pyrox.dev
1# Systemd services for lxd.
2
3{ config, lib, pkgs, ... }:
4
5with lib;
6
7let
8
9 cfg = config.virtualisation.lxd;
10
11in
12
13{
14 ###### interface
15
16 options = {
17
18 virtualisation.lxd = {
19 enable = mkOption {
20 type = types.bool;
21 default = false;
22 description = ''
23 This option enables lxd, a daemon that manages
24 containers. Users in the "lxd" group can interact with
25 the daemon (e.g. to start or stop containers) using the
26 <command>lxc</command> command line tool, among others.
27 '';
28 };
29 zfsSupport = mkOption {
30 type = types.bool;
31 default = false;
32 description = ''
33 enables lxd to use zfs as a storage for containers.
34 This option is enabled by default if a zfs pool is configured
35 with nixos.
36 '';
37 };
38 };
39 };
40
41 ###### implementation
42
43 config = mkIf cfg.enable {
44
45 environment.systemPackages = [ pkgs.lxd ];
46
47 security.apparmor = {
48 enable = true;
49 profiles = [
50 "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
51 "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
52 ];
53 packages = [ pkgs.lxc ];
54 };
55
56 systemd.services.lxd = {
57 description = "LXD Container Management Daemon";
58
59 wantedBy = [ "multi-user.target" ];
60 after = [ "systemd-udev-settle.service" ];
61
62 path = lib.optional cfg.zfsSupport pkgs.zfs;
63
64 preStart = ''
65 mkdir -m 0755 -p /var/lib/lxc/rootfs
66 '';
67
68 serviceConfig = {
69 ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
70 Type = "simple";
71 KillMode = "process"; # when stopping, leave the containers alone
72 };
73
74 };
75
76 users.groups.lxd.gid = config.ids.gids.lxd;
77
78 users.users.root = {
79 subUidRanges = [ { startUid = 1000000; count = 65536; } ];
80 subGidRanges = [ { startGid = 1000000; count = 65536; } ];
81 };
82 };
83}