diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 31d1777d30142..dd43c38daf7e9 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -24,6 +24,12 @@ - `buildGoPackage` has been removed. Use `buildGoModule` instead. See the [Go section in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#sec-language-go) for details. +- `virtualisation.registries.block` / `insecure` / `search` were deprecated, + because they mapped to the deprecated V1 `registries.conf` format. + Please examine the new option {option}`virtualisation.registries.settings` + and [containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md) + to migrate to the new configuration format. + - `timescaledb` requires manual upgrade steps. After you run ALTER EXTENSION, you must run [this SQL script](https://github.com/timescale/timescaledb-extras/blob/master/utils/2.15.X-fix_hypertable_foreign_keys.sql). For more details, see the following pull requests [#6797](https://github.com/timescale/timescaledb/pull/6797). PostgreSQL 13 is no longer supported in TimescaleDB v2.16. diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index c3639f660dfe3..33a888a6da911 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -1,9 +1,23 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.virtualisation.containers; inherit (lib) literalExpression mkOption types; + oldRegistriesOptionsUsed = lib.any (x: x != [ ]) ( + with cfg.registries; + [ + search + insecure + block + ] + ); + toml = pkgs.formats.toml { }; in { @@ -13,14 +27,13 @@ in options.virtualisation.containers = { - enable = - mkOption { - type = types.bool; - default = false; - description = '' - This option enables the common /etc/containers configuration module. - ''; - }; + enable = mkOption { + type = types.bool; + default = false; + description = '' + This option enables the common /etc/containers configuration module. + ''; + }; ociSeccompBpfHook.enable = mkOption { type = types.bool; @@ -57,27 +70,54 @@ in }; registries = { + # TODO: remove those options in 25.11 search = mkOption { + visible = false; type = types.listOf types.str; - default = [ "docker.io" "quay.io" ]; + default = [ ]; description = '' List of repositories to search. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. ''; }; insecure = mkOption { default = [ ]; + visible = false; type = types.listOf types.str; description = '' List of insecure repositories. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. ''; }; block = mkOption { default = [ ]; + visible = false; type = types.listOf types.str; description = '' List of blocked repositories. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. + ''; + }; + + settings = mkOption { + type = toml.type; + default = { + registry = [ + { location = "docker.io"; } + { location = "quay.io"; } + ]; + }; + description = '' + repositories.conf configuration. + + Examine [containers-registries.conf(5)] for more information about the format. + + [containers-registries.conf(5)]: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md ''; }; }; @@ -105,16 +145,27 @@ in }; config = lib.mkIf cfg.enable { + warnings = lib.optional oldRegistriesOptionsUsed "the options virtualisation.registries.search / insecure / block are deprecated. See virtualisation.registries.settings instead."; + + virtualisation.containers.registries.settings = lib.mkIf oldRegistriesOptionsUsed { + registries = { + block.registries = cfg.registries.block; + insecure.registries = cfg.registries.insecure; + search.registries = cfg.registries.search; + }; + }; virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ]; virtualisation.containers.containersConf.settings = { network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins; - engine = { - init_path = "${pkgs.catatonit}/bin/catatonit"; - } // lib.optionalAttrs cfg.ociSeccompBpfHook.enable { - hooks_dir = [ config.boot.kernelPackages.oci-seccomp-bpf-hook ]; - }; + engine = + { + init_path = "${pkgs.catatonit}/bin/catatonit"; + } + // lib.optionalAttrs cfg.ociSeccompBpfHook.enable { + hooks_dir = [ config.boot.kernelPackages.oci-seccomp-bpf-hook ]; + }; }; virtualisation.containers.storage.settings.storage = { @@ -124,19 +175,17 @@ in }; environment.etc = { - "containers/containers.conf".source = - toml.generate "containers.conf" cfg.containersConf.settings; + "containers/containers.conf".source = toml.generate "containers.conf" cfg.containersConf.settings; - "containers/storage.conf".source = - toml.generate "storage.conf" cfg.storage.settings; + "containers/storage.conf".source = toml.generate "storage.conf" cfg.storage.settings; - "containers/registries.conf".source = toml.generate "registries.conf" { - registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries; - }; + "containers/registries.conf".source = toml.generate "registries.conf" cfg.registries.settings; "containers/policy.json".source = - if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) - else "${pkgs.skopeo.policy}/default-policy.json"; + if cfg.policy != { } then + pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) + else + "${pkgs.skopeo.policy}/default-policy.json"; }; };