Loading nixos/modules/virtualisation/oci-containers.nix +7 −7 Original line number Diff line number Diff line Loading @@ -185,11 +185,9 @@ let Refer to the [Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details. ''; example = literalExpression '' [ example = [ "127.0.0.1:8080:9000" ] ''; ]; }; user = mkOption { Loading Loading @@ -387,7 +385,9 @@ let mkService = name: container: let dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; dependsOn = lib.attrsets.mapAttrsToList (k: v: "${v.serviceName}.service") ( lib.attrsets.getAttrs container.dependsOn cfg.containers ); escapedName = escapeShellArg name; preStartScript = pkgs.writeShellApplication { name = "pre-start"; Loading Loading @@ -539,7 +539,7 @@ let Restart = "always"; } // optionalAttrs (cfg.backend == "podman") { Environment = "PODMAN_SYSTEMD_UNIT=podman-${name}.service"; Environment = "PODMAN_SYSTEMD_UNIT=%n"; Type = "notify"; NotifyAccess = "all"; Delegate = mkIf (container.podman.sdnotify == "healthy") true; Loading nixos/tests/oci-containers.nix +9 −3 Original line number Diff line number Diff line Loading @@ -9,6 +9,8 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; serviceName = "nginxtest"; # different on purpose to verify proper systemd unit generation mkOCITest = backend: makeTest { Loading @@ -23,6 +25,7 @@ let virtualisation.oci-containers = { inherit backend; containers.nginx = { inherit serviceName; image = "nginx-container"; imageStream = pkgs.dockerTools.examples.nginxStream; ports = [ "8181:80" ]; Loading @@ -39,7 +42,7 @@ let # Stop systemd from killing remaining processes if ExecStop script # doesn't work, so that proper stopping can be tested. systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT"; systemd.services.${serviceName}.serviceConfig.KillSignal = "SIGCONT"; }; }; Loading @@ -47,11 +50,11 @@ let import json start_all() ${backend}.wait_for_unit("${backend}-nginx.service") ${backend}.wait_for_unit("${serviceName}.service") ${backend}.wait_for_open_port(8181) ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0] ${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10) ${backend}.succeed("systemctl stop ${serviceName}.service", timeout=10) assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"] assert output['HostConfig']['CapDrop'] == ${ if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]" Loading @@ -60,6 +63,9 @@ let assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${ if backend == "docker" then "rwm" else "" }'}] '' + lib.strings.optionalString (backend == "podman") '' assert output['Config']['Labels']['PODMAN_SYSTEMD_UNIT'] == '${serviceName}.service' ''; }; Loading Loading
nixos/modules/virtualisation/oci-containers.nix +7 −7 Original line number Diff line number Diff line Loading @@ -185,11 +185,9 @@ let Refer to the [Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details. ''; example = literalExpression '' [ example = [ "127.0.0.1:8080:9000" ] ''; ]; }; user = mkOption { Loading Loading @@ -387,7 +385,9 @@ let mkService = name: container: let dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; dependsOn = lib.attrsets.mapAttrsToList (k: v: "${v.serviceName}.service") ( lib.attrsets.getAttrs container.dependsOn cfg.containers ); escapedName = escapeShellArg name; preStartScript = pkgs.writeShellApplication { name = "pre-start"; Loading Loading @@ -539,7 +539,7 @@ let Restart = "always"; } // optionalAttrs (cfg.backend == "podman") { Environment = "PODMAN_SYSTEMD_UNIT=podman-${name}.service"; Environment = "PODMAN_SYSTEMD_UNIT=%n"; Type = "notify"; NotifyAccess = "all"; Delegate = mkIf (container.podman.sdnotify == "healthy") true; Loading
nixos/tests/oci-containers.nix +9 −3 Original line number Diff line number Diff line Loading @@ -9,6 +9,8 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; serviceName = "nginxtest"; # different on purpose to verify proper systemd unit generation mkOCITest = backend: makeTest { Loading @@ -23,6 +25,7 @@ let virtualisation.oci-containers = { inherit backend; containers.nginx = { inherit serviceName; image = "nginx-container"; imageStream = pkgs.dockerTools.examples.nginxStream; ports = [ "8181:80" ]; Loading @@ -39,7 +42,7 @@ let # Stop systemd from killing remaining processes if ExecStop script # doesn't work, so that proper stopping can be tested. systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT"; systemd.services.${serviceName}.serviceConfig.KillSignal = "SIGCONT"; }; }; Loading @@ -47,11 +50,11 @@ let import json start_all() ${backend}.wait_for_unit("${backend}-nginx.service") ${backend}.wait_for_unit("${serviceName}.service") ${backend}.wait_for_open_port(8181) ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0] ${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10) ${backend}.succeed("systemctl stop ${serviceName}.service", timeout=10) assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"] assert output['HostConfig']['CapDrop'] == ${ if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]" Loading @@ -60,6 +63,9 @@ let assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${ if backend == "docker" then "rwm" else "" }'}] '' + lib.strings.optionalString (backend == "podman") '' assert output['Config']['Labels']['PODMAN_SYSTEMD_UNIT'] == '${serviceName}.service' ''; }; Loading
