Merge pull request #333730 from adamcstephens/incus/from-lxd

nixos/incus: add incus-only vm and container images

.github/CODEOWNERS

@@ -369,16 +369,13 @@ nixos/modules/services/web-apps/pretalx.nix @mweinelt
 nixos/tests/web-apps/pretix.nix @mweinelt
 nixos/tests/web-apps/pretalx.nix @mweinelt
 
-# incus/lxc/lxd
-nixos/maintainers/scripts/lxd/          @adamcstephens
+# incus/lxc
+nixos/maintainers/scripts/incus/        @adamcstephens
 nixos/modules/virtualisation/incus.nix  @adamcstephens
 nixos/modules/virtualisation/lxc*       @adamcstephens
-nixos/modules/virtualisation/lxd*       @adamcstephens
 nixos/tests/incus/                      @adamcstephens
-nixos/tests/lxd/                        @adamcstephens
 pkgs/by-name/in/incus/                  @adamcstephens
 pkgs/by-name/lx/lxc*                    @adamcstephens
-pkgs/by-name/lx/lxd*                    @adamcstephens
 
 # ExpidusOS, Flutter
 /pkgs/development/compilers/flutter @RossComputerGuy

nixos/maintainers/scripts/incus/incus-container-image-inner.nix

@@ -0,0 +1,34 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ modulesPath, ... }:
+
+{
+  imports = [
+    # Include the default incus configuration.
+    "${modulesPath}/virtualisation/lxc-container.nix"
+    # Include the container-specific autogenerated configuration.
+    ./incus.nix
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  system.stateVersion = "@stateVersion@"; # Did you read the comment?
+}

nixos/maintainers/scripts/incus/incus-container-image.nix

@@ -0,0 +1,47 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [ ../../../modules/virtualisation/lxc-container.nix ];
+
+  virtualisation.lxc.templates.nix = {
+    enable = true;
+    target = "/etc/nixos/incus.nix";
+    template = ./nix.tpl;
+    when = [
+      "create"
+      "copy"
+    ];
+  };
+
+  # copy the config for nixos-rebuild
+  system.activationScripts.config =
+    let
+      config = pkgs.substituteAll {
+        src = ./incus-container-image-inner.nix;
+        stateVersion = lib.trivial.release;
+      };
+    in
+    ''
+      if [ ! -e /etc/nixos/configuration.nix ]; then
+        install -m 0644 -D ${config} /etc/nixos/configuration.nix
+      fi
+    '';
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}

nixos/maintainers/scripts/incus/incus-virtual-machine-image-inner.nix

@@ -0,0 +1,34 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ modulesPath, ... }:
+
+{
+  imports = [
+    # Include the default incus configuration.
+    "${modulesPath}/virtualisation/incus-virtual-machine.nix"
+    # Include the container-specific autogenerated configuration.
+    ./incus.nix
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-enp5s0" = {
+      matchConfig.Name = "enp5s0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  system.stateVersion = "@stateVersion@"; # Did you read the comment?
+}

nixos/maintainers/scripts/incus/incus-virtual-machine-image.nix

@@ -0,0 +1,48 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [ ../../../modules/virtualisation/incus-virtual-machine.nix ];
+
+  virtualisation.lxc.templates.nix = {
+    enable = true;
+    target = "/etc/nixos/incus.nix";
+    template = ./nix.tpl;
+    when = [
+      "create"
+      "copy"
+    ];
+  };
+
+  # copy the config for nixos-rebuild
+  system.activationScripts.config =
+    let
+      config = pkgs.substituteAll {
+        src = ./incus-virtual-machine-image-inner.nix;
+        stateVersion = lib.trivial.release;
+      };
+    in
+    ''
+      if [ ! -e /etc/nixos/configuration.nix ]; then
+        install -m 0644 -D ${config} /etc/nixos/configuration.nix
+      fi
+    '';
+
+  # Network
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-enp5s0" = {
+      matchConfig.Name = "enp5s0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}

nixos/maintainers/scripts/incus/nix.tpl

@@ -0,0 +1,12 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+
+# WARNING: THIS CONFIGURATION IS AUTOGENERATED AND WILL BE OVERWRITTEN AUTOMATICALLY
+
+{
+  networking.hostName = "{{ container.name }}";
+}

nixos/modules/module-list.nix

@@ -1680,6 +1680,7 @@
   ./virtualisation/ecs-agent.nix
   ./virtualisation/hyperv-guest.nix
   ./virtualisation/incus.nix
+  ./virtualisation/incus-agent.nix
   ./virtualisation/kvmgt.nix
   ./virtualisation/libvirtd.nix
   ./virtualisation/lxc.nix

