nixos: container tarball release

- Create container nixos profile - Create lxc-container nixos config using container nixos profile - Docker nixos image, use nixos profile for its base config
2014-12-11 22:58:17 +01:00 · 2014-12-11 22:58:17 +01:00 · deb28cf0b1
parent a782b890d5
commit deb28cf0b1
4 changed files with 95 additions and 54 deletions
--- a/nixos/modules/profiles/container.nix
+++ b/nixos/modules/profiles/container.nix
@ -0,0 +1,57 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
 pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
 in {
  # Docker image config.
  imports = [
    ../installer/cd-dvd/channel.nix
    ./minimal.nix
    ./clone-config.nix
  ];
  # Create the tarball
  system.build.tarball = import ../../lib/make-system-tarball.nix {
    inherit (pkgs) stdenv perl xz pathsFromGraph;
    contents = [];
    extraArgs = "--owner=0";
    # Some container managers like lxc need these
    extraCommands = "mkdir -p proc sys dev";
    # Add init script to image
    storeContents = [
      { object = config.system.build.toplevel + "/init";
        symlink = "/init";
      }
    ] ++ (pkgs2storeContents [ pkgs.stdenv ]);
  };
  boot.postBootCommands =
    ''
      # After booting, register the contents of the Nix store in the Nix
      # database.
      if [ -f /nix-path-registration ]; then
        ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
        rm /nix-path-registration
      fi
      # nixos-rebuild also requires a "system" profile and an
      # /etc/NIXOS tag.
      touch /etc/NIXOS
      ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
    '';
  boot.isContainer = true;
  # Disable some features that are not useful in a container.
  sound.enable = mkDefault false;
  services.udisks2.enable = mkDefault false;
  # Shut up warnings about not having a boot loader.
  system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
 }
--- a/nixos/modules/virtualisation/docker-image.nix
+++ b/nixos/modules/virtualisation/docker-image.nix
@ -1,67 +1,19 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
-with lib;
+{
-
+  imports = [
-let
+    ../profiles/container.nix
- pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
+  ];
 in {
  # Create the tarball
  system.build.dockerImage = import ../../lib/make-system-tarball.nix {
    inherit (pkgs) stdenv perl xz pathsFromGraph;
    contents = [];
    extraArgs = "--owner=0";
    storeContents = [
      { object = config.system.build.toplevel + "/init";
        symlink = "/bin/init";
      }
    ] ++ (pkgs2storeContents [ pkgs.stdenv ]);
  };
  boot.postBootCommands =
    ''
      # After booting, register the contents of the Nix store in the Nix
      # database.
      if [ -f /nix-path-registration ]; then
        ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
        rm /nix-path-registration
      fi
      # nixos-rebuild also requires a "system" profile and an
      # /etc/NIXOS tag.
      touch /etc/NIXOS
      ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
      # Set virtualisation to docker
-      echo "docker" > /run/systemd/container 
+      echo "docker" > /run/systemd/container
    '';
  # Docker image config.
  imports = [
    ../installer/cd-dvd/channel.nix
    ../profiles/minimal.nix
    ../profiles/clone-config.nix
  ];
  boot.isContainer = true;
  # Iptables do not work in Docker.
  networking.firewall.enable = false;
  services.openssh.enable = true;
  # Socket activated ssh presents problem in Docker.
  services.openssh.startWhenNeeded = false;
  # Allow the user to login as root without password.
  users.extraUsers.root.initialHashedPassword = mkOverride 150 "";
  # Some more help text.
  services.mingetty.helpLine =
    ''
      Log in as "root" with an empty password.
    '';
 }
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@ -0,0 +1,26 @@
 { config, pkgs, lib, ... }:
 with lib;
 {
  imports = [
    ../profiles/container.nix
  ];
  # Allow the user to login as root without password.
  users.extraUsers.root.initialHashedPassword = mkOverride 150 "";
  # Some more help text.
  services.mingetty.helpLine =
    ''
      Log in as "root" with an empty password.
    '';
  # Containers should be light-weight, so start sshd on demand.
  services.openssh.enable = mkDefault true;
  services.openssh.startWhenNeeded = mkDefault true;
  # Allow ssh connections
  networking.firewall.allowedTCPPorts = [ 22 ];
 }
--- a/nixos/release.nix
+++ b/nixos/release.nix
@ -213,6 +213,12 @@ in rec {
    inherit system;
  });
  # Provide container tarball for lxc, libvirt-lxc, docker-lxc, ...
  container_tarball = forAllSystems (system: makeSystemTarball {
    module = ./modules/virtualisation/lxc-container.nix;
    inherit system;
  });
  /*
  system_tarball_fuloong2f =
    assert builtins.currentSystem == "mips64-linux";