mounts the root filesystem read/writable. # However, in some environments, stage 2 is executed directly, and the # root is read-only. So make it writable here. -mount -n -o remount,rw none / +if [ "$container" != systemd-nspawn ]; then + mount -n -o remount,rw none / +fi # Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index b81f97f2b4ec..84e3aa283520 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -89,6 +89,8 @@ with lib; restartIfChanged = false; }; + systemd.services.systemd-remount-fs.enable = false; + }; } -- cgit 1.4.1 From ceb67cc9ef9c4e2e825a2a192c564e8208e263eb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 03:05:27 +0200 Subject: Containers: Clean up veth interfaces --- nixos/modules/virtualisation/containers.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 6131d75e478f..21ef0d0ff966 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -168,9 +168,13 @@ in preStart = '' - # Clean up existing machined registration. + # Clean up existing machined registration and interfaces. machinectl terminate "$INSTANCE" 2> /dev/null || true + if [ "$PRIVATE_NETWORK" = 1 ]; then + ip link del dev "ve-$INSTANCE" 2> /dev/null || true + fi + mkdir -p -m 0755 $root/var/lib # Create a named pipe to get a signal when the container -- cgit 1.4.1 From 11d99048c1dc992a68579da7a2958ec57e718ac1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 13 Aug 2014 00:45:36 +0200 Subject: Containers: Use systemd-nspawn startup notification --- nixos/modules/virtualisation/containers.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 21ef0d0ff966..99329c1f1dda 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -230,12 +230,6 @@ in postStart = '' - # This blocks until the container-startup-done service - # writes something to this pipe. FIXME: it also hangs - # until the start timeout expires if systemd-nspawn exits. - read x < $root/var/lib/startup-done - rm -f $root/var/lib/startup-done - if [ "$PRIVATE_NETWORK" = 1 ]; then ifaceHost=ve-$INSTANCE ip link set dev $ifaceHost up @@ -246,6 +240,12 @@ in ip route add $LOCAL_ADDRESS dev $ifaceHost fi fi + + # This blocks until the container-startup-done service + # writes something to this pipe. FIXME: it also hangs + # until the start timeout expires if systemd-nspawn exits. + read x < $root/var/lib/startup-done + rm -f $root/var/lib/startup-done ''; preStop = @@ -269,6 +269,8 @@ in EnvironmentFile = "-/etc/containers/%i.conf"; + Type = "notify"; + # Note that on reboot, systemd-nspawn returns 10, so this # unit will be restarted. On poweroff, it returns 0, so the # unit won't be restarted. -- cgit 1.4.1 From 2c899859bffc3018d3e8fd625647edda01130913 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 16:57:05 +0200 Subject: Containers: Use systemd startup notification Systemd in a container will call sd_notify when it has finished booting, so we can use that to signal that the container is ready. This does require some fiddling with $NOTIFY_SOCKET. --- nixos/modules/virtualisation/containers.nix | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 99329c1f1dda..847c1eddab2a 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -32,7 +32,10 @@ let fi fi - exec "$1" + # Start the regular stage 1 script, passing the bind-mounted + # notification socket from the host to allow the container + # systemd to signal readiness to the host systemd. + NOTIFY_SOCKET=/var/lib/private/host-notify exec "$1" ''; system = config.nixpkgs.system; @@ -174,18 +177,12 @@ in if [ "$PRIVATE_NETWORK" = 1 ]; then ip link del dev "ve-$INSTANCE" 2> /dev/null || true fi - - mkdir -p -m 0755 $root/var/lib - - # Create a named pipe to get a signal when the container - # has finished booting. - rm -f $root/var/lib/startup-done - mkfifo -m 0600 $root/var/lib/startup-done ''; script = '' mkdir -p -m 0755 "$root/etc" "$root/var/lib" + mkdir -p -m 0700 "$root/var/lib/private" if ! [ -e "$root/etc/os-release" ]; then touch "$root/etc/os-release" fi @@ -212,13 +209,16 @@ in fi ''} - EXIT_ON_REBOOT=1 \ + # Run systemd-nspawn without startup notification (we'll + # wait for the container systemd to signal readiness). + EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \ exec ${config.systemd.package}/bin/systemd-nspawn \ --keep-unit \ -M "$INSTANCE" -D "$root" $extraFlags \ --bind-ro=/nix/store \ --bind-ro=/nix/var/nix/db \ --bind-ro=/nix/var/nix/daemon-socket \ + --bind=/run/systemd/notify:/var/lib/private/host-notify \ --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ @@ -240,12 +240,6 @@ in ip route add $LOCAL_ADDRESS dev $ifaceHost fi fi - - # This blocks until the container-startup-done service - # writes something to this pipe. FIXME: it also hangs - # until the start timeout expires if systemd-nspawn exits. - read x < $root/var/lib/startup-done - rm -f $root/var/lib/startup-done ''; preStop = @@ -271,6 +265,8 @@ in Type = "notify"; + NotifyAccess = "all"; + # Note that on reboot, systemd-nspawn returns 10, so this # unit will be restarted. On poweroff, it returns 0, so the # unit won't be restarted. -- cgit 1.4.1 From 23db49cf98d6553c56aca99c174c90d84249a2e5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 19 Aug 2014 10:06:16 +0200 Subject: Containers: Fix all-containers.service start Fixes #3662. --- nixos/modules/virtualisation/containers.