From 4c7d10d85bf288a814d1f56092229a725f4e7f78 Mon Sep 17 00:00:00 2001 From: Minijackson Date: Fri, 22 Nov 2024 17:06:43 +0100 Subject: [PATCH 1/2] nixos/containers: new registries.settings option, deprecate others Those options mapped to the deprecated V1 format, and didn't allow using the newer format. If any of the older options are used, a warning is displayed, and the generated registries.conf file follows the old V1 format. For more information about the new format, see https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md --- .../manual/release-notes/rl-2505.section.md | 6 +++ nixos/modules/virtualisation/containers.nix | 52 +++++++++++++++++-- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 31d1777d30142..dd43c38daf7e9 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -24,6 +24,12 @@ - `buildGoPackage` has been removed. Use `buildGoModule` instead. See the [Go section in the nixpkgs manual](https://nixos.org/manual/nixpkgs/unstable/#sec-language-go) for details. +- `virtualisation.registries.block` / `insecure` / `search` were deprecated, + because they mapped to the deprecated V1 `registries.conf` format. + Please examine the new option {option}`virtualisation.registries.settings` + and [containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md) + to migrate to the new configuration format. + - `timescaledb` requires manual upgrade steps. After you run ALTER EXTENSION, you must run [this SQL script](https://github.com/timescale/timescaledb-extras/blob/master/utils/2.15.X-fix_hypertable_foreign_keys.sql). For more details, see the following pull requests [#6797](https://github.com/timescale/timescaledb/pull/6797). PostgreSQL 13 is no longer supported in TimescaleDB v2.16. diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index c3639f660dfe3..df4fdabe52ab7 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -4,6 +4,15 @@ let inherit (lib) literalExpression mkOption types; + oldRegistriesOptionsUsed = lib.any (x: x != [ ]) ( + with cfg.registries; + [ + search + insecure + block + ] + ); + toml = pkgs.formats.toml { }; in { @@ -57,27 +66,54 @@ in }; registries = { + # TODO: remove those options in 25.11 search = mkOption { + visible = false; type = types.listOf types.str; - default = [ "docker.io" "quay.io" ]; + default = [ ]; description = '' List of repositories to search. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. ''; }; insecure = mkOption { default = [ ]; + visible = false; type = types.listOf types.str; description = '' List of insecure repositories. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. ''; }; block = mkOption { default = [ ]; + visible = false; type = types.listOf types.str; description = '' List of blocked repositories. + + Deprecated, examine {option}`virtualisation.registries.settings` instead. + ''; + }; + + settings = mkOption { + type = toml.type; + default = { + registry = [ + { location = "docker.io"; } + { location = "quay.io"; } + ]; + }; + description = '' + repositories.conf configuration. + + Examine [containers-registries.conf(5)] for more information about the format. + + [containers-registries.conf(5)]: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md ''; }; }; @@ -105,6 +141,15 @@ in }; config = lib.mkIf cfg.enable { + warnings = lib.optional oldRegistriesOptionsUsed "the options virtualisation.registries.search / insecure / block are deprecated. See virtualisation.registries.settings instead."; + + virtualisation.containers.registries.settings = lib.mkIf oldRegistriesOptionsUsed { + registries = { + block.registries = cfg.registries.block; + insecure.registries = cfg.registries.insecure; + search.registries = cfg.registries.search; + }; + }; virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ]; @@ -130,9 +175,8 @@ in "containers/storage.conf".source = toml.generate "storage.conf" cfg.storage.settings; - "containers/registries.conf".source = toml.generate "registries.conf" { - registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries; - }; + "containers/registries.conf".source = + toml.generate "registries.conf" cfg.registries.settings; "containers/policy.json".source = if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) From 1481d3f46200ee9bb253e8cd0eb1048761184f7b Mon Sep 17 00:00:00 2001 From: Minijackson Date: Fri, 22 Nov 2024 17:13:41 +0100 Subject: [PATCH 2/2] nixos/containers: format --- nixos/modules/virtualisation/containers.nix | 49 ++++++++++++--------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index df4fdabe52ab7..33a888a6da911 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.virtualisation.containers; @@ -22,14 +27,13 @@ in options.virtualisation.containers = { - enable = - mkOption { - type = types.bool; - default = false; - description = '' - This option enables the common /etc/containers configuration module. - ''; - }; + enable = mkOption { + type = types.bool; + default = false; + description = '' + This option enables the common /etc/containers configuration module. + ''; + }; ociSeccompBpfHook.enable = mkOption { type = types.bool; @@ -155,11 +159,13 @@ in virtualisation.containers.containersConf.settings = { network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins; - engine = { - init_path = "${pkgs.catatonit}/bin/catatonit"; - } // lib.optionalAttrs cfg.ociSeccompBpfHook.enable { - hooks_dir = [ config.boot.kernelPackages.oci-seccomp-bpf-hook ]; - }; + engine = + { + init_path = "${pkgs.catatonit}/bin/catatonit"; + } + // lib.optionalAttrs cfg.ociSeccompBpfHook.enable { + hooks_dir = [ config.boot.kernelPackages.oci-seccomp-bpf-hook ]; + }; }; virtualisation.containers.storage.settings.storage = { @@ -169,18 +175,17 @@ in }; environment.etc = { - "containers/containers.conf".source = - toml.generate "containers.conf" cfg.containersConf.settings; + "containers/containers.conf".source = toml.generate "containers.conf" cfg.containersConf.settings; - "containers/storage.conf".source = - toml.generate "storage.conf" cfg.storage.settings; + "containers/storage.conf".source = toml.generate "storage.conf" cfg.storage.settings; - "containers/registries.conf".source = - toml.generate "registries.conf" cfg.registries.settings; + "containers/registries.conf".source = toml.generate "registries.conf" cfg.registries.settings; "containers/policy.json".source = - if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) - else "${pkgs.skopeo.policy}/default-policy.json"; + if cfg.policy != { } then + pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) + else + "${pkgs.skopeo.policy}/default-policy.json"; }; };