Commit graph

986 commits

Author SHA1 Message Date
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
Michael Raskin
31a4e2e28b
Merge pull request #93457 from ju1m/apparmor
apparmor: fix and improve the service
2020-09-27 13:07:38 +00:00
zowoq
008de9ca3c nixos/{containers,cri-o,podman}: move copyFile to nixos/lib/utils 2020-09-24 10:01:47 +10:00
Sascha Grunert
eac4389021 nixos/cri-o: add networkDir option
The new option can be used to specify the network directory for CNI
plugin configurations.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-24 07:35:35 +10:00
Linus Heckemann
4c8dabed17
Merge pull request #97826 from lheckemann/spice-usb-redir
nixos/spice-usb-redirection: init
2020-09-19 07:52:23 +02:00
Sascha Grunert
e363aef498 nixos/cri-o: remove deprecated manage_ns_lifecycle option
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-17 17:50:57 +10:00
Linus Heckemann
ad7b27b4c8 fixup: address @jtojnar's review comments 2020-09-12 17:00:44 +02:00
Linus Heckemann
e2fd022d63 nixos/spice-usb-redirection: init
Fixes #39618
2020-09-12 09:16:31 +02:00
worldofpeace
dd2727773a Revert "nixos/qemu-vm: support nix run"
This reverts commit 02590c9620.

02590c9620 (commitcomment-42078853)
2020-09-06 19:45:10 -04:00
worldofpeace
02590c9620 nixos/qemu-vm: support nix run 2020-09-06 14:57:51 -04:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
Sascha Grunert
27b0c4b151 nixos/containers: add oci-seccomp-bpf-hook
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-02 21:53:37 +10:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
Sascha Grunert
46a0aa4176 nixos/cri-o: unset hooks dir to avoid dir creation on startup
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-01 18:04:54 +10:00
Lassulus
e453860b8f
Merge pull request #86236 from ThibautMarty/fix-nullOr-types
treewide: fix modules options types where the default is null
2020-08-26 18:21:29 +02:00
Antoine Eiche
8595a0d6b9 Remove docker-preloader module and test 2020-08-23 10:49:13 +02:00
Sascha Grunert
ddfa221670 cri-o: add loobpack CNI config to module
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-23 09:32:40 +10:00
Sascha Grunert
71dd85bffa cri-o: add pinns path and witch to crio.conf.d config style
This adds the pinns path to the configuration let CRI-O start properly.
We also change the configuration to the new drop-in syntax.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-21 12:09:20 +10:00
Florian Klink
da88c6eee5 nixos/railcar: fix typo 2020-08-07 18:00:28 +02:00
Jörg Thalheim
ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
John Ericson
3a512ab84e
Merge pull request #60246 from dfordivam/virtualbox-add-extra-disk
nixos/modules/virtualization: Options to add an extra disk in virtualbox VM
2020-08-02 13:13:52 -04:00
ajs124
c708c41c11 qemu-vm: fix master eval 2020-07-21 20:14:49 +02:00
Bas van Dijk
d06de760f8 nixos/modules/system/activation/top-level.nix: allow overriding system.name
The toplevel derivations of systems that have `networking.hostName`
set to `""` (because they want their hostname to be set by DHCP) used
to be all named
`nixos-system-unnamed-${config.system.nixos.label}`.
This makes them hard to distinguish.

A similar problem existed in NixOS tests where `vmName` is used in the
`testScript` to refer to the VM. It defaulted to the
`networking.hostName` which when set to `""` won't allow you to refer
to the machine from the `testScript`.

This commit makes the `system.name` configurable. It still defaults to:

```
if config.networking.hostName == ""
then "unnamed"
else config.networking.hostName;
```

but in case `networking.hostName` needs to be to `""` the
`system.name` can be set to a distinguishable name.
2020-07-20 13:44:18 +02:00
06kellyjac
9edb189fa1 nixos/containers: correct isNormaUser to isNormalUser
Correct a small spelling slip up
2020-07-19 16:26:14 +01:00
Jörg Thalheim
eb66a32a56
Merge pull request #76487 from ryneeverett/lockkernelmodules-docker 2020-07-18 10:35:34 +01:00
ryneeverett
f12581a7a3 nixos/docker: explicitly load kernel modules
This is analogous to #70447.