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 847c1eddab2a..292b96e6eb24 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -319,11 +319,14 @@ in wantedBy = [ "multi-user.target" ]; + unitConfig.ConditionDirectoryNotEmpty = "/etc/containers"; + serviceConfig.Type = "oneshot"; script = '' res=0 + shopt -s nullglob for i in /etc/containers/*.conf; do AUTO_START= source "$i" -- cgit 1.4.1 From ddd8f0cf661e2c1818eb19476a2d62a417de4873 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 19 Aug 2014 15:47:51 +0200 Subject: nixos-container --create: Add option --system-path This allows creating a container from an existing system store path, which is especially nice for NixOps-deployed hosts because they don't need a Nixpkgs tree anymore. --- nixos/modules/virtualisation/nixos-container.pl | 28 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index 3975e4b62f23..06839874ef02 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -17,7 +17,7 @@ umask 0022; sub showHelp { print < [--config ] [--ensure-unique-name] [--auto-start] + nixos-container create [--system-path ] [--config ] [--ensure-unique-name] [--auto-start] nixos-container destroy nixos-container start nixos-container stop @@ -31,6 +31,7 @@ EOF exit 0; } +my $systemPath; my $ensureUniqueName = 0; my $autoStart = 0; my $extraConfig; @@ -39,6 +40,7 @@ GetOptions( "help" => sub { showHelp() }, "ensure-unique-name" => \$ensureUniqueName, "auto-start" => \$autoStart, + "system-path=s" => \$systemPath, "config=s" => \$extraConfig ) or exit 1; @@ -132,11 +134,6 @@ if ($action eq "create") { print STDERR "host IP is $hostAddress, container IP is $localAddress\n"; - mkpath("$root/etc/nixos", 0, 0755); - - my $nixosConfigFile = "$root/etc/nixos/configuration.nix"; - writeNixOSConfig $nixosConfigFile; - # The per-container directory is restricted to prevent users on # the host from messing with guest users who happen to have the # same uid. @@ -145,10 +142,21 @@ if ($action eq "create") { $profileDir = "$profileDir/$containerName"; mkpath($profileDir, 0, 0755); - system("nix-env", "-p", "$profileDir/system", - "-I", "nixos-config=$nixosConfigFile", "-f", "", - "--set", "-A", "system") == 0 - or die "$0: failed to build initial container configuration\n"; + # Build/set the initial configuration. + if (defined $systemPath) { + system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0 + or die "$0: failed to set initial container configuration\n"; + } else { + mkpath("$root/etc/nixos", 0, 0755); + + my $nixosConfigFile = "$root/etc/nixos/configuration.nix"; + writeNixOSConfig $nixosConfigFile; + + system("nix-env", "-p", "$profileDir/system", + "-I", "nixos-config=$nixosConfigFile", "-f", "", + "--set", "-A", "system") == 0 + or die "$0: failed to build initial container configuration\n"; + } print "$containerName\n" if $ensureUniqueName; exit 0; -- cgit 1.4.1 From b18f503f1a1323908d662f27411d2c0febe761bb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 19 Aug 2014 16:57:02 +0200 Subject: nixos-container: Add command show-host-key This is used by nixops. --- nixos/modules/virtualisation/nixos-container.pl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index 06839874ef02..bf6f16fc6c77 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -27,6 +27,7 @@ Usage: nixos-container list nixos-container run -- args... nixos-container set-root-password nixos-container show-ip + nixos-container show-host-key EOF exit 0; } @@ -169,7 +170,7 @@ my $confFile = "/etc/containers/$containerName.conf"; if (!-e $confFile) { if ($action eq "destroy") { exit 0; - } else { + } elsif ($action eq "status") { print "gone\n"; } die "$0: container ‘$containerName’ does not exist\n" ; @@ -264,6 +265,12 @@ elsif ($action eq "show-ip") { print "$1\n"; } +elsif ($action eq "show-host-key") { + my $fn = "$root/etc/ssh/ssh_host_ecdsa_key.pub"; + exit 1 if ! -f $fn; + print read_file($fn); +} + else { die "$0: unknown action ‘$action’\n"; } -- cgit 1.4.1 From f4b5cd9f3f7382769c9f2da90351d32573956d93 Mon Sep 17 00:00:00 2001 From: Matej Cotman Date: Wed, 20 Aug 2014 21:17:48 +0200 Subject: use mkDefault on root's shell --- nixos/modules/config/users-groups.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 5de81a773424..7783f13b14b1 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -404,7 +404,7 @@ in { uid = ids.uids.root; description = "System administrator"; home = "/root"; - shell = cfg.defaultUserShell; + shell = mkDefault cfg.defaultUserShell; group = "root"; extraGroups = [ "grsecurity" ]; hashedPassword = mkDefault config.security.initialRootPassword; -- cgit 1.4.1