
223 lines
6.8 KiB
Raw Normal View History

with lib; let
2021-04-12 01:40:19 +01:00
cfg = config.virtualisation.pods;
list-to-args = arg: list:
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
2021-04-12 01:40:19 +01:00
mkPod = name: pod: rec {
path = [config.virtualisation.podman.package];
2021-04-12 01:40:19 +01:00
wants = [""];
after = [""];
wantedBy = ["" ""];
2021-04-12 01:40:19 +01:00
environment.PODMAN_SYSTEMD_UNIT = "%n";
preStart = concatStringsSep " " [
"mkdir -p /run/podman/pods/ ;"
"podman pod create"
"--infra-conmon-pidfile=${escapeShellArg "/run/podman/pods/${name}.pid"}"
"--name=${escapeShellArg name}"
(list-to-args "add-host" pod.added-hosts)
(possibly-unset-arg "cgroup-parent" pod.cgroup-parent)
(list-to-args "dns" pod.dns)
(list-to-args "dns-opt" pod.dns-opt)
(list-to-args "dns-search" pod.dns-search)
(possibly-unset-arg "hostname" pod.hostname)
(possibly-unset-arg "infra" pod.infra)
(possibly-unset-arg "infra-command" pod.infra-command)
(possibly-unset-arg "infra-image" pod.infra-image)
(possibly-unset-arg "ip" pod.ip)
(possibly-unset-arg "mac-address" pod.mac-address)
(possibly-unset-arg "network"
(possibly-unset-arg "network-alias"
(possibly-unset-arg "no-hosts"
(list-to-args "publish" pod.publish)
(list-to-args "share" pod.share)
script = "podman pod start ${escapeShellArg name}";
preStop = "podman pod stop ${escapeShellArg name}";
# `podman generate systemd` generates a second stop after the
# first; not sure why but clearly it's recommended.
postStop = preStop;
serviceConfig = rec {
Type = "forking";
TimeoutStopSec = 70;
Restart = "on-failure";
PIDFile = "/run/podman/pods/${name}.pid";
in {
options.virtualisation.pods = mkOption {
type = with types;
attrsOf (submodule {
options = {
added-hosts = mkOption {
type = listOf str;
default = [];
description = "Additional hosts to add to /etc/hosts for each container.";
2021-04-12 01:40:19 +01:00
example = literalExample ''
[ "database:" ]
cgroup-parent = mkOption {
type = nullOr str;
default = null;
description = "The cgroups path under which the pod cgroup will be created.";
2021-04-12 01:40:19 +01:00
dns = mkOption {
type = listOf str;
default = [];
2021-04-12 01:40:19 +01:00
description = "The dns servers to set in /etc/resolv.conf.";
dns-opt = mkOption {
type = listOf str;
default = [];
2021-04-12 01:40:19 +01:00
description = "dns options to set in /etc/resolv.conf.";
dns-search = mkOption {
type = listOf str;
default = [];
2021-04-12 01:40:19 +01:00
description = "Search domains to set in /etc/resolv.conf.";
hostname = mkOption {
type = nullOr str;
default = null;
description = "The pod hostname.";
infra = mkOption {
type = nullOr bool;
default = null;
description = "Whether to create the infra container for the pod.";
infra-command = mkOption {
type = nullOr str;
default = null;
description = "The command to run in the infra container.";
infra-image = mkOption {
type = nullOr str;
default = null;
description = "The image to use for the infra container.";
ip = mkOption {
type = nullOr str;
default = null;
description = "A static IP address for the pod network.";
# TODO: set up label file stuff.
# labels = mkOption {};
mac-address = mkOption {
type = nullOr str;
default = null;
description = "A static mac address for the pod network.";
network = mkOption {
type = nullOr str;
default = null;
description = "Network configuration for the pod.";
network-alias = mkOption {
type = nullOr str;
default = null;
description = "DNS alias for the pod.";
no-hosts = mkOption {
type = nullOr bool;
default = null;
description = "Whether to disable /etc/hosts creation for the pod.";
publish = mkOption {
type = listOf str;
default = [];
2021-04-12 01:40:19 +01:00
description = "List of ports to publish from the pod.";
share = mkOption {
type = listOf str;
default = [];
2021-04-12 01:40:19 +01:00
description = "List of kernel namespaces to share.";
containers = options.virtualisation.oci-containers.containers;
default = {};
2021-04-12 01:40:19 +01:00
description = "Podman pods to run as systemd services.";
config = let
# Merge a list of attribute sets together
# TODO: See if there's a generic version for this somewhere in the
# pkgs lib?
mergeAttrs = attrList: foldr (a: b: a // b) {} attrList;
2021-04-12 01:40:19 +01:00
# Create services for all defined pods
pod-services = mapAttrs' (n: v: nameValuePair "pod-${n}" (mkPod n v)) cfg;
# Override the systemd-specific settings of containers defined in
# pods.
# I.e., make a systemd unit dependency on the pod service.
pod-container-services = mergeAttrs (mapAttrsToList (pname: pod:
mapAttrs' (cname: container:
nameValuePair "podman-${pname}-${cname}" rec {
after = ["pod-${pname}.service"];
2021-04-12 01:40:19 +01:00
requires = after;
2021-04-12 01:40:19 +01:00
# Override the oci-container settings for containers defined in pods.
# I.e., set the --pod=podname setting, and update the dependsOn so
# it points to containers in the same pod.
podifyContainer = container: podname:
// {
2021-04-12 01:40:19 +01:00
dependsOn =
map (dependency: "${podname}-${dependency}") container.dependsOn;
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
2021-04-12 01:40:19 +01:00
lib.mkIf (cfg != {}) {
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman"; = pod-services // pod-container-services;
virtualisation.oci-containers.containers = mergeAttrs (mapAttrsToList
(pname: pod:
mapAttrs' (cname: container:
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
2021-04-12 01:40:19 +01:00