nixos/modules/virtualisation/container-config.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / virtualisation / container-config.nix

at 24.11-pre 1.2 kB view raw

 1{ config, pkgs, lib, ... }:
 2
 3with lib;
 4
 5{
 6
 7  config = mkIf config.boot.isContainer {
 8
 9    # Disable some features that are not useful in a container.
10
11    # containers don't have a kernel
12    boot.kernel.enable = false;
13    boot.modprobeConfig.enable = false;
14
15    console.enable = mkDefault false;
16
17    nix.optimise.automatic = mkDefault false; # the store is host managed
18    powerManagement.enable = mkDefault false;
19    documentation.nixos.enable = mkDefault false;
20
21    networking.useHostResolvConf = mkDefault true;
22
23    # Containers should be light-weight, so start sshd on demand.
24    services.openssh.startWhenNeeded = mkDefault true;
25
26    # containers do not need to setup devices
27    services.udev.enable = false;
28
29    # containers normally do not need to manage logical volumes
30    services.lvm.enable = lib.mkDefault false;
31
32    # Shut up warnings about not having a boot loader.
33    system.build.installBootLoader = lib.mkDefault "${pkgs.coreutils}/bin/true";
34
35    # Not supported in systemd-nspawn containers.
36    security.audit.enable = false;
37
38    # Use the host's nix-daemon.
39    environment.variables.NIX_REMOTE = "daemon";
40
41  };
42
43}