diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index f06977f88fc..3754fe6dac6 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -271,8 +271,8 @@ let DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices; }; - system = config.nixpkgs.localSystem.system; + kernelVersion = config.boot.kernelPackages.kernel.version; bindMountOpts = { name, ... }: { @@ -321,7 +321,6 @@ let }; }; - mkBindFlag = d: let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind="; mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}"; @@ -482,11 +481,16 @@ in networking.useDHCP = false; assertions = [ { - assertion = config.privateNetwork -> stringLength name < 12; + assertion = + (builtins.compareVersions kernelVersion "5.8" <= 0) + -> config.privateNetwork + -> stringLength name <= 11; message = '' Container name `${name}` is too long: When `privateNetwork` is enabled, container names can not be longer than 11 characters, because the container's interface name is derived from it. - This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509 + You should either make the container name shorter or upgrade to a more recent kernel that + supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509 + for details). ''; } ]; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index bf094dbe984..02723f88c31 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -72,6 +72,7 @@ in containers-imperative = handleTest ./containers-imperative.nix {}; containers-ip = handleTest ./containers-ip.nix {}; containers-macvlans = handleTest ./containers-macvlans.nix {}; + containers-names = handleTest ./containers-names.nix {}; containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-portforward = handleTest ./containers-portforward.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {}; diff --git a/nixos/tests/containers-bridge.nix b/nixos/tests/containers-bridge.nix index 1208aa8fced..12fa67c8b01 100644 --- a/nixos/tests/containers-bridge.nix +++ b/nixos/tests/containers-bridge.nix @@ -1,5 +1,3 @@ -# Test for NixOS' container support. - let hostIp = "192.168.0.1"; containerIp = "192.168.0.100/24"; @@ -7,10 +5,10 @@ let containerIp6 = "fc00::2/7"; in -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-bridge"; - meta = with pkgs.lib.maintainers; { - maintainers = [ aristid aszlig eelco kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ]; }; machine = diff --git a/nixos/tests/containers-custom-pkgs.nix b/nixos/tests/containers-custom-pkgs.nix index 1412c32bfb5..c050e49bc29 100644 --- a/nixos/tests/containers-custom-pkgs.nix +++ b/nixos/tests/containers-custom-pkgs.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, lib, ...} : let +import ./make-test-python.nix ({ pkgs, lib, ... }: let customPkgs = pkgs.appendOverlays [ (self: super: { hello = super.hello.overrideAttrs (old: { @@ -8,8 +8,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : let in { name = "containers-custom-pkgs"; - meta = with lib.maintainers; { - maintainers = [ adisbladis earvstedt ]; + meta = { + maintainers = with lib.maintainers; [ adisbladis earvstedt ]; }; machine = { config, ... }: { diff --git a/nixos/tests/containers-ephemeral.nix b/nixos/tests/containers-ephemeral.nix index 692554ac0ba..fabf0593f23 100644 --- a/nixos/tests/containers-ephemeral.nix +++ b/nixos/tests/containers-ephemeral.nix @@ -1,7 +1,8 @@ -# Test for NixOS' container support. - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-ephemeral"; + meta = { + maintainers = with lib.maintainers; [ patryk27 ]; + }; machine = { pkgs, ... }: { virtualisation.memorySize = 768; diff --git a/nixos/tests/containers-extra_veth.nix b/nixos/tests/containers-extra_veth.nix index 212f3d0f46c..cbbb2525832 100644 --- a/nixos/tests/containers-extra_veth.nix +++ b/nixos/tests/containers-extra_veth.nix @@ -1,9 +1,7 @@ -# Test for NixOS' container support. - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-extra_veth"; - meta = with pkgs.lib.maintainers; { - maintainers = [ kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ kampfschlaefer ]; }; machine = diff --git a/nixos/tests/containers-hosts.nix b/nixos/tests/containers-hosts.nix index 65a983c42a7..1f24ed1f3c2 100644 --- a/nixos/tests/containers-hosts.nix +++ b/nixos/tests/containers-hosts.nix @@ -1,9 +1,7 @@ -# Test for NixOS' container support. - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-hosts"; - meta = with pkgs.lib.maintainers; { - maintainers = [ montag451 ]; + meta = { + maintainers = with lib.maintainers; [ montag451 ]; }; machine = diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 393b4a5135d..0ff0d3f9545 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -1,9 +1,7 @@ -# Test for NixOS' container support. - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-imperative"; - meta = with pkgs.lib.maintainers; { - maintainers = [ aristid aszlig eelco kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ]; }; machine = diff --git a/nixos/tests/containers-ip.nix b/nixos/tests/containers-ip.nix index 0265ed92d41..5abea2dbad9 100644 --- a/nixos/tests/containers-ip.nix +++ b/nixos/tests/containers-ip.nix @@ -1,5 +1,3 @@ -# Test for NixOS' container support. - let webserverFor = hostAddress: localAddress: { inherit hostAddress localAddress; @@ -13,10 +11,10 @@ let }; }; -in import ./make-test-python.nix ({ pkgs, ...