From 9f7e40205ee83731c450c034953a067ee724e487 Mon Sep 17 00:00:00 2001 From: David Knaack Date: Sun, 12 Jun 2022 15:17:53 +0200 Subject: [PATCH] nixos/virtualisation.oci-containers: follow podman-generated systemd units more closely --- .../modules/virtualisation/oci-containers.nix | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index fa5fe9973044..30722e8d2fc3 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -250,6 +250,7 @@ let mkService = name: container: let dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; + escapedName = escapeShellArg name; in { wantedBy = [] ++ optional (container.autoStart) "multi-user.target"; after = lib.optionals (cfg.backend == "docker") [ "docker.service" "docker.socket" ] ++ dependsOn; @@ -273,16 +274,25 @@ let ${optionalString (container.imageFile != null) '' ${cfg.backend} load -i ${container.imageFile} ''} + ${optionalString (cfg.backend == "podman") '' + rm -f /run/podman-${escapedName}.ctr-id + ''} ''; script = concatStringsSep " \\\n " ([ "exec ${cfg.backend} run" "--rm" - "--name=${escapeShellArg name}" + "--name=${escapedName}" "--log-driver=${container.log-driver}" ] ++ optional (container.entrypoint != null) "--entrypoint=${escapeShellArg container.entrypoint}" - ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) + ++ lib.optionals (cfg.backend == "podman") [ + "--cidfile=/run/podman-${escapedName}.ctr-id" + "--cgroups=no-conmon" + "--sdnotify=conmon" + "-d" + "--replace" + ] ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) ++ map (f: "--env-file ${escapeShellArg f}") container.environmentFiles ++ map (p: "-p ${escapeShellArg p}") container.ports ++ optional (container.user != null) "-u ${escapeShellArg container.user}" @@ -293,8 +303,12 @@ let ++ map escapeShellArg container.cmd ); - preStop = "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; - postStop = "${cfg.backend} rm -f ${name} || true"; + preStop = if cfg.backend == "podman" + then "[ $SERVICE_RESULT = success ] || podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" + else "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; + postStop = if cfg.backend == "podman" + then "podman rm -f --ignore --cidfile=/run/podman-${escapedName}.ctr-id" + else "${cfg.backend} rm -f ${name} || true"; serviceConfig = { ### There is no generalized way of supporting `reload` for docker @@ -313,6 +327,9 @@ let # ExecReload = ...; ### + Environment=if cfg.backend == "podman" then "PODMAN_SYSTEMD_UNIT=podman-${name}.service" else {}; + Type=if cfg.backend == "podman" then "notify" else {}; + NotifyAccess=if cfg.backend == "podman" then "all" else {}; TimeoutStartSec = 0; TimeoutStopSec = 120; Restart = "always";