pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5{
6 options.proxmoxLXC = {
7 privileged = mkOption {
8 type = types.bool;
9 default = false;
10 description = lib.mdDoc ''
11 Whether to enable privileged mounts
12 '';
13 };
14 manageNetwork = mkOption {
15 type = types.bool;
16 default = false;
17 description = lib.mdDoc ''
18 Whether to manage network interfaces through nix options
19 When false, systemd-networkd is enabled to accept network
20 configuration from proxmox.
21 '';
22 };
23 manageHostName = mkOption {
24 type = types.bool;
25 default = false;
26 description = lib.mdDoc ''
27 Whether to manage hostname through nix options
28 When false, the hostname is picked up from /etc/hostname
29 populated by proxmox.
30 '';
31 };
32 };
33
34 config =
35 let
36 cfg = config.proxmoxLXC;
37 in
38 {
39 system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
40 storeContents = [{
41 object = config.system.build.toplevel;
42 symlink = "none";
43 }];
44
45 contents = [{
46 source = config.system.build.toplevel + "/init";
47 target = "/sbin/init";
48 }];
49
50 extraCommands = "mkdir -p root etc/systemd/network";
51 };
52
53 boot = {
54 isContainer = true;
55 loader.initScript.enable = true;
56 };
57
58 networking = mkIf (!cfg.manageNetwork) {
59 useDHCP = false;
60 useHostResolvConf = false;
61 useNetworkd = true;
62 # pick up hostname from /etc/hostname generated by proxmox
63 hostName = mkIf (!cfg.manageHostName) (mkForce "");
64 };
65
66 services.openssh = {
67 enable = mkDefault true;
68 startWhenNeeded = mkDefault true;
69 };
70
71 systemd.mounts = mkIf (!cfg.privileged)
72 [{ where = "/sys/kernel/debug"; enable = false; }];
73
74 };
75}