pyrox.dev
1# LXC Configuration
2
3{ config, lib, pkgs, ... }:
4
5with lib;
6
7let
8
9 cfg = config.virtualisation.lxc;
10
11in
12
13{
14 ###### interface
15
16 options.virtualisation.lxc = {
17 enable =
18 mkOption {
19 type = types.bool;
20 default = false;
21 description =
22 ''
23 This enables Linux Containers (LXC), which provides tools
24 for creating and managing system or application containers
25 on Linux.
26 '';
27 };
28
29 systemConfig =
30 mkOption {
31 type = types.lines;
32 default = "";
33 description =
34 ''
35 This is the system-wide LXC config. See
36 <citerefentry><refentrytitle>lxc.system.conf</refentrytitle>
37 <manvolnum>5</manvolnum></citerefentry>.
38 '';
39 };
40
41 defaultConfig =
42 mkOption {
43 type = types.lines;
44 default = "";
45 description =
46 ''
47 Default config (default.conf) for new containers, i.e. for
48 network config. See <citerefentry><refentrytitle>lxc.container.conf
49 </refentrytitle><manvolnum>5</manvolnum></citerefentry>.
50 '';
51 };
52
53 usernetConfig =
54 mkOption {
55 type = types.lines;
56 default = "";
57 description =
58 ''
59 This is the config file for managing unprivileged user network
60 administration access in LXC. See <citerefentry>
61 <refentrytitle>lxc-user-net</refentrytitle><manvolnum>5</manvolnum>
62 </citerefentry>.
63 '';
64 };
65 };
66
67 ###### implementation
68
69 config = mkIf cfg.enable {
70 environment.systemPackages = [ pkgs.lxc ];
71 environment.etc."lxc/lxc.conf".text = cfg.systemConfig;
72 environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig;
73 environment.etc."lxc/default.conf".text = cfg.defaultConfig;
74 systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
75
76 security.apparmor.packages = [ pkgs.lxc ];
77 security.apparmor.profiles = [
78 "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
79 "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
80 ];
81 };
82}