pyrox.dev
1# Systemd services for lxd.
2
3{ config, lib, pkgs, ... }:
4
5with lib;
6
7let
8
9 cfg = config.virtualisation.lxd;
10
11in
12
13{
14 ###### interface
15
16 options = {
17
18 virtualisation.lxd.enable =
19 mkOption {
20 type = types.bool;
21 default = false;
22 description =
23 ''
24 This option enables lxd, a daemon that manages
25 containers. Users in the "lxd" group can interact with
26 the daemon (e.g. to start or stop containers) using the
27 <command>lxc</command> command line tool, among others.
28 '';
29 };
30
31 };
32
33
34 ###### implementation
35
36 config = mkIf cfg.enable {
37
38 environment.systemPackages =
39 [ pkgs.lxd ];
40
41 security.apparmor = {
42 enable = true;
43 profiles = [
44 "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
45 "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
46 ];
47 packages = [ pkgs.lxc ];
48 };
49
50 systemd.services.lxd =
51 { description = "LXD Container Management Daemon";
52
53 wantedBy = [ "multi-user.target" ];
54 after = [ "systemd-udev-settle.service" ];
55
56 # TODO(wkennington): Add lvm2 and thin-provisioning-tools
57 path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
58
59 preStart = ''
60 mkdir -m 0755 -p /var/lib/lxc/rootfs
61 '';
62
63 serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
64 serviceConfig.Type = "simple";
65 serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
66 };
67
68 users.extraGroups.lxd.gid = config.ids.gids.lxd;
69
70 users.extraUsers.root = {
71 subUidRanges = [ { startUid = 1000000; count = 65536; } ];
72 subGidRanges = [ { startGid = 1000000; count = 65536; } ];
73 };
74
75 };
76
77}