incus: format

2024-11-30 00:04:27 -05:00 · 2024-11-30 00:04:27 -05:00 · 9ab59bb5fb
commit 9ab59bb5fb
parent ed30be523a
13 changed files with 600 additions and 482 deletions
--- a/nixos/modules/virtualisation/lxc-image-metadata.nix
+++ b/nixos/modules/virtualisation/lxc-image-metadata.nix
@ -1,7 +1,14 @@
-{ lib, config, pkgs, ... }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:

 let
-  templateSubmodule = {...}: {
+  templateSubmodule =
+    { ... }:
+    {
      options = {
        enable = lib.mkEnableOption "this template";

@ -20,32 +27,45 @@ let
        properties = lib.mkOption {
          description = "Additional properties";
          type = lib.types.attrs;
-        default = {};
+          default = { };
        };
      };
    };

-  toYAML = name: data: pkgs.writeText name (lib.generators.toYAML {} data);
+  toYAML = name: data: pkgs.writeText name (lib.generators.toYAML { } data);

  cfg = config.virtualisation.lxc;
-  templates = if cfg.templates != {} then let
-    list = lib.mapAttrsToList (name: value: { inherit name; } // value)
-      (lib.filterAttrs (name: value: value.enable) cfg.templates);
+  templates =
+    if cfg.templates != { } then
+      let
+        list = lib.mapAttrsToList (name: value: { inherit name; } // value) (
+          lib.filterAttrs (name: value: value.enable) cfg.templates
+        );
      in
      {
        files = map (tpl: {
          source = tpl.template;
          target = "/templates/${tpl.name}.tpl";
        }) list;
-      properties = lib.listToAttrs (map (tpl: lib.nameValuePair tpl.target {
+        properties = lib.listToAttrs (
+          map (
+            tpl:
+            lib.nameValuePair tpl.target {
              when = tpl.when;
              template = "${tpl.name}.tpl";
              properties = tpl.properties;
-      }) list);
            }
-  else { files = []; properties = {}; };
+          ) list
+        );
+      }
+    else
+      {
+        files = [ ];
+        properties = { };
+      };

-in {
+in
+{
  imports = [
    ../image/file-options.nix
  ];
@ -59,7 +79,7 @@ in {
      templates = lib.mkOption {
        description = "Templates for LXD";
        type = lib.types.attrsOf (lib.types.submodule templateSubmodule);
-        default = {};
+        default = { };
        example = lib.literalExpression ''
          {
            # create /etc/hostname on container creation
@ -91,7 +111,10 @@ in {
  };

  config = {
-    system.nixos.tags = [ "lxc" "metadata" ];
+    system.nixos.tags = [
+      "lxc"
+      "metadata"
+    ];
    image.extension = "tar.xz";
    image.filePath = "tarball/${config.image.fileName}";
    system.build.image = config.system.build.metadata;
@ -100,7 +123,9 @@ in {
      contents = [
        {
          source = toYAML "metadata.yaml" {
-            architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.stdenv.hostPlatform.system)) 0;
+            architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (
+              toString pkgs.stdenv.hostPlatform.system
+            )) 0;
            creation_date = 1;
            properties = {
              description = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.stdenv.hostPlatform.system}";
--- a/nixos/modules/virtualisation/lxc-instance-common.nix
+++ b/nixos/modules/virtualisation/lxc-instance-common.nix
@ -1,4 +1,4 @@
-{lib, ...}:
+{ lib, ... }:

 {
  meta = {
--- a/nixos/modules/virtualisation/lxc.nix
+++ b/nixos/modules/virtualisation/lxc.nix
@ -1,6 +1,11 @@
 # LXC Configuration

-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 let
  cfg = config.virtualisation.lxc;
@ -12,8 +17,7 @@ in
  };

  options.virtualisation.lxc = {
-    enable =
-      lib.mkOption {
+    enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
@ -25,8 +29,7 @@ in

    unprivilegedContainers = lib.mkEnableOption "support for unprivileged users to launch containers";

-    systemConfig =
-      lib.mkOption {
+    systemConfig = lib.mkOption {
      type = lib.types.lines;
      default = "";
      description = ''
@ -36,8 +39,7 @@ in
    };
    package = lib.mkPackageOption pkgs "lxc" { };

