From 62928668a8562dfc910ce5d5b21cdaff8366ad06 Mon Sep 17 00:00:00 2001 From: Stefan Frijters Date: Thu, 29 Dec 2022 20:17:54 +0100 Subject: nixos/no-x-libs: add vim-full --- nixos/modules/config/no-x-libs.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 1d0bc73cac2a..e506a500a712 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -65,6 +65,7 @@ with lib; stoken = super.stoken.override { withGTK3 = false; }; # translateManpages -> perlPackages.po4a -> texlive-combined-basic -> texlive-core-big -> libX11 util-linux = super.util-linux.override { translateManpages = false; }; + vim-full = super.vim-full.override { guiSupport = false; }; zbar = super.zbar.override { enableVideo = false; withXorg = false; }; })); }; -- cgit 1.4.1 From b1ff1e165821a6842f05cd358a8379ea60bd867b Mon Sep 17 00:00:00 2001 From: nikstur Date: Tue, 14 Feb 2023 19:39:08 +0100 Subject: nixos/systemd-repart: enable running after initrd --- nixos/modules/system/boot/systemd/repart.nix | 80 ++++++++++++++++++---------- nixos/tests/systemd-repart.nix | 34 ++++++++++-- 2 files changed, 81 insertions(+), 33 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd/repart.nix b/nixos/modules/system/boot/systemd/repart.nix index 33f1b247c5ed..8f3a70023770 100644 --- a/nixos/modules/system/boot/systemd/repart.nix +++ b/nixos/modules/system/boot/systemd/repart.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: let - cfg = config.boot.initrd.systemd.repart; + cfg = config.systemd.repart; + initrdCfg = config.boot.initrd.systemd.repart; writeDefinition = name: partitionConfig: pkgs.writeText "${name}.conf" @@ -24,45 +25,59 @@ let ''; in { - options.boot.initrd.systemd.repart = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { + options = { + boot.initrd.systemd.repart.enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { description = lib.mdDoc '' - Grow and add partitions to a partition table a boot time in the initrd. + Grow and add partitions to a partition table at boot time in the initrd. systemd-repart only works with GPT partition tables. + + To run systemd-repart after the initrd, see + `options.systemd.repart.enable`. ''; }; - partitions = lib.mkOption { - type = with lib.types; attrsOf (attrsOf (oneOf [ str int bool ])); - default = { }; - example = { - "10-root" = { - Type = "root"; - }; - "20-home" = { - Type = "home"; - SizeMinBytes = "512M"; - SizeMaxBytes = "2G"; + systemd.repart = { + enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { + description = lib.mdDoc '' + Grow and add partitions to a partition table. + systemd-repart only works with GPT partition tables. + + To run systemd-repart while in the initrd, see + `options.boot.initrd.systemd.repart.enable`. + ''; + }; + + partitions = lib.mkOption { + type = with lib.types; attrsOf (attrsOf (oneOf [ str int bool ])); + default = { }; + example = { + "10-root" = { + Type = "root"; + }; + "20-home" = { + Type = "home"; + SizeMinBytes = "512M"; + SizeMaxBytes = "2G"; + }; }; + description = lib.mdDoc '' + Specify partitions as a set of the names of the definition files as the + key and the partition configuration as its value. The partition + configuration can use all upstream options. See + for all available options. + ''; }; - description = lib.mdDoc '' - Specify partitions as a set of the names of the definition files as the - key and the partition configuration as its value. The partition - configuration can use all upstream options. See - for all available options. - ''; }; }; - config = lib.mkIf cfg.enable { - # Link the definitions into /etc so that they are included in the - # /nix/store of the sysroot. This also allows the user to run the - # systemd-repart binary after activation manually while automatically - # picking up the definition files. + config = lib.mkIf (cfg.enable || initrdCfg.enable) { + # Always link the definitions into /etc so that they are also included in + # the /nix/store of the sysroot during early userspace (i.e. while in the + # initrd). environment.etc."repart.d".source = definitionsDirectory; - boot.initrd.systemd = { + boot.initrd.systemd = lib.mkIf initrdCfg.enable { additionalUpstreamUnits = [ "systemd-repart.service" ]; @@ -73,7 +88,7 @@ in # Override defaults in upstream unit. services.systemd-repart = { - # Unset the coniditions as they cannot be met before activation because + # Unset the conditions as they cannot be met before activation because # the definition files