nixos/nixos-containers: require mounts for bind mount host paths

Fixes starting containers before bind mount host paths are mounted
This commit is contained in:
Kira Bruneau 2024-03-20 14:22:44 -04:00
parent 7872526e9c
commit 7f3643bef6
3 changed files with 40 additions and 1 deletions

View File

@ -828,7 +828,10 @@ in
script = startScript containerConfig; script = startScript containerConfig;
postStart = postStartScript containerConfig; postStart = postStartScript containerConfig;
serviceConfig = serviceDirectives containerConfig; serviceConfig = serviceDirectives containerConfig;
unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"; unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"
++ builtins.map
(d: if d.hostPath != null then d.hostPath else d.mountPoint)
(builtins.attrValues cfg.bindMounts);
environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i"; environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i";
} // ( } // (
optionalAttrs containerConfig.autoStart optionalAttrs containerConfig.autoStart

View File

@ -219,6 +219,7 @@ in {
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
containers-portforward = handleTest ./containers-portforward.nix {}; containers-portforward = handleTest ./containers-portforward.nix {};
containers-reloadable = handleTest ./containers-reloadable.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {};
containers-require-bind-mounts = handleTest ./containers-require-bind-mounts.nix {};
containers-restart_networking = handleTest ./containers-restart_networking.nix {}; containers-restart_networking = handleTest ./containers-restart_networking.nix {};
containers-tmpfs = handleTest ./containers-tmpfs.nix {}; containers-tmpfs = handleTest ./containers-tmpfs.nix {};
containers-unified-hierarchy = handleTest ./containers-unified-hierarchy.nix {}; containers-unified-hierarchy = handleTest ./containers-unified-hierarchy.nix {};

View File

@ -0,0 +1,35 @@
import ./make-test-python.nix ({ lib, ... }: {
name = "containers-require-bind-mounts";
meta.maintainers = with lib.maintainers; [ kira-bruneau ];
nodes.machine = {
containers.require-bind-mounts = {
bindMounts = { "/srv/data" = {}; };
config = {};
};
virtualisation.fileSystems = {
"/srv/data" = {
fsType = "tmpfs";
options = [ "noauto" ];
};
};
};
testScript = ''
machine.wait_for_unit("default.target")
assert "require-bind-mounts" in machine.succeed("nixos-container list")
assert "down" in machine.succeed("nixos-container status require-bind-mounts")
assert "inactive" in machine.fail("systemctl is-active srv-data.mount")
with subtest("bind mount host paths must be mounted to run container"):
machine.succeed("nixos-container start require-bind-mounts")
assert "up" in machine.succeed("nixos-container status require-bind-mounts")
assert "active" in machine.succeed("systemctl status srv-data.mount")
machine.succeed("systemctl stop srv-data.mount")
assert "down" in machine.succeed("nixos-container status require-bind-mounts")
assert "inactive" in machine.fail("systemctl is-active srv-data.mount")
'';
})