Disable various services when running inside a container

2013-11-26 18:17:12 +01:00 · 2013-11-26 18:17:12 +01:00 · 2b1f212494
commit 2b1f212494
parent da093461a2
11 changed files with 35 additions and 14 deletions
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@ -46,7 +46,10 @@ in
        before = [ "sysinit.target" "shutdown.target" ];
        wantedBy = [ "sysinit.target" "multi-user.target" ];
        restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
-        unitConfig.DefaultDependencies = false; # needed to prevent a cycle
+        unitConfig = {
          DefaultDependencies = false; # needed to prevent a cycle
          ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
        };
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
--- a/nixos/modules/services/audio/alsa.nix
+++ b/nixos/modules/services/audio/alsa.nix
@ -55,6 +55,7 @@ in
      { description = "Store Sound Card State";
        wantedBy = [ "multi-user.target" ];
        unitConfig.RequiresMountsFor = "/var/lib/alsa";
        unitConfig.ConditionVirtualization = "!systemd-nspawn";
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
--- a/nixos/modules/services/hardware/acpid.nix
+++ b/nixos/modules/services/hardware/acpid.nix
@ -110,6 +110,7 @@ in
        exec = "acpid --confdir ${acpiConfDir}";
        unitConfig.ConditionVirtualization = "!systemd-nspawn";
        unitConfig.ConditionPathExists = [ "/proc/acpi" ];
      };
--- a/nixos/modules/services/logging/klogd.nix
+++ b/nixos/modules/services/logging/klogd.nix
@ -32,6 +32,8 @@ with pkgs.lib;
        path = [ pkgs.sysklogd ];
        unitConfig.ConditionVirtualization = "!systemd-nspawn";
        exec =
          "klogd -c 1 -2 -n " +
          "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@ -279,6 +279,7 @@ in
      { description = "Nix Daemon Socket";
        wantedBy = [ "sockets.target" ];
        before = [ "multi-user.target" ];
        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
        socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
      };
@ -290,6 +291,8 @@ in
        environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
        serviceConfig =
          { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
            KillMode = "process";
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@ -114,6 +114,8 @@ in
        path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
        unitConfig.ConditionCapability = "CAP_NET_ADMIN";
        serviceConfig =
          { Type = "forking";
            PIDFile = "/run/dhcpcd.pid";
--- a/nixos/modules/system/boot/kernel.nix
+++ b/nixos/modules/system/boot/kernel.nix
@ -231,7 +231,10 @@ in
        wantedBy = [ "sysinit.target" "multi-user.target" ];
        before = [ "sysinit.target" "shutdown.target" ];
        conflicts = [ "shutdown.target" ];
-        unitConfig.DefaultDependencies = "no";
+        unitConfig =
          { DefaultDependencies = false;
            ConditionCapability = "CAP_SYS_MODULE";
          };
        serviceConfig =
          { Type = "oneshot";
            RemainAfterExit = true;
--- a/nixos/modules/system/boot/shutdown.nix
+++ b/nixos/modules/system/boot/shutdown.nix
@ -6,20 +6,20 @@ with pkgs.lib;
  # This unit saves the value of the system clock to the hardware
  # clock on shutdown.
-  systemd.units."save-hwclock.service" =
+  systemd.services.save-hwclock =
-    { wantedBy = [ "shutdown.target" ];
+    { description = "Save Hardware Clock";
-      text =
+      wantedBy = [ "shutdown.target" ];
        ''
          [Unit]
          Description=Save Hardware Clock
          DefaultDependencies=no
          Before=shutdown.target
-          [Service]
+      unitConfig = {
-          Type=oneshot
+        DefaultDependencies = false;
-          ExecStart=${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}
+        ConditionVirtualization = "!systemd-nspawn";
-        '';
+      };
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
      };
    };
  boot.kernel.sysctl."kernel.poweroff_cmd" = "${config.systemd.package}/sbin/poweroff";
--- a/nixos/modules/tasks/cpu-freq.nix
+++ b/nixos/modules/tasks/cpu-freq.nix
@ -33,6 +33,8 @@ with pkgs.lib;
        after = [ "systemd-modules-load.service" ];
        wantedBy = [ "multi-user.target" ];
        unitConfig.ConditionPathIsReadWrite = "/sys/devices/";
        path = [ pkgs.cpufrequtils ];
        preStart = ''
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@ -270,6 +270,8 @@ in
            before = [ "network.target" ];
            wantedBy = [ "network.target" ];
            unitConfig.ConditionCapability = "CAP_NET_ADMIN";
            path = [ pkgs.iproute ];
            serviceConfig.Type = "oneshot";
--- a/nixos/modules/tasks/scsi-link-power-management.nix
+++ b/nixos/modules/tasks/scsi-link-power-management.nix
@ -31,6 +31,8 @@ with pkgs.lib;
        task = true;
        unitConfig.ConditionPathIsReadWrite = "/sys/class/scsi_host";
        script = ''
          shopt -s nullglob
          for x in /sys/class/scsi_host/host*/link_power_management_policy; do