are not stored in the expected locations. unitConfig.ConditionDirectoryNotEmpty = [ " " # required to unset the previous value. @@ -97,5 +112,12 @@ in after = [ "sysroot.mount" ]; }; }; + + systemd = lib.mkIf cfg.enable { + additionalUpstreamSystemUnits = [ + "systemd-repart.service" + ]; + }; }; + } diff --git a/nixos/tests/systemd-repart.nix b/nixos/tests/systemd-repart.nix index 92cc1fb04edc..36de5d988fdb 100644 --- a/nixos/tests/systemd-repart.nix +++ b/nixos/tests/systemd-repart.nix @@ -52,9 +52,6 @@ let }; }; - boot.initrd.systemd.enable = true; - boot.initrd.systemd.repart.enable = true; - # systemd-repart operates on disks with a partition table. The qemu module, # however, creates separate filesystem images without a partition table, so # we have to create a disk image manually. @@ -88,7 +85,10 @@ in nodes.machine = { config, pkgs, ... }: { imports = [ common ]; - boot.initrd.systemd.repart.partitions = { + boot.initrd.systemd.enable = true; + + boot.initrd.systemd.repart.enable = true; + systemd.repart.partitions = { "10-root" = { Type = "linux-generic"; }; @@ -105,4 +105,30 @@ in assert "Growing existing partition 1." in systemd_repart_logs ''; }; + + after-initrd = makeTest { + name = "systemd-repart-after-initrd"; + meta.maintainers = with maintainers; [ nikstur ]; + + nodes.machine = { config, pkgs, ... }: { + imports = [ common ]; + + systemd.repart.enable = true; + systemd.repart.partitions = { + "10-root" = { + Type = "linux-generic"; + }; + }; + }; + + testScript = { nodes, ... }: '' + ${useDiskImage nodes.machine} + + machine.start() + machine.wait_for_unit("multi-user.target") + + systemd_repart_logs = machine.succeed("journalctl --unit systemd-repart.service") + assert "Growing existing partition 1." in systemd_repart_logs + ''; + }; } -- cgit 1.4.1 From 3e081095a4471f126dfb1346cb51ddec36784c23 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 17 Feb 2023 19:43:08 +1000 Subject: Revert "podman: remove wrapper" This reverts commit 02f92550441de39d0e42b39b538ac5529714ed41. broke rootlessport port forwarding --- nixos/modules/virtualisation/podman/default.nix | 11 ++- .../applications/virtualization/podman/default.nix | 71 +++++--------------- .../applications/virtualization/podman/wrapper.nix | 78 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 3 +- 4 files changed, 105 insertions(+), 58 deletions(-) create mode 100644 pkgs/applications/virtualization/podman/wrapper.nix (limited to 'nixos') diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix index 2e2190e4188c..baca48305188 100644 --- a/nixos/modules/virtualisation/podman/default.nix +++ b/nixos/modules/virtualisation/podman/default.nix @@ -9,8 +9,7 @@ let extraPackages = cfg.extraPackages # setuid shadow ++ [ "/run/wrappers" ] - # include pkgs.zfs by default in the wrapped podman used by the module so it is cached - ++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]); + ++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package; }); # Provides a fake "docker" binary mapping to podman @@ -184,6 +183,10 @@ in systemd.packages = [ cfg.package ]; + systemd.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.services.podman-prune = { description = "Prune podman resources"; @@ -204,6 +207,10 @@ in systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + systemd.user.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.tmpfiles.packages = [ diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index 766a9fd1de50..d8bfa140fa87 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -14,52 +14,10 @@ , go-md2man , nixosTests , python3 -, makeWrapper -, symlinkJoin -, extraPackages ? [ ] -, runc -, crun -, conmon -, slirp4netns -, fuse-overlayfs -, util-linux -, iptables -, iproute2 -, catatonit -, gvproxy -, aardvark-dns -, netavark , testers , podman }: -let - # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed - binPath = lib.makeBinPath ([ - ] ++ lib.optionals stdenv.isLinux [ - runc - crun - conmon - slirp4netns - fuse-overlayfs - util-linux - iptables - iproute2 - ] ++ extraPackages); - - helpersBin = symlinkJoin { - name = "podman-helper-binary-wrapper"; - - # this only works for some binaries, others may need to be be added to `binPath` or in the modules - paths = [ - gvproxy - ] ++ lib.optionals stdenv.isLinux [ - aardvark-dns - catatonit # added here for the pause image and also set in `containersConf` for `init_path` - netavark - ]; - }; -in