Commit graph

1147 commits

Author SHA1 Message Date
jakobrs
475c007da0 nixos/libvirtd: add assertion requiring polkit to be enabled 2021-06-07 15:12:21 +02:00
AmineChikhaoui
7e89fb12e4 ec2-amis: add release 21.05 2021-06-06 17:09:14 -07:00
Sandro
6e2204ea32
Merge pull request #123364 from edude03/patch-7 2021-06-06 01:35:18 +02:00
Edward Tjörnhammar
afdb5675a1 nixos/containers: add storage.conf 2021-06-05 10:08:24 +10:00
Maciej Krüger
26b3751de7
Merge pull request #97692 from ryneeverett/lockkernelmodules-lxd 2021-06-05 01:27:27 +02:00
zowoq
3cf17240f0 Revert "nixos/containers: add storage.conf"
This file requires some defaults to be set otherwise podman, etc errors.
It also broke the podman nixos tests.

This reverts commit 7a4de9a983.
2021-06-03 13:56:17 +10:00
Edward Tjörnhammar
7a4de9a983 nixos/containers: add storage.conf 2021-06-02 19:03:53 +10:00
Robert Hensing
d9e4512443
Merge pull request #124589 from hercules-ci/containers-dnsname
nixos/podman-dnsname: init
2021-06-02 08:18:48 +02:00
Jörg Thalheim
f2e4cb7f20
nixos/containerd: improve zfs support 2021-06-01 20:41:42 +02:00
zowoq
72f54c32a6 nixos/podman-network-socket-ghostunnel: move condition to include socket 2021-05-31 23:38:31 +10:00
Robert Hensing
54f2f1e5f1 nixos/podman-dnsname: init 2021-05-31 14:31:09 +02:00
Robert Hensing
d81631fb98 nixos/podman: Add defaultNetwork.extraPlugins 2021-05-31 14:31:09 +02:00
Robert Hensing
efba949352 nixos/containers: Add virtualisation.containers.containersConf.cniPlugins 2021-05-31 14:29:57 +02:00
Robert Hensing
3600a82711
Merge pull request #124921 from zowoq/podman-cni-conf
podman: install cni config
2021-05-31 14:27:10 +02:00
Martin Weinelt
219d8381bd
Merge pull request #124947 from helsinki-systems/fix/libvirtd-ethertypes 2021-05-30 16:52:46 +02:00
Janne Heß
964fc7cfef
Update nixos/modules/virtualisation/libvirtd.nix
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
2021-05-30 16:00:50 +02:00
Janne Heß
2eeecef3fc
nixos/libvirtd: Take ethertypes from iptables-nftables-compat
iptables is currently defined in `all-packages.nix` to be
iptables-compat. That package does however not contain `ethertypes`.
Only `iptables-nftables-compat` contains this file so the symlink
dangles.
2021-05-30 11:55:19 +02:00
Robert Hensing
b6570e7238 nixos/podman-network-socket-ghostunnel: init 2021-05-30 11:23:24 +02:00
Robert Hensing
52844efcd6 nixos/podman: Add generic networkSocket interface 2021-05-30 11:21:05 +02:00
Robert Hensing
ff4d83a667 nixos/podman: Add dockerSocket.enable 2021-05-30 11:21:05 +02:00
Robert Hensing
fb8b0a3843 nixos/podman: Change podman socket to new podman group 2021-05-30 11:21:05 +02:00
zowoq
30ae7e4ba9 nixos/podman: install cni config from package 2021-05-30 11:40:36 +10:00
Anderson Torres
e445fc8661
Merge pull request #123583 from superherointj/module-libvirtd-ovmf-aarch64-fix
libvirtd: fix ovmf for aarch64
2021-05-23 19:56:27 -03:00
Maximilian Bosch
9cab80ce4d
Merge pull request #122203 from mohe2015/imperative-nixos-container-timeout
nixos-containers: Increase startup timeout for imperative containers
2021-05-22 23:04:12 +02:00
Jörg Thalheim
5b4915fb7a
Merge pull request #110927 from Izorkin/fix-qemu-ga
nixos/qemu-guest-agent: fix start service
2021-05-19 05:42:06 +01:00
superherointj
4e3060d488 libvirtd: fix ovmf for aarch64 2021-05-18 17:27:37 -03:00
Michael Francis
80830373f0
Update openvswitch.nix 2021-05-17 21:11:07 +08:00
Michael Francis
adc368d2fc
Only include ipsecTools if using ipsec 2021-05-17 21:00:57 +08:00
Sandro
700942d2a5
Merge pull request #121119 from SuperSandro2000/remove-gnidorah
treewide: remove gnidorah
2021-05-17 02:42:24 +02:00
Johan Thomsen
7e310dd8e8 nixos/containerd: StartLimit* options must be in the unit-section
also, raise limits to ensure reasonable startup time, now that StartLimits are actually enforced
2021-05-17 06:17:18 +10:00
Johan Thomsen
2142f88526 nixos/containerd: sanitize StateDirectory and RuntimeDirectory 2021-05-17 06:17:18 +10:00
github-actions[bot]
39e3f7c2cc
Merge master into staging-next 2021-05-13 18:32:50 +00:00
Luke Granger-Brown
ca6255bf0b nixos/docker: fix evaluation when NAT is enabled too
Both networking.nat.enable and virtualisation.docker.enable now want to
make sure that the IP forwarding sysctl is enabled, but the module
system dislikes that both modules contain this option.

