lxc-container: add squashfs image support and release output

2024-09-11 07:15:54 +03:00 · 2023-10-12 10:52:05 -04:00 · 2023-10-12 10:52:05 -04:00 · c2ff509e66
commit c2ff509e66
parent a91bd0b468
3 changed files with 44 additions and 2 deletions
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@ -36,7 +36,6 @@ in {
        ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
      '';

-    # TODO: build rootfs as squashfs for faster unpack
    system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
      extraArgs = "--owner=0";

@ -63,6 +62,23 @@ in {
      extraCommands = "mkdir -p proc sys dev";
    };

+    system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
+      fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
+
+      noStrip = true; # keep directory structure
+      comp = "zstd -Xcompression-level 6";
+
+      storeContents = [config.system.build.toplevel];
+
+      pseudoFiles = [
+        "/sbin d 0755 0 0"
+        "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/init"
+        "/dev d 0755 0 0"
+        "/proc d 0555 0 0"
+        "/sys d 0555 0 0"
+      ];
+    };
+
    system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
      #!${pkgs.runtimeShell}
      ln -fs "$1/init" /sbin/init
--- a/nixos/release.nix
+++ b/nixos/release.nix
@ -328,6 +328,21 @@ in rec {

  );

+  lxdContainerImageSquashfs = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:
+
+    with import ./.. { inherit system; };
+
+    hydraJob ((import lib/eval-config.nix {
+      inherit system;
+      modules =
+        [ configuration
+          versionModule
+          ./maintainers/scripts/lxd/lxd-container-image.nix
+        ];
+    }).config.system.build.squashfs)
+
+  );
+
  # Metadata for the lxd image
  lxdContainerMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

--- a/nixos/tests/lxd/container.nix
+++ b/nixos/tests/lxd/container.nix
@ -13,6 +13,7 @@ let

  lxd-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};
  lxd-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};
+  lxd-image-rootfs-squashfs = releases.lxdContainerImageSquashfs.${pkgs.stdenv.hostPlatform.system};

 in {
  name = "lxd-container";
@ -23,7 +24,7 @@ in {

  nodes.machine = { lib, ... }: {
    virtualisation = {
-      diskSize = 4096;
+      diskSize = 6144;

      # Since we're testing `limits.cpu`, we've gotta have a known number of
      # cores to lean on
@ -65,6 +66,16 @@ in {
        machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")
        machine.succeed("lxc delete -f container")

+    with subtest("Squashfs image is functional"):
+        machine.succeed(
+            "lxc image import ${lxd-image-metadata}/*/*.tar.xz ${lxd-image-rootfs-squashfs} --alias nixos-squashfs"
+        )
+        machine.succeed("lxc launch nixos-squashfs container")
+        with machine.nested("Waiting for instance to start and be usable"):
+          retry(instance_is_up)
+        machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")
+        machine.succeed("lxc delete -f container")
+
    with subtest("Container is mounted with lxcfs inside"):
        machine.succeed("lxc launch nixos container")
        with machine.nested("Waiting for instance to start and be usable"):