Merge pull request #97692 from ryneeverett/lockkernelmodules-lxd

author: Maciej Krüger <mkg20001@gmail.com> 2021-06-05 01:27:27 +0200
committer: GitHub <noreply@github.com> 2021-06-05 01:27:27 +0200
commit: 26b3751de79105836a68195bb5bcd70d608c1d3f (patch)
tree: ef5b4df5eebfd024fbf3a7ea5e03dab53fd55b07
parent: 3255d05cacd9e21d78326986bd7d3c4591580fdd (diff)
parent: 161a35b0b8e4a5cb8d5fac3d5083ee9fb82cfbe2 (diff)
3 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix
index 6b6f4b6e65247..cde29f7bf59ce 100644
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
@@ -175,5 +175,8 @@ in {
       "net.ipv6.neigh.default.gc_thresh3" = 8192;
       "kernel.keys.maxkeys" = 2000;
     };
+
+    boot.kernelModules = [ "veth" "xt_comment" "xt_CHECKSUM" "xt_MASQUERADE" ]
+      ++ optionals (!config.networking.nftables.enable) [ "iptable_mangle" ];
   };
 }
diff --git a/nixos/tests/lxd.nix b/nixos/tests/lxd.nix
index ab56b75c02e4e..889ca9598e3f3 100644
--- a/nixos/tests/lxd.nix
+++ b/nixos/tests/lxd.nix
@@ -96,6 +96,7 @@ in {
         ## limits.cpu ##
 
         machine.succeed("lxc config set test limits.cpu 1")
+        machine.succeed("lxc restart test")
 
         # Since Alpine doesn't have `nproc` pre-installed, we've gotta resort
         # to the primal methods
@@ -105,6 +106,7 @@ in {
         )
 
         machine.succeed("lxc config set test limits.cpu 2")
+        machine.succeed("lxc restart test")
 
         assert (
             "2"
@@ -115,6 +117,7 @@ in {
         ## limits.memory ##
 
         machine.succeed("lxc config set test limits.memory 64MB")
+        machine.succeed("lxc restart test")
 
         assert (
             "MemTotal:          62500 kB"
@@ -122,6 +125,7 @@ in {
         )
 
         machine.succeed("lxc config set test limits.memory 128MB")
+        machine.succeed("lxc restart test")
 
         assert (
             "MemTotal:         125000 kB"
diff --git a/pkgs/tools/admin/lxd/default.nix b/pkgs/tools/admin/lxd/default.nix
index 7397825f714aa..11c2da247d717 100644
--- a/pkgs/tools/admin/lxd/default.nix
+++ b/pkgs/tools/admin/lxd/default.nix
@@ -7,6 +7,7 @@
 , bash
 , installShellFiles
 , nftablesSupport ? false
+, nixosTests
 }:
 
 let
@@ -58,6 +59,8 @@ buildGoPackage rec {
     installShellCompletion --bash --name lxd go/src/github.com/lxc/lxd/scripts/bash/lxd-client
   '';
 
+  passthru.tests.lxd = nixosTests.lxd;
+
   nativeBuildInputs = [ installShellFiles pkg-config makeWrapper ];
   buildInputs = [ lxc acl libcap dqlite.dev raft-canonical.dev
                   sqlite-replication udev.dev ];
author	Maciej Krüger <mkg20001@gmail.com>	2021-06-05 01:27:27 +0200
committer	GitHub <noreply@github.com>	2021-06-05 01:27:27 +0200
commit	26b3751de79105836a68195bb5bcd70d608c1d3f (patch)
tree	ef5b4df5eebfd024fbf3a7ea5e03dab53fd55b07
parent	3255d05cacd9e21d78326986bd7d3c4591580fdd (diff)
parent	161a35b0b8e4a5cb8d5fac3d5083ee9fb82cfbe2 (diff)