-    defaultConfig =
-      lib.mkOption {
+    defaultConfig = lib.mkOption {
      type = lib.types.lines;
      default = "";
      description = ''
@ -46,8 +48,7 @@ in
      '';
    };

-    usernetConfig =
-      lib.mkOption {
+    usernetConfig = lib.mkOption {
      type = lib.types.lines;
      default = "";
      description = ''
@ -56,8 +57,7 @@ in
      '';
    };

-      bridgeConfig =
-        lib.mkOption {
+    bridgeConfig = lib.mkOption {
      type = lib.types.lines;
      default = "";
      description = ''
@ -88,7 +88,7 @@ in
    };

    # We don't need the `lxc-user` group, unless the unprivileged containers are enabled.
-    users.groups = lib.mkIf cfg.unprivilegedContainers { lxc-user = {}; };
+    users.groups = lib.mkIf cfg.unprivilegedContainers { lxc-user = { }; };

    # `lxc-user-nic` needs suid to attach to bridge for unpriv containers.
    security.wrappers = lib.mkIf cfg.unprivilegedContainers {
@ -108,7 +108,12 @@ in
      lxc-net = {
        enable = true;
        wantedBy = [ "multi-user.target" ];
-        path = [ pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.dnsmasq ];
+        path = [
+          pkgs.iproute2
+          pkgs.iptables
+          pkgs.getent
+          pkgs.dnsmasq
+        ];
      };
    };
  };
--- a/nixos/modules/virtualisation/lxcfs.nix
+++ b/nixos/modules/virtualisation/lxcfs.nix
@ -1,18 +1,23 @@
 # LXC Configuration

-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 let
  cfg = config.virtualisation.lxc.lxcfs;
-in {
+in
+{
  meta = {
    maintainers = lib.teams.lxc.members;
  };

  ###### interface
  options.virtualisation.lxc.lxcfs = {
-    enable =
-      lib.mkOption {
+    enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
@ -34,11 +39,11 @@ in {
      before = [ "lxc.service" ];
      restartIfChanged = false;
      serviceConfig = {
-        ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/lib/lxcfs";
-        ExecStart="${pkgs.lxcfs}/bin/lxcfs /var/lib/lxcfs";
-        ExecStopPost="-${pkgs.fuse}/bin/fusermount -u /var/lib/lxcfs";
-        KillMode="process";
-        Restart="on-failure";
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/lxcfs";
+        ExecStart = "${pkgs.lxcfs}/bin/lxcfs /var/lib/lxcfs";
+        ExecStopPost = "-${pkgs.fuse}/bin/fusermount -u /var/lib/lxcfs";
+        KillMode = "process";
+        Restart = "on-failure";
      };
    };
  };
--- a/nixos/tests/incus/container.nix
+++ b/nixos/tests/incus/container.nix
@ -1,27 +1,40 @@
-import ../make-test-python.nix ({ pkgs, lib, extra ? {}, name ? "incus-container", incus ? pkgs.incus-lts, ... } :
+import ../make-test-python.nix (
+  {
+    pkgs,
+    lib,
+    extra ? { },
+    name ? "incus-container",
+    incus ? pkgs.incus-lts,
+    ...
+  }:

-let
+  let
    releases = import ../../release.nix {
      configuration = lib.recursiveUpdate {
        # Building documentation makes the test unnecessarily take a longer time:
        documentation.enable = lib.mkForce false;

        boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
-    }
-    extra;
+      } extra;
    };

-  container-image-metadata = "${releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system}}/tarball/nixos-system-${pkgs.stdenv.hostPlatform.system}.tar.xz";
-  container-image-rootfs = "${releases.incusContainerImage.${pkgs.stdenv.hostPlatform.system}}/nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}.squashfs";
-in
-{
+    container-image-metadata = "${
+      releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system}
+    }/tarball/nixos-system-${pkgs.stdenv.hostPlatform.system}.tar.xz";
+    container-image-rootfs = "${
+      releases.incusContainerImage.${pkgs.stdenv.hostPlatform.system}
+    }/nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}.squashfs";
+  in
+  {
    inherit name;

    meta = {
      maintainers = lib.teams.lxc.members;
    };

