nixos/modules/virtualisation/lxc-container.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / lxc-container.nix
at 24.11-pre 2.8 kB view raw
 1{ lib, config, pkgs, ... }:
 2
 3{
 4  meta = {
 5    maintainers = lib.teams.lxc.members;
 6  };
 7
 8  imports = [
 9    ./lxc-instance-common.nix
10
11    (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "nestedContainer" ] "")
12    (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "privilegedContainer" ] "")
13  ];
14
15  options = { };
16
17  config = let
18    initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";
19  in {
20    boot.isContainer = true;
21    boot.postBootCommands =
22      ''
23        # After booting, register the contents of the Nix store in the Nix
24        # database.
25        if [ -f /nix-path-registration ]; then
26          ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
27          rm /nix-path-registration
28        fi
29
30        # nixos-rebuild also requires a "system" profile
31        ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
32      '';
33
34    system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
35      extraArgs = "--owner=0";
36
37      storeContents = [
38        {
39          object = config.system.build.toplevel;
40          symlink = "none";
41        }
42      ];
43
44      contents = [
45        {
46          source = config.system.build.toplevel + "/${initScript}";
47          target = "/sbin/init";
48        }
49        # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
50        # Nixos will setup the same symlink after start.
51        {
52          source = config.system.build.toplevel + "/etc/os-release";
53          target = "/etc/os-release";
54        }
55      ];
56
57      extraCommands = "mkdir -p proc sys dev";
58    };
59
60    system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
61      fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
62
63      noStrip = true; # keep directory structure
64      comp = "zstd -Xcompression-level 6";
65
66      storeContents = [config.system.build.toplevel];
67
68      pseudoFiles = [
69        "/sbin d 0755 0 0"
70        "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"
71        "/dev d 0755 0 0"
72        "/proc d 0555 0 0"
73        "/sys d 0555 0 0"
74      ];
75    };
76
77    system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
78      #!${pkgs.runtimeShell}
79      ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
80    '';
81
82    # networkd depends on this, but systemd module disables this for containers
83    systemd.additionalUpstreamSystemUnits = ["systemd-udev-trigger.service"];
84
85    systemd.packages = [ pkgs.distrobuilder.generator ];
86
87    system.activationScripts.installInitScript = lib.mkForce ''
88      ln -fs $systemConfig/${initScript} /sbin/init
89    '';
90  };
91}