nixos/modules/virtualisation/incus-agent.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.virtualisation.incus.agent;
+in
+{
+  meta = {
+    maintainers = lib.teams.lxc.members;
+  };
+
+  options = {
+    virtualisation.incus.agent.enable = lib.mkEnableOption "Incus agent";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udev.packages = [ config.virtualisation.incus.package.agent_loader ];
+    systemd.packages = [ config.virtualisation.incus.package.agent_loader ];
+
+    systemd.services.incus-agent = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+
+      path = [
+        pkgs.kmod
+        pkgs.util-linux
+
+        # allow `incus exec` to find system binaries
+        "/run/current-system/sw"
+      ];
+
+      # avoid killing nixos-rebuild switch when executed through incus exec
+      restartIfChanged = false;
+      stopIfChanged = false;
+    };
+  };
+}

nixos/modules/virtualisation/incus-virtual-machine.nix

@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  serialDevice = if pkgs.stdenv.hostPlatform.isx86 then "ttyS0" else "ttyAMA0";
+in
+{
+  meta = {
+    maintainers = lib.teams.lxc.members;
+  };
+
+  imports = [
+    ./lxc-instance-common.nix
+
+    ../profiles/qemu-guest.nix
+  ];
+
+  config = {
+    system.build.qemuImage = import ../../lib/make-disk-image.nix {
+      inherit pkgs lib config;
+
+      partitionTableType = "efi";
+      format = "qcow2-compressed";
+      copyChannel = true;
+    };
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-label/nixos";
+        autoResize = true;
+        fsType = "ext4";
+      };
+      "/boot" = {
+        device = "/dev/disk/by-label/ESP";
+        fsType = "vfat";
+      };
+    };
+
+    boot.growPartition = true;
+    boot.loader.systemd-boot.enable = true;
+
+    # image building needs to know what device to install bootloader on
+    boot.loader.grub.device = "/dev/vda";
+
+    boot.kernelParams = [
+      "console=tty1"
+      "console=${serialDevice}"
+    ];
+
+    # CPU hotplug
+    services.udev.extraRules = ''
+      SUBSYSTEM=="cpu", CONST{arch}=="x86-64", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
+    '';
+
+    virtualisation.incus.agent.enable = lib.mkDefault true;
+  };
+}

nixos/modules/virtualisation/lxc-container.nix

@@ -74,7 +74,7 @@
       ];
     };
 
-    system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
+    system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
       #!${pkgs.runtimeShell}
       ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
     '';

nixos/modules/virtualisation/lxc-image-metadata.nix

@@ -46,6 +46,10 @@ let
   else { files = []; properties = {}; };
 
 in {
+  meta = {
+    maintainers = lib.teams.lxc.members;
+  };
+
   options = {
     virtualisation.lxc = {
       templates = lib.mkOption {

nixos/modules/virtualisation/lxc-instance-common.nix

@@ -1,6 +1,10 @@
 {lib, ...}:
 
 {
+  meta = {
+    maintainers = lib.teams.lxc.members;
+  };
+
   imports = [
     ./lxc-image-metadata.nix
 

nixos/modules/virtualisation/lxd-agent.nix

@@ -45,10 +45,6 @@ let
     chown -R root:root "$PREFIX"
   '';
 in {
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   options = {
     virtualisation.lxd.agent.enable = lib.mkEnableOption "LXD agent";
   };

nixos/modules/virtualisation/lxd-virtual-machine.nix

@@ -6,10 +6,6 @@ let
     then "ttyS0"
     else "ttyAMA0"; # aarch64
 in {
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   imports = [
     ./lxc-instance-common.nix
 

nixos/modules/virtualisation/lxd.nix

@@ -6,10 +6,6 @@ let
   cfg = config.virtualisation.lxd;
   preseedFormat = pkgs.formats.yaml {};
 in {
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   imports = [
     (lib.mkRemovedOptionModule [ "virtualisation" "lxd" "zfsPackage" ] "Override zfs in an overlay instead to override it globally")
   ];

nixos/release.nix

@@ -318,6 +318,101 @@ in rec {
 
   );
 
