Commit graph

30 commits

Author SHA1 Message Date
Eelco Dolstra 9ee30cd9b5 Add support for lightweight NixOS containers
You can now say:

  systemd.containers.foo.config =
    { services.openssh.enable = true;
      services.openssh.ports = [ 2022 ];
      users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
    };

which defines a NixOS instance with the given configuration running
inside a lightweight container.

You can also manage the configuration of the container independently
from the host:

  systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";

where "path" is a NixOS system profile.  It can be created/updated by
doing:

  $ nix-env --set -p /nix/var/nix/profiles/containers/foo \
      -f '<nixos>' -A system -I nixos-config=foo.nix

The container configuration (foo.nix) should define

  boot.isContainer = true;

to optimise away the building of a kernel and initrd.  This is done
automatically when using the "config" route.

On the host, a lightweight container appears as the service
"container-<name>.service".  The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel.  It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount).  It also
has access to the network devices of the host.

Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted.  In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.

Containers are not perfectly isolated yet.  In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 17:14:10 +01:00
Eelco Dolstra 953f12995b nscd: Fix LD_LIBRARY_PATH
This ensures that nscd can find the NSS modules.

Fixes #1248.
2013-11-26 18:38:22 +01:00
Eelco Dolstra 14cd8bc248 Allow services to specify a pre-stop script 2013-11-26 18:24:55 +01:00
Eelco Dolstra 2b1f212494 Disable various services when running inside a container 2013-11-26 18:19:45 +01:00
Eelco Dolstra dc87f8e080 Check whether fileSystems defines the root FS 2013-11-18 18:04:16 +01:00
Eelco Dolstra 8951be2d80 Allow overrides to work for unit options 2013-11-18 18:04:16 +01:00
Eelco Dolstra 33cb0bbb4b Use types.lines for script/preStart/postStart/postStop 2013-11-18 18:04:16 +01:00
Eelco Dolstra 5620e69b5d Apply better type checking to unitConfig/serviceConfig/...
In particular, complain if two modules define the same systemd option.
2013-11-18 18:04:16 +01:00
Eelco Dolstra f8a034172a Fix broken Conflicts options 2013-11-18 18:04:16 +01:00
Eelco Dolstra 08a85c2152 Allow building/testing individual systemd units 2013-11-18 18:04:16 +01:00
Ricardo M. Correia 36a05c7b15 systemd: Add systemd.extraConfig option for /etc/systemd/system.conf 2013-11-16 16:50:59 +01:00
Ricardo M. Correia e0171ef026 systemd: Change services.logind.extraConfig type to types.lines 2013-11-16 16:50:59 +01:00
Eelco Dolstra 4cada34b7f Properly handle unit names with dashes in them
We ended up with files in /etc/systemd/system called
"bigx2ddata.mount.wants" rather than "big\x2ddata.mount.wants".
2013-11-12 16:58:36 +01:00
Eelco Dolstra 408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00
Eelco Dolstra d882e19662 Shut up "failed to resume" warning if there is no resume device 2013-10-30 18:47:43 +01:00
Eelco Dolstra be5d3a59dd Clean up some option examples 2013-10-30 18:47:43 +01:00
Eelco Dolstra 70a2c54527 Strictly check the arguments to mkOption
And fix various instances of bad arguments.
2013-10-30 15:35:09 +01:00
Eelco Dolstra 4680af6a93 Add some option types 2013-10-30 14:57:42 +01:00
Eelco Dolstra 862e3dd977 Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
Eelco Dolstra 9a8516438e Fix NixOps evaluation 2013-10-28 22:45:57 +01:00
Eelco Dolstra d5047faede Remove uses of the "merge" option attribute
It's redundant because you can (and should) specify an option type, or
an apply function.
2013-10-28 22:45:56 +01:00
Eelco Dolstra a40583e7e4 Fix bogus mkOption types
Among others, systemd unit options were not being type-checked because
of this.  mkOption should really check its arguments better...
2013-10-28 22:45:56 +01:00
Eelco Dolstra 1408ac51a4 Add missing types 2013-10-28 22:45:56 +01:00
Eelco Dolstra 4b1a9dd00b Remove uses of mkFixStrictness
mkFixStrictness is no longer needed, woohoo!
2013-10-28 22:45:55 +01:00
Eelco Dolstra c4149c7b56 Fix evaluation error in the ISOs 2013-10-24 02:03:10 +02:00
Eelco Dolstra a3777ba4f9 Remove dependencies on the Nixpkgs location 2013-10-23 20:08:23 +02:00
Eelco Dolstra 8f4c5b05d5 Add a way to define obsolete options that have no replacement 2013-10-23 20:08:22 +02:00
Eelco Dolstra b33657df03 grub: Make assertion lazier 2013-10-17 13:30:49 +02:00
Shea Levy a63b4dc555 Remove old efi boot stub bootloader
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-10-10 10:54:35 -04:00
Eelco Dolstra 5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00