nixos/modules/virtualisation/container-config.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / virtualisation / container-config.nix

at 25.11-pre 1.2 kB view raw

 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7
 8with lib;
 9
10{
11
12  config = mkIf config.boot.isContainer {
13
14    # Disable some features that are not useful in a container.
15
16    # containers don't have a kernel
17    boot.kernel.enable = false;
18    boot.modprobeConfig.enable = false;
19
20    console.enable = mkDefault false;
21
22    nix.optimise.automatic = mkDefault false; # the store is host managed
23    powerManagement.enable = mkDefault false;
24    documentation.nixos.enable = mkDefault false;
25
26    networking.useHostResolvConf = mkDefault true;
27
28    # Containers should be light-weight, so start sshd on demand.
29    services.openssh.startWhenNeeded = mkDefault true;
30
31    # containers do not need to setup devices
32    services.udev.enable = false;
33
34    # containers normally do not need to manage logical volumes
35    services.lvm.enable = lib.mkDefault false;
36
37    # Shut up warnings about not having a boot loader.
38    system.build.installBootLoader = lib.mkDefault "${pkgs.coreutils}/bin/true";
39
40    # Not supported in systemd-nspawn containers.
41    security.audit.enable = false;
42
43    # Use the host's nix-daemon.
44    environment.variables.NIX_REMOTE = "daemon";
45
46  };
47
48}