With security.lockKernelModules=true, docker commands result in the following
error without at least loading veth:

$ docker run hello-world
/nix/store/mr50kaan2vs4gc40ymwncb2vci25aq7z-docker-19.03.2/libexec/docker/docker: Error response from daemon: failed to create endpoint epic_kare on network bridge: failed to add the host (veth8b381f3) <=> sandbox (veth348e197) pair interfaces: operation not supported.
ERRO[0003] error waiting for container: context canceled
2020-07-18 02:31:25 +00:00
adisbladis
5733967290
nixos.users-groups: Set up subuid/subgid mappings for all normal users
This is required by (among others) Podman to run containers in rootless mode.

Other distributions such as Fedora and Ubuntu already set up these mappings.

The scheme with a start UID/GID offset starting at 100000 and increasing in 65536 increments is copied from Fedora.
2020-07-13 13:15:02 +02:00
Graham Christensen
84ecbc9a19
libvirtd: don't start libvirtd-tcp.socket by default
Per upstream:

> libvirtd-tcp.socket - the unit file corresponding to the TCP 16509
> port for non-TLS remote access. This socket should not be configured
> to start on boot until the administrator has configured a suitable
> authentication mechanism.
2020-07-08 19:50:23 -04:00
Niklas Hambüchen
d4d9d9c552
Merge pull request #92122 from nh2/qemu-vm-fix-useBootLoader
qemu-vm: Fix useBootLoader, remove `/boot` read-only restriction
2020-07-06 22:06:20 +02:00
Daniel Fullmer
0b4e216775 qemu-vm: treat EFI vars as state, similarly to diskImage 2020-07-06 12:09:37 -07:00
Daniel Fullmer
fec163d21c qemu-vm: add EFI support for aarch64 2020-07-06 12:09:36 -07:00
Daniel Fullmer
d7e3312ab1 qemu-vm: split EFI NVRAM into CODE and VARS 2020-07-06 12:08:41 -07:00
Daniel Fullmer
4d14826825 qemu-vm: allow bootloader to set EFI vars
Without this, systemd-boot does not add an EFI boot entry for itself.
The reason it worked before this fix is because it would fall back to
the default installed \EFI\BOOT\BOOTX64.EFI
2020-07-06 12:07:49 -07:00
Divam
d127d85173 Options to add an extra disk in virtual box VM. 2020-07-06 15:45:18 +09:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
Niklas Hambüchen
5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
Chuck
a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Chuck
800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
zowoq
e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
Pascal Bach
f29063ff0b nixos/virtualbox-image: change graphics adapter to vmswga 2020-06-17 18:43:28 +02:00
Pascal Bach
ec9792a3f5 nixos/virtualbox-guest: add vmware driver
VMSGVA is recommended by virtualbox for Linux clients.
Compared to VBoxVGA and VBoxSVGA it also supports 3D acceleration.

Adding the driver makes nixos work with all three supported graphics card
types.
2020-06-17 18:43:27 +02:00
Lassulus
98cac435f3
Merge pull request #89814 from alexfmpe/patch-3
Fix typo
2020-06-17 16:22:27 +02:00
Matthew Bauer
656783a3d1
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
2020-06-11 10:49:40 -05:00
Alexandre Esteves
063043fa63
Fix typo 2020-06-08 16:47:46 +01:00
Florian Klink
3590f02e7d
Merge pull request #88574 from JJJollyjim/qemu-vm-qboot-opt
nixos/qemu-vm: add option to use qboot
2020-06-08 10:46:11 +02:00
Jamie McClymont
55912f3535 nixos/qemu-vm: add option to use a non-standard BIOS
I'd like to change the default on x86 platforms to qboot at some point, since it
saves a fair bit of startup time.
2020-06-08 11:21:53 +12:00
Patryk Wychowaniec
6c6924b2eb
lxd: When lxcfs is enabled, start lxd with explicit LXD_LXC_TEMPLATE_CONFIG 2020-06-05 16:37:31 +02:00