Regression introduced in f496c3cbe4a6a2db88892d14609618e449744ed6.
Previously when we used security.initialRootPassword, the default
priority for this option was 1001, because it was a default value set by
the option itself.
With the mentioned commit, it is no longer an option default but a
mkDefault, which is priority 1000.
I'm setting this to 150 now, as test-instrumentation.nix is using this
for overriding other options and because I think it still makes it
possible to simple-override it, because if no priority is given, we get
priority 100.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This fixes the issue when the LXC emulator binary is garbage collected
and breaks libvirtd containers, because libvirtd XML file still refers
to GC'ed store path.
We already have a fix for QEMU, this commit extends the fix to cover LXC
too.
This tells the sad tale of @the-kenny who had bind-mounted his home
directory into a container. After doing `nixos-container destroy` he
discovered that his home directory went from "full of precious data" to
"no more data".
We want to avoid having similar sad tales in the future, so this now also
check this in the containers VM test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes a leftover from 330fadb7060074bd5c38e5dcefc394abaf8d6a09.
We're using systemd dbus notifications now and this leftover caused the
startup notification to fail.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This allows creating a container from an existing system store path,
which is especially nice for NixOps-deployed hosts because they don't
need a Nixpkgs tree anymore.
Systemd in a container will call sd_notify when it has finished
booting, so we can use that to signal that the container is
ready. This does require some fiddling with $NOTIFY_SOCKET.
Previously "machinectl reboot/poweroff" brutally killed the container,
as did "systemctl stop/restart". And reboot didn't actually work. Now
everything is fine.
Previously "machinectl reboot/poweroff" brutally killed the container,
as did "systemctl stop/restart". And reboot didn't actually work. Now
everything is fine.
curl does not retry if it is unable to connect to the metadata server.
For some reason, when creating a new AMI with a recent nixpkgs, the
metadata server would not be available when fetch-ec2-data ran. Switching
to wget that can retry even on TCP connection errors solved this problem.
I also made the fetch-ec2-data depend on ip-up.target, to get it to start
a bit later.
