diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index b2c61f3da867..ce86487bbbc3 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -53,23 +53,23 @@ let trap "exit 0" SIGRTMIN+3 # Initialise the container side of the veth pair. - if [ -n "$HOST_ADDRESS" ] || [ -n "$HOST_ADDRESS6" ] || - [ -n "$LOCAL_ADDRESS" ] || [ -n "$LOCAL_ADDRESS6" ] || - [ -n "$HOST_BRIDGE" ]; then + if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${HOST_ADDRESS6-}" ]] || + [[ -n "''${LOCAL_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]] || + [[ -n "''${HOST_BRIDGE-}" ]]; then ip link set host0 name eth0 ip link set dev eth0 up - if [ -n "$LOCAL_ADDRESS" ]; then + if [[ -n "''${LOCAL_ADDRESS-}" ]]; then ip addr add $LOCAL_ADDRESS dev eth0 fi - if [ -n "$LOCAL_ADDRESS6" ]; then + if [[ -n "''${LOCAL_ADDRESS6-}" ]]; then ip -6 addr add $LOCAL_ADDRESS6 dev eth0 fi - if [ -n "$HOST_ADDRESS" ]; then + if [[ -n "''${HOST_ADDRESS-}" ]]; then ip route add $HOST_ADDRESS dev eth0 ip route add default via $HOST_ADDRESS fi - if [ -n "$HOST_ADDRESS6" ]; then + if [[ -n "''${HOST_ADDRESS6-}" ]]; then ip -6 route add $HOST_ADDRESS6 dev eth0 ip -6 route add default via $HOST_ADDRESS6 fi @@ -96,11 +96,11 @@ let chmod 0755 "$root/etc" "$root/var/lib" mkdir -p "$root/var/lib/private" "$root/root" /run/nixos-containers chmod 0700 "$root/var/lib/private" "$root/root" /run/nixos-containers - if ! [ -e "$root/etc/os-release" ] && ! [ -h "$root/etc/os-release" ]; then + if ! [[ -e "$root/etc/os-release" ]] && ! [[ -h "$root/etc/os-release" ]]; then touch "$root/etc/os-release" fi - if ! [ -e "$root/etc/machine-id" ]; then + if ! [[ -e "$root/etc/machine-id" ]]; then touch "$root/etc/machine-id" fi @@ -113,19 +113,19 @@ let cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf" - if [ -n "$FLAKE" ] && [ ! -e "/nix/var/nix/profiles/per-container/$INSTANCE/system" ]; then + if [ -n "''${FLAKE-}" ] && [ ! -e "/nix/var/nix/profiles/per-container/$INSTANCE/system" ]; then # we create the etc/nixos-container config file, then if we utilize the update function, we can then build all the necessary system files for the container ${lib.getExe nixos-container} update "$INSTANCE" fi declare -a extraFlags - if [ "$PRIVATE_NETWORK" = 1 ]; then + if [[ "''${PRIVATE_NETWORK-}" = 1 ]]; then extraFlags+=("--private-network") fi NIX_BIND_OPT="" - if [ -n "$PRIVATE_USERS" ]; then + if [[ -n "''${PRIVATE_USERS-}" ]]; then extraFlags+=("--private-users=$PRIVATE_USERS") if [[ "$PRIVATE_USERS" = "pick" @@ -137,12 +137,12 @@ let fi fi - if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] || - [ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then + if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] || + [[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then extraFlags+=("--network-veth") fi - if [ -n "$HOST_PORT" ]; then + if [[ -n "''${HOST_PORT-}" ]]; then OIFS=$IFS IFS="," for i in $HOST_PORT @@ -152,28 +152,28 @@ let IFS=$OIFS fi - if [ -n "$HOST_BRIDGE" ]; then + if [[ -n "''${HOST_BRIDGE-}" ]]; then extraFlags+=("--network-bridge=$HOST_BRIDGE") fi - if [ -n "$NETWORK_NAMESPACE_PATH" ]; then + if [[ -n "''${NETWORK_NAMESPACE_PATH-}" ]]; then extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH") fi extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)}) - for iface in $INTERFACES; do + for iface in ''${INTERFACES-}; do extraFlags+=("--network-interface=$iface") done - for iface in $MACVLANS; do + for iface in ''${MACVLANS-}; do extraFlags+=("--network-macvlan=$iface") done # If the host is 64-bit and the container is 32-bit, add