+  # An image that can be imported into incus and used for container creation
+  incusContainerImage =
+    forMatchingSystems
+      [
+        "x86_64-linux"
+        "aarch64-linux"
+      ]
+      (
+        system:
+        with import ./.. { inherit system; };
+
+        hydraJob (
+          (import lib/eval-config.nix {
+            inherit system;
+            modules = [
+              configuration
+              versionModule
+              ./maintainers/scripts/incus/incus-container-image.nix
+            ];
+          }).config.system.build.squashfs
+        )
+      );
+
+  # Metadata for the incus image
+  incusContainerMeta =
+    forMatchingSystems
+      [
+        "x86_64-linux"
+        "aarch64-linux"
+      ]
+      (
+        system:
+
+        with import ./.. { inherit system; };
+
+        hydraJob (
+          (import lib/eval-config.nix {
+            inherit system;
+            modules = [
+              configuration
+              versionModule
+              ./maintainers/scripts/incus/incus-container-image.nix
+            ];
+          }).config.system.build.metadata
+        )
+      );
+
+  # An image that can be imported into incus and used for container creation
+  incusVirtualMachineImage =
+    forMatchingSystems
+      [
+        "x86_64-linux"
+        "aarch64-linux"
+      ]
+      (
+        system:
+
+        with import ./.. { inherit system; };
+
+        hydraJob (
+          (import lib/eval-config.nix {
+            inherit system;
+            modules = [
+              configuration
+              versionModule
+              ./maintainers/scripts/incus/incus-virtual-machine-image.nix
+            ];
+          }).config.system.build.qemuImage
+        )
+      );
+
+  # Metadata for the incus image
+  incusVirtualMachineImageMeta =
+    forMatchingSystems
+      [
+        "x86_64-linux"
+        "aarch64-linux"
+      ]
+      (
+        system:
+
+        with import ./.. { inherit system; };
+
+        hydraJob (
+          (import lib/eval-config.nix {
+            inherit system;
+            modules = [
+              configuration
+              versionModule
+              ./maintainers/scripts/incus/incus-virtual-machine-image.nix
+            ];
+          }).config.system.build.metadata
+        )
+      );
+
   # An image that can be imported into lxd and used for container creation
   lxdContainerImage = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:
 

nixos/tests/incus/container.nix

@@ -11,8 +11,8 @@ let
     extra;
   };
 
-  container-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};
-  container-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};
+  container-image-metadata = releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system};
+  container-image-rootfs = releases.incusContainerImage.${pkgs.stdenv.hostPlatform.system};
 in
 {
   inherit name;
@@ -61,7 +61,7 @@ in
     machine.succeed("incus admin init --minimal")
 
     with subtest("Container image can be imported"):
-        machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs}/*/*.tar.xz --alias nixos")
+        machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs} --alias nixos")
 
     with subtest("Container can be launched and managed"):
         machine.succeed("incus launch nixos container")

nixos/tests/incus/incusd-options.nix

@@ -16,8 +16,8 @@ import ../make-test-python.nix (
       };
     };
 
-    container-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};
-    container-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};
+    container-image-metadata = releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system};
+    container-image-rootfs = releases.incusContainerImage.${pkgs.stdenv.hostPlatform.system};
   in
   {
     name = "incusd-options";
@@ -87,7 +87,7 @@ import ../make-test-python.nix (
       machine.wait_for_unit("incus-preseed.service")
 
       with subtest("Container image can be imported"):
-          machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs}/*/*.tar.xz --alias nixos")
+          machine.succeed("incus image import ${container-image-metadata}/*/*.tar.xz ${container-image-rootfs} --alias nixos")
 
       with subtest("Container can be launched and managed"):
           machine.succeed("incus launch nixos container")

nixos/tests/incus/virtual-machine.nix

@@ -11,8 +11,8 @@ let
     };
   };
 
-  vm-image-metadata = releases.lxdVirtualMachineImageMeta.${pkgs.stdenv.hostPlatform.system};
-  vm-image-disk = releases.lxdVirtualMachineImage.${pkgs.stdenv.hostPlatform.system};
+  vm-image-metadata = releases.incusVirtualMachineImageMeta.${pkgs.stdenv.hostPlatform.system};
+  vm-image-disk = releases.incusVirtualMachineImage.${pkgs.stdenv.hostPlatform.system};
 
   instance-name = "instance1";
 in
@@ -64,10 +64,10 @@ in
         with machine.nested("Waiting for instance to start and be usable"):
           retry(instance_is_up)
 
-    with subtest("lxd-agent is started"):
-        machine.succeed("incus exec ${instance-name} systemctl is-active lxd-agent")
+    with subtest("incus-agent is started"):
+        machine.succeed("incus exec ${instance-name} systemctl is-active incus-agent")
 