} : { +in import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-ipv4-ipv6"; - meta = with pkgs.lib.maintainers; { - maintainers = [ aristid aszlig eelco kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ]; }; machine = diff --git a/nixos/tests/containers-macvlans.nix b/nixos/tests/containers-macvlans.nix index 9425252cb88..d0f41be8c12 100644 --- a/nixos/tests/containers-macvlans.nix +++ b/nixos/tests/containers-macvlans.nix @@ -1,15 +1,13 @@ -# Test for NixOS' container support. - let # containers IP on VLAN 1 containerIp1 = "192.168.1.253"; containerIp2 = "192.168.1.254"; in -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-macvlans"; - meta = with pkgs.lib.maintainers; { - maintainers = [ montag451 ]; + meta = { + maintainers = with lib.maintainers; [ montag451 ]; }; nodes = { diff --git a/nixos/tests/containers-names.nix b/nixos/tests/containers-names.nix new file mode 100644 index 00000000000..9ad2bfb748a --- /dev/null +++ b/nixos/tests/containers-names.nix @@ -0,0 +1,37 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "containers-names"; + meta = { + maintainers = with lib.maintainers; [ patryk27 ]; + }; + + machine = { ... }: { + # We're using the newest kernel, so that we can test containers with long names. + # Please see https://github.com/NixOS/nixpkgs/issues/38509 for details. + boot.kernelPackages = pkgs.linuxPackages_latest; + + containers = let + container = subnet: { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.${subnet}.1"; + localAddress = "192.168.${subnet}.2"; + config = { }; + }; + + in { + first = container "1"; + second = container "2"; + really-long-name = container "3"; + really-long-long-name-2 = container "4"; + }; + }; + + testScript = '' + machine.wait_for_unit("default.target") + + machine.succeed("ip link show | grep ve-first") + machine.succeed("ip link show | grep ve-second") + machine.succeed("ip link show | grep ve-really-lFYWO") + machine.succeed("ip link show | grep ve-really-l3QgY") + ''; +}) diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix index 0b55c3418ed..57bd0eedcc3 100644 --- a/nixos/tests/containers-physical_interfaces.nix +++ b/nixos/tests/containers-physical_interfaces.nix @@ -1,8 +1,7 @@ - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-physical_interfaces"; - meta = with pkgs.lib.maintainers; { - maintainers = [ kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ kampfschlaefer ]; }; nodes = { diff --git a/nixos/tests/containers-portforward.nix b/nixos/tests/containers-portforward.nix index d0be3c7d43e..221a6f50efd 100644 --- a/nixos/tests/containers-portforward.nix +++ b/nixos/tests/containers-portforward.nix @@ -1,5 +1,3 @@ -# Test for NixOS' container support. - let hostIp = "192.168.0.1"; hostPort = 10080; @@ -7,10 +5,10 @@ let containerPort = 80; in -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-portforward"; - meta = with pkgs.lib.maintainers; { - maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ]; + meta = { + maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ]; }; machine = diff --git a/nixos/tests/containers-reloadable.nix b/nixos/tests/containers-reloadable.nix index 87724691767..876e62c1da9 100644 --- a/nixos/tests/containers-reloadable.nix +++ b/nixos/tests/containers-reloadable.nix @@ -1,7 +1,6 @@ -import ./make-test-python.nix ({ pkgs, lib, ...} : +import ./make-test-python.nix ({ pkgs, lib, ... }: let client_base = { - containers.test1 = { autoStart = true; config = { @@ -16,8 +15,8 @@ let }; in { name = "containers-reloadable"; - meta = with pkgs.lib.maintainers; { - maintainers = [ danbst ]; + meta = { + maintainers = with lib.maintainers; [ danbst ]; }; nodes = { diff --git a/nixos/tests/containers-restart_networking.nix b/nixos/tests/containers-restart_networking.nix index b35552b5b19..e1ad8157b28 100644 --- a/nixos/tests/containers-restart_networking.nix +++ b/nixos/tests/containers-restart_networking.nix @@ -1,5 +1,3 @@ -# Test for NixOS' container support. - let client_base = { networking.firewall.enable = false; @@ -16,11 +14,11 @@ let }; }; }; -in import ./make-test-python.nix ({ pkgs, ...} : +in import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-restart_networking"; - meta = with pkgs.lib.maintainers; { - maintainers = [ kampfschlaefer ]; + meta = { + maintainers = with lib.maintainers; [ kampfschlaefer ]; }; nodes = { diff --git a/nixos/tests/containers-tmpfs.nix b/nixos/tests/containers-tmpfs.nix index 7ebf0d02a24..fd9f9a252ca 100644 --- a/nixos/tests/containers-tmpfs.nix +++ b/nixos/tests/containers-tmpfs.nix @@ -1,9 +1,7 @@ -# Test for NixOS' container support. - -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-tmpfs"; - meta = with pkgs.lib.maintainers; { - maintainers = [ ]; + meta = { + maintainers = with lib.maintainers; [ patryk27 ]; }; machine =