Realistically this should be refactored a bit, so that the Docker module
automatically enables the NAT module instead, but this is a more obvious
fix.
2021-05-13 10:26:45 +00:00
github-actions[bot]
bc1f4b790e
Merge master into staging-next 2021-05-09 12:23:16 +00:00
Hedtke, Moritz
7a80d281ed
nixos/containers: Increase startup timeout for imperative containers
Changed the startup timeout from 15 seconds to one minute as 15 seconds is really low.
Also it's currently not possible to change it without editing your system configuration.
2021-05-08 19:59:20 +02:00
Laurynas Alekna
9317570735 nixos/docker: ensure ipv4 forwarding is enabled
Fixes #118656
2021-05-08 18:58:24 +01:00
github-actions[bot]
77c79724e3
Merge staging-next into staging 2021-05-04 06:20:26 +00:00
Silvan Mosberger
37e2fbda39
Merge pull request #121449 from endgame/metadata-fetcher-umask
metadata fetchers: use umask instead of fetch-and-chmod
2021-05-04 03:39:38 +02:00
github-actions[bot]
5e177b16b1
Merge staging-next into staging 2021-05-03 18:25:49 +00:00
Luke Granger-Brown
a0da004326
Merge pull request #121376 from urbas/amazon-init-shell-script-support
nixos/amazon-init: add user-data shell script support
2021-05-03 16:01:26 +01:00
Jack Kelly
5ea55e4ed0 metadata fetchers: use umask instead of fetch-and-chmod 2021-05-02 08:28:59 +10:00
github-actions[bot]
ef6416a6ba
Merge staging-next into staging 2021-05-01 00:54:32 +00:00
Florian Klink
44a0debca7
Merge pull request #121021 from pennae/container-sigterm
nixos/nix-containers: use SIGTERM to stop containers
2021-04-30 21:35:16 +02:00
Sandro Jäckel
ae02415ee8
treewide: remove gnidorah
due to github account removal/deletion and not other mean of contact.
2021-04-30 01:48:19 +02:00
ryneeverett
161a35b0b8
nixos/lxd: explicitly load xt_CHECKSUM module
This module is needed to create bridge networks such as the default
lxdbr0 created by `lxd init`. Without this module, running `lxc network
create lxdbr0` errors with:

> Error: Failed to create network 'lxdbr0': Failed to run: iptables -w -t mangle -I POSTROUTING -o lxdbr0 -p udp --dport 68 -j CHECKSUM --checksum-fill -m comment --comment generated for LXD network lxdbr0: iptables v1.8.5 (legacy): unknown option "--checksum-fill"
2021-04-29 11:40:00 +02:00
ryneeverett
80e263b389
nixos/lxd: explicitly load kernel modules
This is analogous to #70447 and #76487.

These are all needed to attach a container to the default bridge
network, without which the final line of the following script fails with
the error for each respective kernel module listed below.

```sh
lxc storage create foo dir
lxc launch -s foo ubuntu:trusty bar
lxc network attach lxdbr0 bar
```

veth
----

> Error: Failed to start device 'lxdbr0': Failed to create the veth interfaces vethefbc3cd6 and vetha4abbcbc: Failed to run: ip link add dev vethefbc3cd6 type veth peer name vetha4abbcbc: RTNETLINK answers: Operation not supported

iptable_mangle
--------------

> lvl=eror msg="Failed to bring up network" err="Failed to list ipv4 rules for LXD network lxdbr0 (table mangle)" name=lxdbr0

xt_comment
----------

> lvl=error msg="Failed to bring up network" err="Failed to run: iptables -w -t filter -I INPUT -i lxdbr0 -p udp --dport 67 -j ACCEPT -m comment --comment generated for LXD network lxdbr0: iptables v1.8.4 (legacy): Couldn't load match `comment':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information." name=lxdbr0

xt_MASQUERADE
-------------

> vl=eror msg="Failed to bring up network" err="Failed to run: iptables -w -t nat -I POSTROUTING -s 10.0.107.0/24 ! -d 10.0.107.0/24 -j MASQUERADE -m comment --comment generated for LXD network lxdbr0: iptables v1.8.4 (legacy): Couldn't load target `MASQUERADE':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information." name=lxdbr0
2021-04-29 11:37:10 +02:00
github-actions[bot]
01105a117a
Merge staging-next into staging 2021-04-29 06:21:55 +00:00
Peter Hoeg
ce93de4f62 nixos/hyperv: bail gracefully if device is missing 2021-04-29 09:37:17 +08:00
pennae
82931ea446 nixos/nix-containers: use SIGTERM to stop containers
systemd-nspawn can react to SIGTERM and send a shutdown signal to the container
init process. use that instead of going through dbus and machined to request
nspawn sending the signal, since during host shutdown machined or dbus may have
gone away by the point a container unit is stopped.

to solve the issue that a container that is still starting cannot be stopped
cleanly we must also handle this signal in containerInit/stage-2.
2021-04-28 14:07:35 +02:00
github-actions[bot]
e30742adc3
Merge staging-next into staging 2021-04-26 12:06:35 +00:00