-  nodes.machine = { ... }: {
+    nodes.machine =
+      { ... }:
+      {
        virtualisation = {
          # Ensure test VM has enough resources for creating and managing guests
          cores = 2;
@ -137,4 +150,5 @@ in
                machine.succeed("systemctl stop incus")
                machine.succeed(f"ps {pid}")
      '';
-})
+  }
+)
--- a/nixos/tests/incus/openvswitch.nix
+++ b/nixos/tests/incus/openvswitch.nix
@ -1,13 +1,21 @@
-import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
+import ../make-test-python.nix (
+  {
+    pkgs,
+    lib,
+    incus ? pkgs.incus-lts,
+    ...
+  }:

-{
+  {
    name = "incus-openvswitch";

    meta = {
      maintainers = lib.teams.lxc.members;
    };

-  nodes.machine = { lib, ... }: {
+    nodes.machine =
+      { lib, ... }:
+      {
        virtualisation = {
          incus = {
            enable = true;
@ -66,4 +74,5 @@ import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
      with subtest("Verify openvswitch bridge"):
        machine.succeed("ovs-vsctl br-exists nixostestbr0")
    '';
-})
+  }
+)
--- a/nixos/tests/incus/socket-activated.nix
+++ b/nixos/tests/incus/socket-activated.nix
@ -1,13 +1,21 @@
-import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
+import ../make-test-python.nix (
+  {
+    pkgs,
+    lib,
+    incus ? pkgs.incus-lts,
+    ...
+  }:

-{
+  {
    name = "incus-socket-activated";

    meta = {
      maintainers = lib.teams.lxc.members;
    };

-  nodes.machine = { lib, ... }: {
+    nodes.machine =
+      { lib, ... }:
+      {
        virtualisation = {
          incus = {
            enable = true;
@ -29,4 +37,5 @@ import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... } :
      machine.succeed("incus list")
      machine.wait_for_unit("incus.service")
    '';
-})
+  }
+)
--- a/nixos/tests/incus/ui.nix
+++ b/nixos/tests/incus/ui.nix
@ -1,11 +1,20 @@
-import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }: {
+import ../make-test-python.nix (
+  {
+    pkgs,
+    lib,
+    incus ? pkgs.incus-lts,
+    ...
+  }:
+  {
    name = "incus-ui";

    meta = {
      maintainers = lib.teams.lxc.members;
    };

-  nodes.machine = { lib, ... }: {
+    nodes.machine =
+      { lib, ... }:
+      {
        virtualisation = {
          incus = {
            enable = true;
@ -17,10 +26,12 @@ import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }: {

        environment.systemPackages =
          let
-        seleniumScript = pkgs.writers.writePython3Bin "selenium-script"
+            seleniumScript =
+              pkgs.writers.writePython3Bin "selenium-script"
                {
                  libraries = with pkgs.python3Packages; [ selenium ];
-          } ''
+                }
+                ''
                  from selenium import webdriver
                  from selenium.webdriver.common.by import By
                  from selenium.webdriver.firefox.options import Options
@ -42,10 +53,15 @@ import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }: {
                  driver.close()
                '';
          in
-      with pkgs; [ curl firefox-unwrapped geckodriver seleniumScript ];
+          with pkgs;
+          [
+            curl
+            firefox-unwrapped
+            geckodriver
+            seleniumScript
+          ];
      };

-
    testScript = ''
      machine.wait_for_unit("sockets.target")
      machine.wait_for_unit("incus.service")
@ -64,4 +80,5 @@ import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }: {
      # Ensure the application is actually rendered by the Javascript
      machine.succeed("PYTHONUNBUFFERED=1 selenium-script")
    '';
-})
+  }
+)
--- a/nixos/tests/incus/virtual-machine.nix
+++ b/nixos/tests/incus/virtual-machine.nix
@ -1,13 +1,19 @@
-import ../make-test-python.nix ({ pkgs, lib, incus ? pkgs.incus-lts, ... }:
+import ../make-test-python.nix (
+  {
+    pkgs,
+    lib,
+    incus ? pkgs.incus-lts,
+    ...
+  }:

-let
+  let
    releases = import ../../release.nix {
      configuration = {
        # Building documentation makes the test unnecessarily take a longer time:
        documentation.enable = lib.mkForce false;

        # Our tests require `grep` & friends:
-      environment.systemPackages = with pkgs; [busybox];
+        environment.systemPackages = with pkgs; [ busybox ];
      };
    };

@ -15,15 +21,17 @@ let
    vm-image-disk = releases.incusVirtualMachineImage.${pkgs.stdenv.hostPlatform.system};

    instance-name = "instance1";
-in
-{
+  in
+  {
    name = "incus-virtual-machine";

    meta = {
      maintainers = lib.teams.lxc.members;
    };

