fix: fixes health check.

Explicit inclusion of `/run/wrappers/bin/` in $PATH appears unnecessary and causes default $PATH to be dropped, which includes `${pkgs.systemd}/bin`, which includes `systemd-run`, which podman uses to run health check commands. https://github.com/containers/podman/blob/0f04ba87bb7b2bdb20fe67705db6e428fd3dcdac/libpod/healthcheck_linux.go#L56
SEIAROTg · Jan 19, 2025 · dc233fc · dc233fc
1 parent 4e4cec2
commit dc233fc
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 5 deletions.
diff --git a/container.nix b/container.nix
@@ -658,8 +658,6 @@ let
 
   serviceConfigDefault = {
     Restart = "always";
-    # podman rootless requires "newuidmap" (the suid version, not the non-suid one from pkgs.shadow)
-    Environment = "PATH=/run/wrappers/bin";
     TimeoutStartSec = 900;
   };
 in

diff --git a/home-manager-module.nix b/home-manager-module.nix
@@ -94,7 +94,6 @@ in
           # sd-switch only starts new services with those symlinks.
           ${p._serviceName} = {
             Unit.X-QuadletNixConfigHash = builtins.hashString "sha256" p._configText;
-            Service.Environment = [ "PATH=/run/wrappers/bin" ];
             Install.WantedBy = if p._autoStart then [ "default.target" ] else [];
           };
         }) allObjects
@@ -108,8 +107,6 @@ in
           };
           Service = {
             Type = "oneshot";
-            # podman rootless requires "newuidmap" (the suid version, not the non-suid one from pkgs.shadow)
-            Environment = "PATH=/run/wrappers/bin";
             ExecStart = "${getExe quadletUtils.podmanPackage} auto-update";
             ExecStartPost = "${getExe quadletUtils.podmanPackage} image prune -f";
             TimeoutStartSec = "900s";

diff --git a/tests/flake.nix b/tests/flake.nix
@@ -131,6 +131,8 @@
           (genRootlessTest ./switch.nix)
           (genRootfulTest ./raw.nix)
           (genRootlessTest ./raw.nix)
+          (genRootfulTest ./health.nix)
+          (genRootlessTest ./health.nix)
         ];
       in {
         "${system}" = tests;

diff --git a/tests/health.nix b/tests/health.nix
@@ -0,0 +1,42 @@
+{
+  testConfig = { pkgs, ... }: {
+    virtualisation.quadlet = {
+      containers.good = {
+        containerConfig = {
+          image = "docker-archive:${pkgs.dockerTools.examples.redis}";
+          healthCmd = "redis-cli ping || exit 1";
+          healthRetries = 1;
+        };
+        serviceConfig.TimeoutStartSec = 60;
+      };
+      containers.bad = {
+        containerConfig = {
+          image = "docker-archive:${pkgs.dockerTools.examples.nginx}";
+          healthCmd = "exit 1";
+          healthRetries = 1;
+        };
+        serviceConfig.TimeoutStartSec = 60;
+      };
+    };
+  };
+
+  testScript = ''
+    import time
+
+    machine.wait_for_unit("default.target")
+    machine.wait_for_unit("default.target", user=user)
+    time.sleep(2)  # wait for health command cycles
+
+    containers = list_containers(user=user)
+    assert len(containers) == 2
+    containers_by_name = {
+      name: c
+      for c in containers
+      for name in c["Names"]
+    }
+
+    assert len(containers_by_name) == 2
+    assert "(healthy)" in containers_by_name["good"]["Status"]
+    assert "(unhealthy)" in containers_by_name["bad"]["Status"]
+  '';
+}