diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index 09c5a382c7d2..be1ab80b7390 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -185,11 +185,9 @@ let Refer to the [Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details. ''; - example = literalExpression '' - [ - "127.0.0.1:8080:9000" - ] - ''; + example = [ + "127.0.0.1:8080:9000" + ]; }; user = mkOption { @@ -387,7 +385,9 @@ let mkService = name: container: let - dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; + dependsOn = lib.attrsets.mapAttrsToList (k: v: "${v.serviceName}.service") ( + lib.attrsets.getAttrs container.dependsOn cfg.containers + ); escapedName = escapeShellArg name; preStartScript = pkgs.writeShellApplication { name = "pre-start"; @@ -539,7 +539,7 @@ let Restart = "always"; } // optionalAttrs (cfg.backend == "podman") { - Environment = "PODMAN_SYSTEMD_UNIT=podman-${name}.service"; + Environment = "PODMAN_SYSTEMD_UNIT=%n"; Type = "notify"; NotifyAccess = "all"; Delegate = mkIf (container.podman.sdnotify == "healthy") true; diff --git a/nixos/tests/oci-containers.nix b/nixos/tests/oci-containers.nix index a22bd9c6b431..d50a8c44aaa4 100644 --- a/nixos/tests/oci-containers.nix +++ b/nixos/tests/oci-containers.nix @@ -9,6 +9,8 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + serviceName = "nginxtest"; # different on purpose to verify proper systemd unit generation + mkOCITest = backend: makeTest { @@ -23,6 +25,7 @@ let virtualisation.oci-containers = { inherit backend; containers.nginx = { + inherit serviceName; image = "nginx-container"; imageStream = pkgs.dockerTools.examples.nginxStream; ports = [ "8181:80" ]; @@ -39,7 +42,7 @@ let # Stop systemd from killing remaining processes if ExecStop script # doesn't work, so that proper stopping can be tested. - systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT"; + systemd.services.${serviceName}.serviceConfig.KillSignal = "SIGCONT"; }; }; @@ -47,11 +50,11 @@ let import json start_all() - ${backend}.wait_for_unit("${backend}-nginx.service") + ${backend}.wait_for_unit("${serviceName}.service") ${backend}.wait_for_open_port(8181) ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0] - ${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10) + ${backend}.succeed("systemctl stop ${serviceName}.service", timeout=10) assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"] assert output['HostConfig']['CapDrop'] == ${ if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]" @@ -60,6 +63,9 @@ let assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${ if backend == "docker" then "rwm" else "" }'}] + '' + + lib.strings.optionalString (backend == "podman") '' + assert output['Config']['Labels']['PODMAN_SYSTEMD_UNIT'] == '${serviceName}.service' ''; };