Unverified Commit 44265515 authored by Adam C. Stephens's avatar Adam C. Stephens
Browse files

nixos/incus: gate bucket support since it requires insecure minio 

If upstream replaces minio for v7, we can drop this, but minio is now insecure forcing us to act.
parent b540331d

nixos/modules/virtualisation/incus.nix

+11 −2
Original line number Diff line number Diff line
@@ -54,8 +54,6 @@ let 
      lvm2

      lz4

      lxcfs

      minio

      minio-client

      nftables

      qemu-utils

      qemu_kvm
@@ -99,6 +97,10 @@ let 
    ]

    ++ lib.optionals nvidiaEnabled [

      libnvidia-container

    ]

    ++ lib.optionals cfg.bucketSupport [

      minio

      minio-client

    ];



  # https://github.com/lxc/incus/blob/cff35a29ee3d7a2af1f937cbb6cf23776941854b/internal/server/instance/drivers/driver_qemu.go#L123
@@ -211,6 +213,13 @@ in 
        description = "The incus client package to use. This package is added to PATH.";

      };



      bucketSupport = lib.mkOption {

        type = lib.types.bool;

        description = "Enable bucket support using minio, which is an insecure and unmaintained S3 provider.";

        default = if lib.versionAtLeast config.system.stateVersion "26.11" then false else null;

        defaultText = lib.literalExpression ''if lib.versionAtLeast config.system.stateVersion "26.11" then false else null;'';

      };



      softDaemonRestart = lib.mkOption {

        type = lib.types.bool;

        default = true;

nixos/tests/incus/incus-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -51,6 +51,7 @@ in 
      incus = {

        enable = true;

        package = cfg.package;

        bucketSupport = false;



        preseed = {

          networks = [