diff options
Diffstat (limited to 'krebs/3modules/sync-containers3.nix')
| -rw-r--r-- | krebs/3modules/sync-containers3.nix | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index c88dd5919..58446c82b 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -32,6 +32,17 @@ in { type = lib.types.bool; default = true; }; + startCommand = lib.mkOption { + type = lib.types.str; + default = '' + set -efu + mkdir -p /var/state/var_src + ln -Tfrs /var/state/var_src /var/src + if test -e /var/src/nixos-config; then + /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + fi + ''; + }; }; })); }; @@ -52,14 +63,7 @@ in { NIX_REMOTE = "daemon"; }; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' - set -efu - mkdir -p /var/state/var_src - ln -Tfrs /var/state/var_src /var/src - if test -e /var/src/nixos-config; then - /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : - fi - ''; + serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ctr.startCommand; unitConfig.X-StopOnRemoval = false; }; }; @@ -84,6 +88,7 @@ in { { "${ctr.name}_syncer" = { path = with pkgs; [ coreutils + inetutils consul rsync openssh @@ -103,7 +108,7 @@ in { set -efux consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' set -efux - if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then + if ping -c 1 ${ctr.name}.r; then nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync touch "$HOME"/incomplete nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk @@ -116,6 +121,7 @@ in { { "${ctr.name}_watcher" = lib.mkIf ctr.runContainer { path = with pkgs; [ coreutils + inetutils consul cryptsetup curl @@ -145,7 +151,7 @@ in { export payload if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then # echo 'we are the host, trying to reach container' - if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then + if $(retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null); then # echo 'container is reachable, continueing' continue else @@ -173,6 +179,7 @@ in { wantedBy = [ "multi-user.target" ]; path = with pkgs; [ coreutils + inetutils consul cryptsetup mount @@ -228,8 +235,8 @@ in { /run/current-system/sw/bin/nixos-container start ${ctr.name} # wait for system to become reachable for the first time systemctl start ${ctr.name}_watcher.service - retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null - while systemctl is-active container@${ctr.name}.service >/devnull && /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r >/dev/null; do + retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null + while systemctl is-active container@${ctr.name}.service >/devnull && ping -q -c 3 ${ctr.name}.r >/dev/null; do consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null sleep 10 done @@ -239,9 +246,11 @@ in { }; } { "container@${ctr.name}" = lib.mkIf ctr.runContainer { serviceConfig = { - ExecStop = pkgs.writers.writeDash "remove_interface" '' - ${pkgs.iproute2}/bin/ip link del vb-${ctr.name} - ''; + ExecStartPost = [ + (pkgs.writers.writeDash "bind-to-bridge" '' + ${pkgs.iproute2}/bin/ip link set "vb-$INSTANCE" master ctr0 + '') + ]; }; }; } ]) (lib.attrValues cfg.containers))); |