nixos/containers: add boot.isNspawnContainer option

There are a bunch of components such as incus or LXC that also use `boot.isContainer`, so we'd have to differentiate between "OS container" and "actually nspawn". This became necessary for the file-systems part where nspawn takes care of setting up special filesystems like `/proc`, `/dev` etc., but others don't. To allow for a `boot.isContainer` being less overloaded, this introduces `boot.isNspawnContainer` that is exclusively used for nspawn-specific things. When `true`, `boot.isContainer = true;` is implied.
2024-10-18 16:46:41 +02:00
parent 4de40fc8a8
commit a532cb052e
7 changed files with 31 additions and 6 deletions
--- a/nixos/doc/manual/release-notes/rl-2511.section.md
+++ b/nixos/doc/manual/release-notes/rl-2511.section.md
@@ -255,6 +255,14 @@
 - `services.nextcloud.configureRedis` now defaults to `true` in accordance with upstream recommendations to have caching for file locking. See the [upstream doc](https://docs.nextcloud.com/server/31/admin_manual/configuration_files/files_locking_transactional.html) for further details.

 - mate-wayland-session 1.28.4 is now using the default wayfire decorator instead of firedecor, thus `services.xserver.desktopManager.mate.enableWaylandSession` is no longer shipping firedecor. If you are experiencing broken window decorations after upgrade, backup and remove `~/.config/mate/wayfire.ini` and re-login.
+-
+- A new option [](#opt-boot.isNspawnContainer) has been added. This option will be used to guard nspawn-specific configuration in NixOS since [](#opt-boot.isContainer) is also used for different container-runtimes such as LXC.
+  - The new option is automatically set to `true` by the declarative container module and `nixos-container` when not using flakes.
+    - Existing setups can be migrated by running either
+      - `nixos-container update <container-name> --config-file /path/to/the/config-file-in-use.nix`
+      - `nixos-container update <container-name> --config '/* config code */'`
+  - In all other cases, you'll need to set this option to `true` yourself.
+  - `boot.isNspawnContainer` being `true` implies [](#opt-boot.isContainer) being `true`.

 - Due to [deprecation of gnome-session X11 support](https://blogs.gnome.org/alatiera/2025/06/08/the-x11-session-removal/), `services.desktopManager.pantheon` now defaults to pantheon-wayland session. The X11 session has been removed, see [this issue](https://github.com/elementary/session-settings/issues/91) for details.

--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -306,7 +306,7 @@ if ($virt eq "microsoft") {

 # Pull in NixOS configuration for containers.
 if ($virt eq "systemd-nspawn") {
-    push @attrs, "boot.isContainer = true;";
+    push @attrs, "boot.isNspawnContainer = true;";
 }


--- a/nixos/modules/profiles/nix-builder-vm.nix
+++ b/nixos/modules/profiles/nix-builder-vm.nix
@@ -40,6 +40,10 @@ in
        default = false;
        internal = true;
      };
+      options.boot.isNspawnContainer = lib.mkOption {
+        default = false;
+        internal = true;
+      };
    }
  ];

--- a/nixos/modules/tasks/filesystems.nix
+++ b/nixos/modules/tasks/filesystems.nix
@@ -567,7 +567,8 @@ in
          "nodev"
        ];
      };
-
+    }
+    // optionalAttrs (!config.boot.isNspawnContainer) {
      "/proc" = {
        fsType = "proc";
        options = [
--- a/nixos/modules/virtualisation/nixos-containers.nix
+++ b/nixos/modules/virtualisation/nixos-containers.nix
@@ -509,13 +509,25 @@ in

    boot.isContainer = mkOption {
      type = types.bool;
-      default = false;
+      default = config.boot.isNspawnContainer;
+      defaultText = "config.boot.isNspawnContainer";
      description = ''
        Whether this NixOS machine is a lightweight container running
        in another NixOS system.
      '';
    };

+    boot.isNspawnContainer = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether the machine is running in an nspawn container. This
+        option is added because [](#opt-boot.isContainer) is heavily used
+        for non-nspawn environments as well, hence nspawn-specific settings
+        are guarded by this option.
+      '';
+    };
+
    boot.enableContainers = mkOption {
      type = types.bool;
      default = config.containers != { };
@@ -558,7 +570,7 @@ in
                                    { inherit (host.pkgs.stdenv) hostPlatform; }
                                  else
                                    { localSystem = host.pkgs.stdenv.hostPlatform; };
-                                boot.isContainer = true;
+                                boot.isNspawnContainer = true;
                                networking.hostName = mkDefault name;
                                networking.useDHCP = false;
                                assertions = [
--- a/nixos/tests/systemd-machinectl.nix
+++ b/nixos/tests/systemd-machinectl.nix
@@ -5,7 +5,7 @@ let
    { config, ... }:
    {
      # We re-use the NixOS container option ...
-      boot.isContainer = true;
+      boot.isNspawnContainer = true;
      # ... and revert unwanted defaults
      networking.useHostResolvConf = false;

--- a/pkgs/by-name/ni/nixos-container/nixos-container.pl
+++ b/pkgs/by-name/ni/nixos-container/nixos-container.pl
@@ -171,7 +171,7 @@ sub writeNixOSConfig {
    my $nixosConfig = <<EOF;
 { config, lib, pkgs, ... }:

-{ boot.isContainer = true;
+{ boot.isNspawnContainer = true;
  networking.hostName = lib.mkDefault "$containerName";
  networking.useDHCP = false;
  $localExtraConfig