public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #114240 from sorki/containers/nested

Browse Source 
nixos/nixos-containers: default boot.enableContainers to true
This commit is contained in:
Luke Granger-Brown 2021-04-25 11:37:01 +01:00 committed by GitHub
commit 0cc25061b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/modules/virtualisation/nixos-containers.nix
View File

@ -439,21 +439,16 @@ in
default = false; default = false;
description = '' description = ''
Whether this NixOS machine is a lightweight container running Whether this NixOS machine is a lightweight container running
in another NixOS system. If set to true, support for nested in another NixOS system.
containers is disabled by default, but can be reenabled by
setting <option>boot.enableContainers</option> to true.
''; '';
}; };
boot.enableContainers = mkOption { boot.enableContainers = mkOption {
type = types.bool; type = types.bool;
default = !config.boot.isContainer; default = true;
description = '' description = ''
Whether to enable support for NixOS containers. Defaults to true Whether to enable support for NixOS containers. Defaults to true
(at no cost if containers are not actually used), but only if the (at no cost if containers are not actually used).
system is not itself a lightweight container of a host.
To enable support for nested containers, this option has to be
explicitly set to true (in the outer container).
''; '';
}; };

1
nixos/tests/all-tests.nix
View File

@ -75,6 +75,7 @@ in
containers-ip = handleTest ./containers-ip.nix {}; containers-ip = handleTest ./containers-ip.nix {};
containers-macvlans = handleTest ./containers-macvlans.nix {}; containers-macvlans = handleTest ./containers-macvlans.nix {};
containers-names = handleTest ./containers-names.nix {}; containers-names = handleTest ./containers-names.nix {};
containers-nested = handleTest ./containers-nested.nix {};
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
containers-portforward = handleTest ./containers-portforward.nix {}; containers-portforward = handleTest ./containers-portforward.nix {};
containers-reloadable = handleTest ./containers-reloadable.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {};

30
nixos/tests/containers-nested.nix Normal file
View File

@ -0,0 +1,30 @@
# Test for NixOS' container nesting.
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nested";
meta = with pkgs.lib.maintainers; { maintainers = [ sorki ]; };
machine = { lib, ... }:
let
makeNested = subConf: {
containers.nested = {
autoStart = true;
privateNetwork = true;
config = subConf;
};
};
in makeNested (makeNested { });
testScript = ''
machine.start()
machine.wait_for_unit("container@nested.service")
machine.succeed("systemd-run --pty --machine=nested -- machinectl list | grep nested")
print(
machine.succeed(
"systemd-run --pty --machine=nested -- systemd-run --pty --machine=nested -- systemctl status"
)
)
'';
})