-    with subtest("lxd-agent has a valid path"):
+    with subtest("incus-agent has a valid path"):
         machine.succeed("incus exec ${instance-name} -- bash -c 'true'")
 
     with subtest("guest supports cpu hotplug"):

nixos/tests/lxd/container.nix

@@ -18,10 +18,6 @@ let
 in {
   name = "lxd-container";
 
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   nodes.machine = { lib, ... }: {
     virtualisation = {
       diskSize = 6144;

nixos/tests/lxd/nftables.nix

@@ -8,10 +8,6 @@
 import ../make-test-python.nix ({ pkgs, lib, ...} : {
   name = "lxd-nftables";
 
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   nodes.machine = { lib, ... }: {
     virtualisation = {
       lxd.enable = true;

nixos/tests/lxd/preseed.nix

@@ -3,10 +3,6 @@ import ../make-test-python.nix ({ pkgs, lib, ... } :
 {
   name = "lxd-preseed";
 
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   nodes.machine = { lib, ... }: {
     virtualisation = {
       diskSize = 4096;

nixos/tests/lxd/ui.nix

@@ -1,10 +1,6 @@
-import ../make-test-python.nix ({ pkgs, lib, ... }: {
+import ../make-test-python.nix ({ pkgs, ... }: {
   name = "lxd-ui";
 
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   nodes.machine = { lib, ... }: {
     virtualisation = {
       lxd.enable = true;

nixos/tests/lxd/virtual-machine.nix

@@ -18,10 +18,6 @@ let
 in {
   name = "lxd-virtual-machine";
 
-  meta = {
-    maintainers = lib.teams.lxc.members;
-  };
-
   nodes.machine = {lib, ...}: {
     virtualisation = {
       diskSize = 4096;

pkgs/by-name/in/incus/generic.nix

@@ -13,10 +13,8 @@
   buildGoModule,
   fetchFromGitHub,
   writeScript,
-  writeShellScript,
   acl,
   cowsql,
-  hwdata,
   libcap,
   lxc,
   pkg-config,
@@ -38,6 +36,11 @@ buildGoModule rec {
     version
     ;
 
+  outputs = [
+    "out"
+    "agent_loader"
+  ];
+
   src = fetchFromGitHub {
     owner = "lxc";
     repo = "incus";
@@ -99,6 +102,14 @@ buildGoModule rec {
       --bash <($out/bin/incus completion bash) \
       --fish <($out/bin/incus completion fish) \
       --zsh <($out/bin/incus completion zsh)
+
+    mkdir -p $agent_loader/bin $agent_loader/etc/systemd/system $agent_loader/lib/udev/rules.d
+    cp internal/server/instance/drivers/agent-loader/incus-agent-setup $agent_loader/bin/
+    chmod +x $agent_loader/bin/incus-agent-setup
+    patchShebangs $agent_loader/bin/incus-agent-setup
+    cp internal/server/instance/drivers/agent-loader/systemd/incus-agent.service $agent_loader/etc/systemd/system/
+    cp internal/server/instance/drivers/agent-loader/systemd/incus-agent.rules $agent_loader/lib/udev/rules.d/99-incus-agent.rules
+    substituteInPlace $agent_loader/etc/systemd/system/incus-agent.service --replace-fail 'TARGET/systemd' "$agent_loader/bin"
   '';
 
   passthru = {

pkgs/by-name/lx/lxd-ui/package.nix

@@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/canonical/lxd-ui";
     changelog = "https://github.com/canonical/lxd-ui/releases/tag/${version}";
     license = lib.licenses.gpl3;
-    maintainers = lib.teams.lxc.members;
+    maintainers = [ ];
     platforms = lib.platforms.linux;
   };
 }

pkgs/by-name/lx/lxd-unwrapped-lts/package.nix

@@ -108,7 +108,7 @@ buildGoModule rec {
       asl20
       agpl3Plus
     ];
-    maintainers = teams.lxc.members;
+    maintainers = [ ];
     platforms = platforms.linux;
   };
 }

pkgs/development/libraries/dqlite/default.nix

@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
     '';
     homepage = "https://dqlite.io/";
     license = licenses.asl20;
-    maintainers = teams.lxc.members;
+    maintainers = [ ];
     platforms = platforms.linux;
   };
 }

pkgs/development/libraries/raft-canonical/default.nix

@@ -50,6 +50,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/canonical/raft";
     license = licenses.asl20;
     platforms = platforms.linux;
-    maintainers = teams.lxc.members;
+    maintainers = [ ];
   };
 }