Skip to content

Commit

Permalink
properly override container systemd settings
Browse files Browse the repository at this point in the history 
The oci-containers NixOS module already sets some of these values. We use a
priority of 500 (>1000) to ensure that users can still use `lib.mkForce` (priority = 50)
to override any values in their NixOS config if needed.
  • Loading branch information
@aksiksi
aksiksi committed Nov 16, 2023
1 parent e6afe9f commit 0dfca11
Show file tree
Hide file tree
Showing 9 changed files with 72 additions and 72 deletions.
4 changes: 2 additions & 2 deletions nix_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ func TestUnusedResources(t *testing.T) {
}{
{
runtime: ContainerRuntimeDocker,
want: `{ pkgs, ... }:
want: `{ pkgs, lib, ... }:
{
# Runtime
Expand All @@ -173,7 +173,7 @@ func TestUnusedResources(t *testing.T) {
},
{
runtime: ContainerRuntimePodman,
want: `{ pkgs, ... }:
want: `{ pkgs, lib, ... }:
{
# Runtime
Expand Down
4 changes: 2 additions & 2 deletions templates/container.nix.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ systemd.services."{{.Runtime}}-{{.Name}}" = {
{{- if .SystemdConfig.Service}}
serviceConfig = {
{{- range $k, $v := .SystemdConfig.Service.Options}}
{{$k}} = {{toNixValue $v}};
{{$k}} = lib.mkOverride 500 {{toNixValue $v}};
{{- end}}
};
{{- end}}
Expand All @@ -87,7 +87,7 @@ systemd.services."{{.Runtime}}-{{.Name}}" = {
{{- if .SystemdConfig.Unit.Options}}
unitConfig = {
{{- range $k, $v := .SystemdConfig.Unit.Options}}
{{$k}} = {{toNixValue $v}};
{{$k}} = lib.mkOverride 500 {{toNixValue $v}};
{{- end}}
};
{{- end}}
Expand Down
4 changes: 2 additions & 2 deletions templates/main.nix.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{{- if .Version -}}
# Auto-generated using compose2nix v{{.Version}}.
{ pkgs, ... }:
{ pkgs, lib, ... }:
{{- else -}}
{ pkgs, ... }:
{ pkgs, lib, ... }:
{{- end}}

{
Expand Down
22 changes: 11 additions & 11 deletions testdata/TestDocker_RemoveVolumes_out.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:

{
# Runtime
Expand Down Expand Up @@ -42,8 +42,8 @@
};
systemd.services."docker-jellyseerr" = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
Restart = lib.mkOverride 500 "on-failure";
RestartSec = lib.mkOverride 500 "5s";
};
startLimitBurst = 3;
startLimitIntervalSec = 120;
Expand Down Expand Up @@ -93,11 +93,11 @@
};
systemd.services."docker-myproject-sabnzbd" = {
serviceConfig = {
Restart = "always";
RuntimeMaxSec = 10;
Restart = lib.mkOverride 500 "always";
RuntimeMaxSec = lib.mkOverride 500 10;
};
unitConfig = {
Description = "This is the sabnzbd container!";
Description = lib.mkOverride 500 "This is the sabnzbd container!";
};
after = [
"docker-network-myproject-default.service"
Expand Down Expand Up @@ -141,8 +141,8 @@
};
systemd.services."docker-photoprism-mariadb" = {
serviceConfig = {
Restart = "always";
RestartSec = "3m0s";
Restart = lib.mkOverride 500 "always";
RestartSec = lib.mkOverride 500 "3m0s";
};
startLimitBurst = 10;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -213,7 +213,7 @@
};
systemd.services."docker-torrent-client" = {
serviceConfig = {
Restart = "on-failure";
Restart = lib.mkOverride 500 "on-failure";
};
startLimitBurst = 3;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -269,10 +269,10 @@
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = "none";
Restart = lib.mkOverride 500 "none";
};
unitConfig = {
AllowIsolate = true;
AllowIsolate = lib.mkOverride 500 true;
};
partOf = [
"docker-compose-myproject-root.target"
Expand Down
22 changes: 11 additions & 11 deletions testdata/TestDocker_SystemdMount_out.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:

{
# Runtime
Expand Down Expand Up @@ -42,8 +42,8 @@
};
systemd.services."docker-jellyseerr" = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
Restart = lib.mkOverride 500 "on-failure";
RestartSec = lib.mkOverride 500 "5s";
};
startLimitBurst = 3;
startLimitIntervalSec = 120;
Expand Down Expand Up @@ -95,11 +95,11 @@
};
systemd.services."docker-myproject-sabnzbd" = {
serviceConfig = {
Restart = "always";
RuntimeMaxSec = 10;
Restart = lib.mkOverride 500 "always";
RuntimeMaxSec = lib.mkOverride 500 10;
};
unitConfig = {
Description = "This is the sabnzbd container!";
Description = lib.mkOverride 500 "This is the sabnzbd container!";
};
after = [
"docker-network-myproject-default.service"
Expand Down Expand Up @@ -145,8 +145,8 @@
};
systemd.services."docker-photoprism-mariadb" = {
serviceConfig = {
Restart = "always";
RestartSec = "3m0s";
Restart = lib.mkOverride 500 "always";
RestartSec = lib.mkOverride 500 "3m0s";
};
startLimitBurst = 10;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -219,7 +219,7 @@
};
systemd.services."docker-torrent-client" = {
serviceConfig = {
Restart = "on-failure";
Restart = lib.mkOverride 500 "on-failure";
};
startLimitBurst = 3;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -277,10 +277,10 @@
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = "none";
Restart = lib.mkOverride 500 "none";
};
unitConfig = {
AllowIsolate = true;
AllowIsolate = lib.mkOverride 500 true;
};
partOf = [
"docker-compose-myproject-root.target"
Expand Down
22 changes: 11 additions & 11 deletions testdata/TestDocker_WithProject_out.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:

