pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / lxc-container.nix
at master 3.5 kB view raw
1{ 2 lib, 3 config, 4 pkgs, 5 ... 6}: 7 8{ 9 meta = { 10 maintainers = lib.teams.lxc.members; 11 }; 12 13 imports = [ 14 ./lxc-instance-common.nix 15 16 (lib.mkRemovedOptionModule [ 17 "virtualisation" 18 "lxc" 19 "nestedContainer" 20 ] "") 21 (lib.mkRemovedOptionModule [ 22 "virtualisation" 23 "lxc" 24 "privilegedContainer" 25 ] "") 26 ]; 27 28 options = { }; 29 30 config = 31 32 { 33 boot.isContainer = true; 34 boot.postBootCommands = '' 35 # After booting, register the contents of the Nix store in the Nix 36 # database. 37 if [ -f /nix-path-registration ]; then 38 ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration && 39 rm /nix-path-registration 40 fi 41 42 # nixos-rebuild also requires a "system" profile 43 ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system 44 ''; 45 46 # supplement 99-ethernet-default-dhcp which excludes veth 47 systemd.network = lib.mkIf config.networking.useDHCP { 48 networks."99-lxc-veth-default-dhcp" = { 49 matchConfig = { 50 Type = "ether"; 51 Kind = "veth"; 52 Name = [ 53 "en*" 54 "eth*" 55 ]; 56 }; 57 DHCP = "yes"; 58 networkConfig.IPv6PrivacyExtensions = "kernel"; 59 }; 60 }; 61 62 system.nixos.tags = lib.mkOverride 99 [ "lxc" ]; 63 image.extension = "tar.xz"; 64 image.filePath = "tarball/${config.image.fileName}"; 65 system.build.image = lib.mkOverride 99 config.system.build.tarball; 66 67 system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { 68 fileName = config.image.baseName; 69 extraArgs = "--owner=0"; 70 71 storeContents = [ 72 { 73 object = config.system.build.toplevel; 74 symlink = "none"; 75 } 76 ]; 77 78 contents = [ 79 { 80 source = config.system.build.toplevel + "/init"; 81 target = "/sbin/init"; 82 } 83 # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn. 84 # Nixos will setup the same symlink after start. 85 { 86 source = config.system.build.toplevel + "/etc/os-release"; 87 target = "/etc/os-release"; 88 } 89 ]; 90 91 extraCommands = "mkdir -p proc sys dev"; 92 }; 93 94 system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix { 95 fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}"; 96 97 hydraBuildProduct = true; 98 noStrip = true; # keep directory structure 99 comp = "zstd -Xcompression-level 6"; 100 101 storeContents = [ config.system.build.toplevel ]; 102 103 pseudoFiles = [ 104 "/sbin d 0755 0 0" 105 "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/init" 106 "/dev d 0755 0 0" 107 "/proc d 0555 0 0" 108 "/sys d 0555 0 0" 109 ]; 110 }; 111 112 system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" '' 113 #!${pkgs.runtimeShell} 114 ${pkgs.coreutils}/bin/ln -fs "$1/init" /sbin/init 115 ''; 116 117 # networkd depends on this, but systemd module disables this for containers 118 systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ]; 119 120 systemd.packages = [ pkgs.distrobuilder.generator ]; 121 122 system.activationScripts.installInitScript = lib.mkForce '' 123 ln -fs $systemConfig/init /sbin/init 124 ''; 125 }; 126}