virtualisation/oci-containers: fix podman systemd service name

2025-08-04 10:01:24 +02:00 · 2025-08-04 10:01:24 +02:00 · 68710f4064
commit 68710f4064
parent 0b0c68c77d
2 changed files with 16 additions and 10 deletions
--- a/nixos/modules/virtualisation/oci-containers.nix
+++ b/nixos/modules/virtualisation/oci-containers.nix
@ -185,11 +185,9 @@ let
            Refer to the
            [Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details.
          '';
-          example = literalExpression ''
-            [
-              "127.0.0.1:8080:9000"
-            ]
-          '';
+          example = [
+            "127.0.0.1:8080:9000"
+          ];
        };

        user = mkOption {
@ -387,7 +385,9 @@ let
  mkService =
    name: container:
    let
-      dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn;
+      dependsOn = lib.attrsets.mapAttrsToList (k: v: "${v.serviceName}.service") (
+        lib.attrsets.getAttrs container.dependsOn cfg.containers
+      );
      escapedName = escapeShellArg name;
      preStartScript = pkgs.writeShellApplication {
        name = "pre-start";
@ -539,7 +539,7 @@ let
        Restart = "always";
      }
      // optionalAttrs (cfg.backend == "podman") {
-        Environment = "PODMAN_SYSTEMD_UNIT=podman-${name}.service";
+        Environment = "PODMAN_SYSTEMD_UNIT=%n";
        Type = "notify";
        NotifyAccess = "all";
        Delegate = mkIf (container.podman.sdnotify == "healthy") true;
--- a/nixos/tests/oci-containers.nix
+++ b/nixos/tests/oci-containers.nix
@ -9,6 +9,8 @@ let

  inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;

+  serviceName = "nginxtest"; # different on purpose to verify proper systemd unit generation
+
  mkOCITest =
    backend:
    makeTest {
@ -23,6 +25,7 @@ let
            virtualisation.oci-containers = {
              inherit backend;
              containers.nginx = {
+                inherit serviceName;
                image = "nginx-container";
                imageStream = pkgs.dockerTools.examples.nginxStream;
                ports = [ "8181:80" ];
@ -39,7 +42,7 @@ let

            # Stop systemd from killing remaining processes if ExecStop script
            # doesn't work, so that proper stopping can be tested.
-            systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT";
+            systemd.services.${serviceName}.serviceConfig.KillSignal = "SIGCONT";
          };
      };

@ -47,11 +50,11 @@ let
        import json

        start_all()
-        ${backend}.wait_for_unit("${backend}-nginx.service")
+        ${backend}.wait_for_unit("${serviceName}.service")
        ${backend}.wait_for_open_port(8181)
        ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
        output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0]
-        ${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10)
+        ${backend}.succeed("systemctl stop ${serviceName}.service", timeout=10)
        assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"]
        assert output['HostConfig']['CapDrop'] == ${
          if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]"
@ -60,6 +63,9 @@ let
        assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${
          if backend == "docker" then "rwm" else ""
        }'}]
+      ''
+      + lib.strings.optionalString (backend == "podman") ''
+        assert output['Config']['Labels']['PODMAN_SYSTEMD_UNIT'] == '${serviceName}.service'
      '';
    };