buildGoModule rec { pname = "podman"; version = "4.4.1"; @@ -80,9 +38,9 @@ buildGoModule rec { doCheck = false; - outputs = [ "out" "man" ]; + outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ]; - nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ]; + nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ]; buildInputs = lib.optionals stdenv.isLinux [ btrfs-progs @@ -94,16 +52,13 @@ buildGoModule rec { systemd ]; - HELPER_BINARIES_DIR = "${helpersBin}/bin"; - PREFIX = "${placeholder "out"}"; - buildPhase = '' runHook preBuild patchShebangs . ${if stdenv.isDarwin then '' make podman-remote # podman-mac-helper uses FHS paths '' else '' - make bin/podman bin/rootlessport bin/quadlet + make bin/podman bin/rootlessport ''} make docs runHook postBuild @@ -111,20 +66,26 @@ buildGoModule rec { installPhase = '' runHook preInstall + mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper ${if stdenv.isDarwin then '' - install bin/darwin/podman -Dt $out/bin + mv bin/{darwin/podman,podman} '' else '' - make install.bin install.systemd + install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d + for s in contrib/systemd/**/*.in; do + substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary + done + PREFIX=$out make install.systemd + install -Dm555 bin/rootlessport -t $rootlessport/bin ''} - make install.completions install.man - wrapProgram $out/bin/podman \ - --prefix PATH : ${lib.escapeShellArg binPath} + install -Dm555 bin/podman -t $out/bin + PREFIX=$out make install.completions + MANDIR=$man/share/man make install.man runHook postInstall ''; postFixup = lib.optionalString stdenv.isLinux '' - RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped) - patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped + RPATH=$(patchelf --print-rpath $out/bin/podman) + patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman ''; passthru.tests = { diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix new file mode 100644 index 000000000000..7fe483a7079e --- /dev/null +++ b/pkgs/applications/virtualization/podman/wrapper.nix @@ -0,0 +1,78 @@ +{ podman-unwrapped +, runCommand +, makeWrapper +, symlinkJoin +, lib +, stdenv +, extraPackages ? [] +, runc # Default container runtime +, crun # Container runtime (default with cgroups v2 for podman/buildah) +, conmon # Container runtime monitor +, slirp4netns # User-mode networking for unprivileged namespaces +, fuse-overlayfs # CoW for images, much faster than default vfs +, util-linux # nsenter +, iptables +, iproute2 +, catatonit +, gvproxy +, aardvark-dns +, netavark +}: + +# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed + +let + binPath = lib.makeBinPath ([ + ] ++ lib.optionals stdenv.isLinux [ + runc + crun + conmon + slirp4netns + fuse-overlayfs + util-linux + iptables + iproute2 + ] ++ extraPackages); + + helpersBin = symlinkJoin { + name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}"; + + # this only works for some binaries, others may need to be be added to `binPath` or in the modules + paths = [ + gvproxy + ] ++ lib.optionals stdenv.isLinux [ + aardvark-dns + catatonit # added here for the pause image and also set in `containersConf` for `init_path` + netavark + podman-unwrapped.rootlessport + ]; + }; + +in runCommand podman-unwrapped.name { + name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}"; + inherit (podman-unwrapped) pname version passthru; + + preferLocalBuild = true; + + meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ]; + + outputs = [ + "out" + "man" + ]; + + nativeBuildInputs = [ + makeWrapper + ]; + +} '' + ln -s ${podman-unwrapped.man} $man + + mkdir -p $out/bin + ln -s ${podman-unwrapped}/etc $out/etc + ln -s ${podman-unwrapped}/lib $out/lib + ln -s ${podman-unwrapped}/share $out/share + makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \ + --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \ + --prefix PATH : ${lib.escapeShellArg binPath} +'' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3965e4224ed9..9379a920d59e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11010,7 +11010,8 @@ with pkgs; pocketbase = callPackage ../servers/pocketbase { }; - podman = callPackage ../applications/virtualization/podman { }; + podman = callPackage ../applications/virtualization/podman/wrapper.nix { }; + podman-unwrapped = callPackage ../applications/virtualization/podman { }; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; -- cgit 1.4.1