pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / lxc.nix
at 24.11-pre 2.0 kB view raw
1# LXC Configuration 2 3{ config, lib, pkgs, ... }: 4 5let 6 cfg = config.virtualisation.lxc; 7in 8 9{ 10 meta = { 11 maintainers = lib.teams.lxc.members; 12 }; 13 14 options.virtualisation.lxc = { 15 enable = 16 lib.mkOption { 17 type = lib.types.bool; 18 default = false; 19 description = '' 20 This enables Linux Containers (LXC), which provides tools 21 for creating and managing system or application containers 22 on Linux. 23 ''; 24 }; 25 26 systemConfig = 27 lib.mkOption { 28 type = lib.types.lines; 29 default = ""; 30 description = '' 31 This is the system-wide LXC config. See 32 {manpage}`lxc.system.conf(5)`. 33 ''; 34 }; 35 package = lib.mkPackageOption pkgs "lxc" { }; 36 37 defaultConfig = 38 lib.mkOption { 39 type = lib.types.lines; 40 default = ""; 41 description = '' 42 Default config (default.conf) for new containers, i.e. for 43 network config. See {manpage}`lxc.container.conf(5)`. 44 ''; 45 }; 46 47 usernetConfig = 48 lib.mkOption { 49 type = lib.types.lines; 50 default = ""; 51 description = '' 52 This is the config file for managing unprivileged user network 53 administration access in LXC. See {manpage}`lxc-usernet(5)`. 54 ''; 55 }; 56 }; 57 58 ###### implementation 59 60 config = lib.mkIf cfg.enable { 61 environment.systemPackages = [ cfg.package ]; 62 environment.etc."lxc/lxc.conf".text = cfg.systemConfig; 63 environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig; 64 environment.etc."lxc/default.conf".text = cfg.defaultConfig; 65 systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; 66 67 security.apparmor.packages = [ cfg.package ]; 68 security.apparmor.policies = { 69 "bin.lxc-start".profile = '' 70 include ${cfg.package}/etc/apparmor.d/usr.bin.lxc-start 71 ''; 72 "lxc-containers".profile = '' 73 include ${cfg.package}/etc/apparmor.d/lxc-containers 74 ''; 75 }; 76 }; 77}