Dawoox/nixpkgs
1
1
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos-container: Conform to ShellCheck

Browse Source
This commit is contained in:
Victor Engmark
2025-02-22 11:12:32 +01:00
parent e4be0ba6f0
commit e9d4990ab1
1 changed files with 42 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
nixos/modules/virtualisation/nixos-containers.nix
View File

@@ -53,23 +53,23 @@ let
trap "exit 0" SIGRTMIN+3
# Initialise the container side of the veth pair.
if [ -n "$HOST_ADDRESS" ] || [ -n "$HOST_ADDRESS6" ] ||
[ -n "$LOCAL_ADDRESS" ] || [ -n "$LOCAL_ADDRESS6" ] ||
[ -n "$HOST_BRIDGE" ]; then
if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${HOST_ADDRESS6-}" ]] ||
[[ -n "''${LOCAL_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]] ||
[[ -n "''${HOST_BRIDGE-}" ]]; then
ip link set host0 name eth0
ip link set dev eth0 up
if [ -n "$LOCAL_ADDRESS" ]; then
if [[ -n "''${LOCAL_ADDRESS-}" ]]; then
ip addr add $LOCAL_ADDRESS dev eth0
fi
if [ -n "$LOCAL_ADDRESS6" ]; then
if [[ -n "''${LOCAL_ADDRESS6-}" ]]; then
ip -6 addr add $LOCAL_ADDRESS6 dev eth0
fi
if [ -n "$HOST_ADDRESS" ]; then
if [[ -n "''${HOST_ADDRESS-}" ]]; then
ip route add $HOST_ADDRESS dev eth0
ip route add default via $HOST_ADDRESS
fi
if [ -n "$HOST_ADDRESS6" ]; then
if [[ -n "''${HOST_ADDRESS6-}" ]]; then
ip -6 route add $HOST_ADDRESS6 dev eth0
ip -6 route add default via $HOST_ADDRESS6
fi
@@ -96,11 +96,11 @@ let
chmod 0755 "$root/etc" "$root/var/lib"
mkdir -p "$root/var/lib/private" "$root/root" /run/nixos-containers
chmod 0700 "$root/var/lib/private" "$root/root" /run/nixos-containers
if ! [ -e "$root/etc/os-release" ] && ! [ -h "$root/etc/os-release" ]; then
if ! [[ -e "$root/etc/os-release" ]] && ! [[ -h "$root/etc/os-release" ]]; then
touch "$root/etc/os-release"
fi
if ! [ -e "$root/etc/machine-id" ]; then
if ! [[ -e "$root/etc/machine-id" ]]; then
touch "$root/etc/machine-id"
fi
@@ -113,19 +113,19 @@ let
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
if [ -n "$FLAKE" ] && [ ! -e "/nix/var/nix/profiles/per-container/$INSTANCE/system" ]; then
if [ -n "''${FLAKE-}" ] && [ ! -e "/nix/var/nix/profiles/per-container/$INSTANCE/system" ]; then
# we create the etc/nixos-container config file, then if we utilize the update function, we can then build all the necessary system files for the container
${lib.getExe nixos-container} update "$INSTANCE"
fi
declare -a extraFlags
if [ "$PRIVATE_NETWORK" = 1 ]; then
if [[ "''${PRIVATE_NETWORK-}" = 1 ]]; then
extraFlags+=("--private-network")
fi
NIX_BIND_OPT=""
if [ -n "$PRIVATE_USERS" ]; then
if [[ -n "''${PRIVATE_USERS-}" ]]; then
extraFlags+=("--private-users=$PRIVATE_USERS")
if [[
"$PRIVATE_USERS" = "pick"
@@ -137,12 +137,12 @@ let
fi
fi
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] ||
[[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then
extraFlags+=("--network-veth")
fi
if [ -n "$HOST_PORT" ]; then
if [[ -n "''${HOST_PORT-}" ]]; then
OIFS=$IFS
IFS=","
for i in $HOST_PORT
@@ -152,28 +152,28 @@ let
IFS=$OIFS
fi
if [ -n "$HOST_BRIDGE" ]; then
if [[ -n "''${HOST_BRIDGE-}" ]]; then
extraFlags+=("--network-bridge=$HOST_BRIDGE")
fi
if [ -n "$NETWORK_NAMESPACE_PATH" ]; then
if [[ -n "''${NETWORK_NAMESPACE_PATH-}" ]]; then
extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH")
fi
extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)})
for iface in $INTERFACES; do
for iface in ''${INTERFACES-}; do
extraFlags+=("--network-interface=$iface")
done
for iface in $MACVLANS; do
for iface in ''${MACVLANS-}; do
extraFlags+=("--network-macvlan=$iface")
done
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (pkgs.stdenv.hostPlatform.system == "x86_64-linux") ''
if [ "$(< "''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system")" = i686-linux ]; then
if [[ "$(< "''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system")" = i686-linux ]]; then
extraFlags+=("--personality=x86")
fi
''}
@@ -198,14 +198,14 @@ let
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles$NIX_BIND_OPT" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots$NIX_BIND_OPT" \
${optionalString (!cfg.ephemeral) "--link-journal=try-guest"} \
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
--setenv PRIVATE_USERS="$PRIVATE_USERS" \
--setenv HOST_BRIDGE="$HOST_BRIDGE" \
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
--setenv HOST_ADDRESS6="$HOST_ADDRESS6" \
--setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \
--setenv HOST_PORT="$HOST_PORT" \
--setenv PRIVATE_NETWORK="''${PRIVATE_NETWORK-}" \
--setenv PRIVATE_USERS="''${PRIVATE_USERS-}" \
--setenv HOST_BRIDGE="''${HOST_BRIDGE-}" \
--setenv HOST_ADDRESS="''${HOST_ADDRESS-}" \
--setenv LOCAL_ADDRESS="''${LOCAL_ADDRESS-}" \
--setenv HOST_ADDRESS6="''${HOST_ADDRESS6-}" \
--setenv LOCAL_ADDRESS6="''${LOCAL_ADDRESS6-}" \
--setenv HOST_PORT="''${HOST_PORT-}" \
--setenv PATH="$PATH" \
${optionalString cfg.ephemeral "--ephemeral"} \
${
@@ -218,7 +218,7 @@ let
cfg.tmpfs != null && cfg.tmpfs != [ ]
) ''--tmpfs=${concatStringsSep " --tmpfs=" cfg.tmpfs}''
} \
$EXTRA_NSPAWN_FLAGS \
''${EXTRA_NSPAWN_FLAGS-} \
${containerInit cfg} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
@@ -226,8 +226,8 @@ let
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] ||
[[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
ip link del dev "vb-$INSTANCE" 2> /dev/null || true
fi
@@ -244,8 +244,8 @@ let
cfg: ipcmd: variable: attribute:
if cfg.${attribute} == null then
''
if [ -n "${variable}" ]; then
${ipcmd} add "${variable}" dev "$ifaceHost"
if [[ -n "''${${variable}-}" ]]; then
${ipcmd} add "''${${variable}}" dev "$ifaceHost"
fi
''
else
@@ -277,16 +277,16 @@ let
'';
in
''
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
if [ -z "$HOST_BRIDGE" ]; then
if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] ||
[[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then
if [[ -z "''${HOST_BRIDGE-}" ]]; then
ifaceHost=ve-$INSTANCE
ip link set dev "$ifaceHost" up
${ipcall cfg "ip addr" "$HOST_ADDRESS" "hostAddress"}
${ipcall cfg "ip -6 addr" "$HOST_ADDRESS6" "hostAddress6"}
${ipcall cfg "ip route" "$LOCAL_ADDRESS" "localAddress"}
${ipcall cfg "ip -6 route" "$LOCAL_ADDRESS6" "localAddress6"}
${ipcall cfg "ip addr" "HOST_ADDRESS" "hostAddress"}
${ipcall cfg "ip -6 addr" "HOST_ADDRESS6" "hostAddress6"}
${ipcall cfg "ip route" "LOCAL_ADDRESS" "localAddress"}
${ipcall cfg "ip -6 route" "LOCAL_ADDRESS6" "localAddress6"}
fi
fi
${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)}
@@ -967,6 +967,8 @@ in
config.nix.package
];
enableStrictShellChecks = true;
environment = {
root = "${stateDirectory}/%i";
INSTANCE = "%i";