{
# Runtime
Expand Down Expand Up @@ -42,8 +42,8 @@
};
systemd.services."docker-jellyseerr" = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
Restart = lib.mkOverride 500 "on-failure";
RestartSec = lib.mkOverride 500 "5s";
};
startLimitBurst = 3;
startLimitIntervalSec = 120;
Expand Down Expand Up @@ -93,11 +93,11 @@
};
systemd.services."docker-myproject-sabnzbd" = {
serviceConfig = {
Restart = "always";
RuntimeMaxSec = 10;
Restart = lib.mkOverride 500 "always";
RuntimeMaxSec = lib.mkOverride 500 10;
};
unitConfig = {
Description = "This is the sabnzbd container!";
Description = lib.mkOverride 500 "This is the sabnzbd container!";
};
after = [
"docker-network-myproject-default.service"
Expand Down Expand Up @@ -141,8 +141,8 @@
};
systemd.services."docker-photoprism-mariadb" = {
serviceConfig = {
Restart = "always";
RestartSec = "3m0s";
Restart = lib.mkOverride 500 "always";
RestartSec = lib.mkOverride 500 "3m0s";
};
startLimitBurst = 10;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -213,7 +213,7 @@
};
systemd.services."docker-torrent-client" = {
serviceConfig = {
Restart = "on-failure";
Restart = lib.mkOverride 500 "on-failure";
};
startLimitBurst = 3;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -269,10 +269,10 @@
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = "none";
Restart = lib.mkOverride 500 "none";
};
unitConfig = {
AllowIsolate = true;
AllowIsolate = lib.mkOverride 500 true;
};
partOf = [
"docker-compose-myproject-root.target"
Expand Down
22 changes: 11 additions & 11 deletions testdata/TestDocker_out.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:

{
# Runtime
Expand Down Expand Up @@ -41,8 +41,8 @@
};
systemd.services."docker-jellyseerr" = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
Restart = lib.mkOverride 500 "on-failure";
RestartSec = lib.mkOverride 500 "5s";
};
startLimitBurst = 3;
startLimitIntervalSec = 120;
Expand Down Expand Up @@ -91,11 +91,11 @@
};
systemd.services."docker-myproject-sabnzbd" = {
serviceConfig = {
Restart = "always";
RuntimeMaxSec = 10;
Restart = lib.mkOverride 500 "always";
RuntimeMaxSec = lib.mkOverride 500 10;
};
unitConfig = {
Description = "This is the sabnzbd container!";
Description = lib.mkOverride 500 "This is the sabnzbd container!";
};
after = [
"docker-network-myproject-default.service"
Expand Down Expand Up @@ -138,8 +138,8 @@
};
systemd.services."docker-photoprism-mariadb" = {
serviceConfig = {
Restart = "always";
RestartSec = "3m0s";
Restart = lib.mkOverride 500 "always";
RestartSec = lib.mkOverride 500 "3m0s";
};
startLimitBurst = 10;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -209,7 +209,7 @@
};
systemd.services."docker-torrent-client" = {
serviceConfig = {
Restart = "on-failure";
Restart = lib.mkOverride 500 "on-failure";
};
startLimitBurst = 3;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -264,10 +264,10 @@
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = "none";
Restart = lib.mkOverride 500 "none";
};
unitConfig = {
AllowIsolate = true;
AllowIsolate = lib.mkOverride 500 true;
};
partOf = [
"docker-compose-myproject-root.target"
Expand Down
22 changes: 11 additions & 11 deletions testdata/TestPodman_WithProject_out.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:

{
# Runtime
Expand Down Expand Up @@ -47,8 +47,8 @@
};
systemd.services."podman-jellyseerr" = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
Restart = lib.mkOverride 500 "on-failure";
RestartSec = lib.mkOverride 500 "5s";
};
startLimitBurst = 3;
startLimitIntervalSec = 120;
Expand Down Expand Up @@ -92,11 +92,11 @@
};
systemd.services."podman-myproject-sabnzbd" = {
serviceConfig = {
Restart = "always";
RuntimeMaxSec = 10;
Restart = lib.mkOverride 500 "always";
RuntimeMaxSec = lib.mkOverride 500 10;
};
unitConfig = {
Description = "This is the sabnzbd container!";
Description = lib.mkOverride 500 "This is the sabnzbd container!";
};
after = [
"podman-network-myproject-default.service"
Expand Down Expand Up @@ -138,8 +138,8 @@
};
systemd.services."podman-photoprism-mariadb" = {
serviceConfig = {
Restart = "always";
RestartSec = "3m0s";
Restart = lib.mkOverride 500 "always";
RestartSec = lib.mkOverride 500 "3m0s";
};
startLimitBurst = 10;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -203,7 +203,7 @@
};
systemd.services."podman-torrent-client" = {
serviceConfig = {
Restart = "on-failure";
Restart = lib.mkOverride 500 "on-failure";
};
startLimitBurst = 3;
startLimitIntervalSec = 86400;
Expand Down Expand Up @@ -257,10 +257,10 @@
};
systemd.services."podman-traefik" = {
serviceConfig = {
Restart = "none";
Restart = lib.mkOverride 500 "none";
};
unitConfig = {
AllowIsolate = true;
AllowIsolate = lib.mkOverride 500 true;
};
partOf = [
"podman-compose-myproject-root.target"
Expand Down
Loading

0 comments on commit 0dfca11

Please sign in to comment.