allow configuring systemd-nspawn parameters

1 files changed, 56 insertions, 8 deletions

diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index b50194fa..0b34a3b4 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -5,12 +5,15 @@ module Propellor.Property.Systemd (
 	enabled,
 	disabled,
 	persistentJournal,
+	daemonReloaded,
 	Container,
 	container,
 	nspawned,
+	containerCfg,
 ) where
 
 import Propellor
+import Propellor.Types.Chroot
 import qualified Propellor.Property.Chroot as Chroot
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.File as File
@@ -18,6 +21,7 @@ import Propellor.Property.Systemd.Core
 import Utility.SafeCommand
 import Utility.FileMode
 
+import Data.List
 import Data.List.Utils
 
 type ServiceName = String
@@ -63,6 +67,10 @@ persistentJournal = check (not <$> doesDirectoryExist dir) $
   where
 	dir = "/var/log/journal"
 
+-- | Causes systemd to reload its configuration files.
+daemonReloaded :: Property
+daemonReloaded = trivial $ cmdProperty "systemctl" ["daemon-reload"]
+
 -- | Defines a container with a given machine name.
 --
 -- Properties can be added to configure the Container.
@@ -102,7 +110,7 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
 	steps =
 		[ enterScript c
 		, chrootprovisioned
-		, nspawnService c
+		, nspawnService c (_chrootCfg $ _chrootinfo $ hostInfo h)
 		]
 
 	-- Chroot provisioning is run in systemd-only mode,
@@ -118,19 +126,46 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
 
 	chroot = Chroot.Chroot loc system builderconf h
 
-nspawnService :: Container -> RevertableProperty
-nspawnService (Container name _ _) = RevertableProperty setup teardown
+-- | Sets up the service file for the container, and then starts
+-- it running.
+nspawnService :: Container -> ChrootCfg -> RevertableProperty
+nspawnService (Container name _ _) cfg = RevertableProperty setup teardown
   where
 	service = nspawnServiceName name
 	servicefile = "/etc/systemd/system/multi-user.target.wants" </> service
 
-	setup = check (not <$> doesFileExist servicefile) $
-		started service
-			`requires` enabled service
+	servicefilecontent = do
+		ls <- lines <$> readFile "/lib/systemd/system/ssh.service"
+		return $ unlines $
+			"# deployed by propellor" : map addparams ls
+	addparams l
+		| "ExecStart=" `isPrefixOf` l =
+			l ++ " " ++ unwords (nspawnServiceParams cfg)
+		| otherwise = l
+	
+	goodservicefile = (==)
+		<$> servicefilecontent
+		<*> catchDefaultIO "" (readFile servicefile)
+
+	writeservicefile = property servicefile $ liftIO $ do
+		viaTmp writeFile servicefile =<< servicefilecontent
+		return MadeChange
+
+	setupservicefile = check (not <$> goodservicefile) $
+		-- if it's running, it has the wrong configuration,
+		-- so stop it
+		stopped service
+			`requires` daemonReloaded
+			`requires` writeservicefile
+
+	setup = started service `requires` setupservicefile
 
 	teardown = check (doesFileExist servicefile) $
-		disabled service
-			`requires` stopped service
+		disabled service `requires` stopped service
+
+nspawnServiceParams :: ChrootCfg -> [String]
+nspawnServiceParams ChrootCfg = []
+nspawnServiceParams (SystemdNspawnCfg ps) = ps
 
 -- | Installs a "enter-machinename" script that root can use to run a
 -- command inside the container.
@@ -171,3 +206,16 @@ containerDir name = "/var/lib/container" </> mungename name
 
 mungename :: MachineName -> String
 mungename = replace "/" "_"
+
+-- | This configures how systemd-nspawn(1) starts the container,
+-- by specifying a parameter, such as "--private-network", or
+-- "--link-journal=guest"
+--
+-- When there is no leading dash, "--" is prepended to the parameter.
+containerCfg :: String -> Property
+containerCfg p = pureInfoProperty ("container configured with " ++ p') $
+	mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [p'] } }
+  where
+	p' = case p of
+		('-':_) -> p
+		_ -> "--" ++ p