-  nodes.machine = {...}: {
+    nodes.machine =
+      { ... }:
+      {
        virtualisation = {
          # Ensure test VM has enough resources for creating and managing guests
          cores = 2;
@ -83,4 +91,5 @@ in
            machine.succeed("systemctl stop incus")
            machine.succeed(f"ps {pid}")
      '';
-})
+  }
+)
--- a/pkgs/by-name/di/distrobuilder/generator.nix
+++ b/pkgs/by-name/di/distrobuilder/generator.nix
@ -1,4 +1,14 @@
-{ stdenvNoCC, lib, src, version, makeWrapper, coreutils, findutils, gnugrep, systemd }:
+{
+  stdenvNoCC,
+  lib,
+  src,
+  version,
+  makeWrapper,
+  coreutils,
+  findutils,
+  gnugrep,
+  systemd,
+}:

 stdenvNoCC.mkDerivation {
  name = "distrobuilder-nixos-generator";
@ -14,6 +24,13 @@ stdenvNoCC.mkDerivation {

  installPhase = ''
    install -D -m 0555 distrobuilder/lxc.generator $out/lib/systemd/system-generators/lxc
-    wrapProgram $out/lib/systemd/system-generators/lxc --prefix PATH : ${lib.makeBinPath [coreutils findutils gnugrep systemd]}:${systemd}/lib/systemd
+    wrapProgram $out/lib/systemd/system-generators/lxc --prefix PATH : ${
+      lib.makeBinPath [
+        coreutils
+        findutils
+        gnugrep
+        systemd
+      ]
+    }:${systemd}/lib/systemd
  '';
 }
--- a/pkgs/by-name/di/distrobuilder/package.nix
+++ b/pkgs/by-name/di/distrobuilder/package.nix
@ -1,29 +1,32 @@
-{ lib
-, buildGoModule
-, callPackage
-, cdrkit
-, coreutils
-, debootstrap
-, fetchFromGitHub
-, gnupg
-, gnutar
-, hivex
-, makeWrapper
-, nixosTests
-, pkg-config
-, squashfsTools
-, stdenv
-, wimlib
+{
+  lib,
+  buildGoModule,
+  callPackage,
+  cdrkit,
+  coreutils,
+  debootstrap,
+  fetchFromGitHub,
+  gnupg,
+  gnutar,
+  hivex,
+  makeWrapper,
+  nixosTests,
+  pkg-config,
+  squashfsTools,
+  stdenv,
+  wimlib,
 }:

 let
-  bins = [
+  bins =
+    [
      coreutils
      debootstrap
      gnupg
      gnutar
      squashfsTools
-  ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isx86_64 [
      # repack-windows deps
      cdrkit
      hivex
@ -46,7 +49,6 @@ buildGoModule rec {

  buildInputs = bins;

-
  # tests require a local keyserver (mkg20001/nixpkgs branch distrobuilder-with-tests) but gpg is currently broken in tests
  doCheck = false;

--- a/pkgs/by-name/in/incus/ui.nix
+++ b/pkgs/by-name/in/incus/ui.nix
@ -1,12 +1,13 @@
-{ lib
-, stdenv
-, fetchFromGitHub
-, fetchYarnDeps
-, nodejs
-, fixup-yarn-lock
-, yarn
-, nixosTests
-, git
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  fetchYarnDeps,
+  nodejs,
+  fixup-yarn-lock,
+  yarn,
+  nixosTests,
+  git,
 }:

 stdenv.mkDerivation rec {
--- a/pkgs/by-name/lx/lxcfs/package.nix
+++ b/pkgs/by-name/lx/lxcfs/package.nix
@ -53,7 +53,12 @@ stdenv.mkDerivation rec {

  postInstall = ''
    # `mount` hook requires access to the `mount` command from `util-linux` and `readlink` from `coreutils`:
-    wrapProgram "$out/share/lxcfs/lxc.mount.hook" --prefix PATH : ${lib.makeBinPath [ coreutils util-linux ]}
+    wrapProgram "$out/share/lxcfs/lxc.mount.hook" --prefix PATH : ${
+      lib.makeBinPath [
+        coreutils
+        util-linux
+      ]
+    }
  '';

  postFixup = ''