a # --personality flag. ${optionalString (pkgs.stdenv.hostPlatform.system == "x86_64-linux") '' - if [ "$(< "''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system")" = i686-linux ]; then + if [[ "$(< "''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system")" = i686-linux ]]; then extraFlags+=("--personality=x86") fi ''} @@ -198,14 +198,14 @@ let --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles$NIX_BIND_OPT" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots$NIX_BIND_OPT" \ ${optionalString (!cfg.ephemeral) "--link-journal=try-guest"} \ - --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ - --setenv PRIVATE_USERS="$PRIVATE_USERS" \ - --setenv HOST_BRIDGE="$HOST_BRIDGE" \ - --setenv HOST_ADDRESS="$HOST_ADDRESS" \ - --setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \ - --setenv HOST_ADDRESS6="$HOST_ADDRESS6" \ - --setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \ - --setenv HOST_PORT="$HOST_PORT" \ + --setenv PRIVATE_NETWORK="''${PRIVATE_NETWORK-}" \ + --setenv PRIVATE_USERS="''${PRIVATE_USERS-}" \ + --setenv HOST_BRIDGE="''${HOST_BRIDGE-}" \ + --setenv HOST_ADDRESS="''${HOST_ADDRESS-}" \ + --setenv LOCAL_ADDRESS="''${LOCAL_ADDRESS-}" \ + --setenv HOST_ADDRESS6="''${HOST_ADDRESS6-}" \ + --setenv LOCAL_ADDRESS6="''${LOCAL_ADDRESS6-}" \ + --setenv HOST_PORT="''${HOST_PORT-}" \ --setenv PATH="$PATH" \ ${optionalString cfg.ephemeral "--ephemeral"} \ ${ @@ -218,7 +218,7 @@ let cfg.tmpfs != null && cfg.tmpfs != [ ] ) ''--tmpfs=${concatStringsSep " --tmpfs=" cfg.tmpfs}'' } \ - $EXTRA_NSPAWN_FLAGS \ + ''${EXTRA_NSPAWN_FLAGS-} \ ${containerInit cfg} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init" ''; @@ -226,8 +226,8 @@ let # Clean up existing machined registration and interfaces. machinectl terminate "$INSTANCE" 2> /dev/null || true - if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] || - [ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then + if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] || + [[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then ip link del dev "ve-$INSTANCE" 2> /dev/null || true ip link del dev "vb-$INSTANCE" 2> /dev/null || true fi @@ -244,8 +244,8 @@ let cfg: ipcmd: variable: attribute: if cfg.${attribute} == null then '' - if [ -n "${variable}" ]; then - ${ipcmd} add "${variable}" dev "$ifaceHost" + if [[ -n "''${${variable}-}" ]]; then + ${ipcmd} add "''${${variable}}" dev "$ifaceHost" fi '' else @@ -277,16 +277,16 @@ let ''; in '' - if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] || - [ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then - if [ -z "$HOST_BRIDGE" ]; then + if [[ -n "''${HOST_ADDRESS-}" ]] || [[ -n "''${LOCAL_ADDRESS-}" ]] || + [[ -n "''${HOST_ADDRESS6-}" ]] || [[ -n "''${LOCAL_ADDRESS6-}" ]]; then + if [[ -z "''${HOST_BRIDGE-}" ]]; then ifaceHost=ve-$INSTANCE ip link set dev "$ifaceHost" up - ${ipcall cfg "ip addr" "$HOST_ADDRESS" "hostAddress"} - ${ipcall cfg "ip -6 addr" "$HOST_ADDRESS6" "hostAddress6"} - ${ipcall cfg "ip route" "$LOCAL_ADDRESS" "localAddress"} - ${ipcall cfg "ip -6 route" "$LOCAL_ADDRESS6" "localAddress6"} + ${ipcall cfg "ip addr" "HOST_ADDRESS" "hostAddress"} + ${ipcall cfg "ip -6 addr" "HOST_ADDRESS6" "hostAddress6"} + ${ipcall cfg "ip route" "LOCAL_ADDRESS" "localAddress"} + ${ipcall cfg "ip -6 route" "LOCAL_ADDRESS6" "localAddress6"} fi fi ${concatStringsSep "\n" (mapAttrsToList renderExtraVeth cfg.extraVeths)} @@ -967,6 +967,8 @@ in config.nix.package ]; + enableStrictShellChecks = true; + environment = { root = "${stateDirectory}/%i"; INSTANCE = "%i";