From fc2fa3cda56d61d5d81b9a0d2b478aa76d5d7101 Mon Sep 17 00:00:00 2001 From: Richard Marko Date: Wed, 24 Feb 2021 14:00:06 +0100 Subject: [PATCH 1/2] nixos/nixos-containers: default boot.enableContainers to true Related to #85746 which addresses documentation issue, digging deeper for a reason why this was disabled was simply because it wasn't working which is not the case anymore. --- nixos/modules/virtualisation/nixos-containers.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index 3754fe6dac6..c1ff1bb5d47 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -439,21 +439,16 @@ in default = false; description = '' Whether this NixOS machine is a lightweight container running - in another NixOS system. If set to true, support for nested - containers is disabled by default, but can be reenabled by - setting to true. + in another NixOS system. ''; }; boot.enableContainers = mkOption { type = types.bool; - default = !config.boot.isContainer; + default = true; description = '' Whether to enable support for NixOS containers. Defaults to true - (at no cost if containers are not actually used), but only if the - system is not itself a lightweight container of a host. - To enable support for nested containers, this option has to be - explicitly set to true (in the outer container). + (at no cost if containers are not actually used). ''; }; From d23ba22076f64c9daffedde66376b11796046b40 Mon Sep 17 00:00:00 2001 From: Richard Marko Date: Wed, 24 Feb 2021 14:02:57 +0100 Subject: [PATCH 2/2] nixosTests.containers-nested: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/containers-nested.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 nixos/tests/containers-nested.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 7d676e15fa9..3784dc6c886 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -74,6 +74,7 @@ in containers-ip = handleTest ./containers-ip.nix {}; containers-macvlans = handleTest ./containers-macvlans.nix {}; containers-names = handleTest ./containers-names.nix {}; + containers-nested = handleTest ./containers-nested.nix {}; containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-portforward = handleTest ./containers-portforward.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {}; diff --git a/nixos/tests/containers-nested.nix b/nixos/tests/containers-nested.nix new file mode 100644 index 00000000000..a653361494f --- /dev/null +++ b/nixos/tests/containers-nested.nix @@ -0,0 +1,30 @@ +# Test for NixOS' container nesting. + +import ./make-test-python.nix ({ pkgs, ... }: { + name = "nested"; + + meta = with pkgs.lib.maintainers; { maintainers = [ sorki ]; }; + + machine = { lib, ... }: + let + makeNested = subConf: { + containers.nested = { + autoStart = true; + privateNetwork = true; + config = subConf; + }; + }; + in makeNested (makeNested { }); + + testScript = '' + machine.start() + machine.wait_for_unit("container@nested.service") + machine.succeed("systemd-run --pty --machine=nested -- machinectl list | grep nested") + print( + machine.succeed( + "systemd-run --pty --machine=nested -- systemd-run --pty --machine=nested -- systemctl status" + ) + ) + ''; +}) +