pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #177406 from davidkna/podman-gen

nixos/virtualisation.oci-containers: follow podman-generated systemd units more closely

authored by Florian Klink and committed by GitHub 80e4946f 8ca3b674

+21 -4
unified split
+21 -4
nixos/modules/virtualisation/oci-containers.nix
··· 227 227 228 228 mkService = name: container: let 229 229 dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; 230 + escapedName = escapeShellArg name; 230 231 in { 231 232 wantedBy = [] ++ optional (container.autoStart) "multi-user.target"; 232 233 after = lib.optionals (cfg.backend == "docker") [ "docker.service" "docker.socket" ] ++ dependsOn; ··· 250 251 ${optionalString (container.imageFile != null) '' 251 252 ${cfg.backend} load -i ${container.imageFile} 252 253 ''} 254 + ${optionalString (cfg.backend == "podman") '' 255 + rm -f /run/podman-${escapedName}.ctr-id 256 + ''} 253 257 ''; 254 258 255 259 script = concatStringsSep " \\\n " ([ 256 260 "exec ${cfg.backend} run" 257 261 "--rm" 258 - "--name=${escapeShellArg name}" 262 + "--name=${escapedName}" 259 263 "--log-driver=${container.log-driver}" 260 264 ] ++ optional (container.entrypoint != null) 261 265 "--entrypoint=${escapeShellArg container.entrypoint}" 262 - ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) 266 + ++ lib.optionals (cfg.backend == "podman") [ 267 + "--cidfile=/run/podman-${escapedName}.ctr-id" 268 + "--cgroups=no-conmon" 269 + "--sdnotify=conmon" 270 + "-d" 271 + "--replace" 272 + ] ++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment) 263 273 ++ map (f: "--env-file ${escapeShellArg f}") container.environmentFiles 264 274 ++ map (p: "-p ${escapeShellArg p}") container.ports 265 275 ++ optional (container.user != null) "-u ${escapeShellArg container.user}" ··· 270 280 ++ map escapeShellArg container.cmd 271 281 ); 272 282 273 - preStop = "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; 274 - postStop = "${cfg.backend} rm -f ${name} || true"; 283 + preStop = if cfg.backend == "podman" 284 + then "[ $SERVICE_RESULT = success ] || podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" 285 + else "[ $SERVICE_RESULT = success ] || ${cfg.backend} stop ${name}"; 286 + postStop = if cfg.backend == "podman" 287 + then "podman rm -f --ignore --cidfile=/run/podman-${escapedName}.ctr-id" 288 + else "${cfg.backend} rm -f ${name} || true"; 275 289 276 290 serviceConfig = { 277 291 ### There is no generalized way of supporting `reload` for docker ··· 290 304 # ExecReload = ...; 291 305 ### 292 306 307 + Environment=if cfg.backend == "podman" then "PODMAN_SYSTEMD_UNIT=podman-${name}.service" else {}; 308 + Type=if cfg.backend == "podman" then "notify" else {}; 309 + NotifyAccess=if cfg.backend == "podman" then "all" else {}; 293 310 TimeoutStartSec = 0; 294 311 TimeoutStopSec = 120; 295 312 Restart = "always";