nixos-container: Make configuration and state directories configurable

lol

/etc/containers is also used by Podman, Skopeo & other popular
container tooling so we need to be able to move to another
configuration directory.

The state move is not strictly a requirement but is good for consistency.

adisbladis 3 years ago 7d9a979b 85919894

+22 -11

2 changed files

expand all

pkgs

tools

virtualization

nixos-container

default.nix

nixos-container.pl

+9 -1

pkgs/tools/virtualization/nixos-container/default.nix

··· 1 - { substituteAll, perl, shadow, util-linux }: 1 + { substituteAll 2 + , perl 3 + , shadow 4 + , util-linux 5 + , configurationDirectory ? "/etc/nixos-containers" 6 + , stateDirectory ? "/var/lib/nixos-containers" 7 + }: 2 8 3 9 substituteAll { 4 10 name = "nixos-container"; ··· 8 14 perl = perl.withPackages (p: [ p.FileSlurp ]); 9 15 su = "${shadow.su}/bin/su"; 10 16 utillinux = util-linux; 17 + 18 + inherit configurationDirectory stateDirectory; 11 19 12 20 postInstall = '' 13 21 t=$out/share/bash-completion/completions

+13 -10

pkgs/tools/virtualization/nixos-container/nixos-container.pl

··· 12 12 my $nsenter = "@utillinux@/bin/nsenter"; 13 13 my $su = "@su@"; 14 14 15 + my $configurationDirectory = "@configurationDirectory@"; 16 + my $stateDirectory = "@stateDirectory@"; 17 + 15 18 # Ensure a consistent umask. 16 19 umask 0022; 17 20 ··· 132 135 133 136 # Execute the selected action. 134 137 135 - mkpath("/etc/containers", 0, 0755); 136 - mkpath("/var/lib/containers", 0, 0700); 138 + mkpath("$configurationDirectory", 0, 0755); 139 + mkpath("$stateDirectory", 0, 0700); 137 140 138 141 if ($action eq "list") { 139 - foreach my $confFile (glob "/etc/containers/*.conf") { 142 + foreach my $confFile (glob "$configurationDirectory/*.conf") { 140 143 $confFile =~ /\/([^\/]+).conf$/ or next; 141 144 print "$1\n"; 142 145 } ··· 198 201 open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!"; 199 202 flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!"; 200 203 201 - my $confFile = "/etc/containers/$containerName.conf"; 202 - my $root = "/var/lib/containers/$containerName"; 204 + my $confFile = "$configurationDirectory/$containerName.conf"; 205 + my $root = "$stateDirectory/$containerName"; 203 206 204 207 # Maybe generate a unique name. 205 208 if ($ensureUniqueName) { 206 209 my $base = $containerName; 207 210 for (my $nr = 0; ; $nr++) { 208 - $confFile = "/etc/containers/$containerName.conf"; 209 - $root = "/var/lib/containers/$containerName"; 211 + $confFile = "$configurationDirectory/$containerName.conf"; 212 + $root = "$stateDirectory/$containerName"; 210 213 last unless -e $confFile || -e $root; 211 214 $containerName = "$base-$nr"; 212 215 } ··· 220 223 221 224 # Get an unused IP address. 222 225 my %usedIPs; 223 - foreach my $confFile2 (glob "/etc/containers/*.conf") { 226 + foreach my $confFile2 (glob "$configurationDirectory/*.conf") { 224 227 my $s = read_file($confFile2) or die; 225 228 $usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m; 226 229 $usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m; ··· 292 295 exit 0; 293 296 } 294 297 295 - my $root = "/var/lib/containers/$containerName"; 298 + my $root = "$stateDirectory/$containerName"; 296 299 my $profileDir = "/nix/var/nix/profiles/per-container/$containerName"; 297 300 my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName"; 298 - my $confFile = "/etc/containers/$containerName.conf"; 301 + my $confFile = "$configurationDirectory/$containerName.conf"; 299 302 if (!-e $confFile) { 300 303 if ($action eq "destroy") { 301 304 exit 0;