commit 06ad3811a856a1769e35eecfd2c2d56aebf0ae6a · pyrox.dev/nixpkgs

+89 -69

nixos/modules/virtualisation/lxc-container.nix

···

       1
       -
       { lib, config, pkgs, ... }:

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2
        
       

     

       3
        
       {

     

       4
        
         meta = {

     
···

       8
        
         imports = [

     

       9
        
           ./lxc-instance-common.nix

     

       10
        
       

     

       11
       -
           (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "nestedContainer" ] "")

     

       12
       -
           (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "privilegedContainer" ] "")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       13
        
         ];

     

       14
        
       

     

       15
        
         options = { };

     

       16
        
       

     

       17
       -
         config = let

     

       18
       -
           initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";

     

       19
       -
         in {

     

       20
       -
           boot.isContainer = true;

     

       21
       -
           boot.postBootCommands =

     

       22
       -
             ''

     

       0
        
       
     

       23
        
               # After booting, register the contents of the Nix store in the Nix

     

       24
        
               # database.

     

       25
        
               if [ -f /nix-path-registration ]; then

     
···

       31
        
               ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system

     

       32
        
             '';

     

       33
        
       

     

       34
       -
           # supplement 99-ethernet-default-dhcp which excludes veth

     

       35
       -
           systemd.network = lib.mkIf config.networking.useDHCP {

     

       36
       -
             networks."99-lxc-veth-default-dhcp" = {

     

       37
       -
               matchConfig = {

     

       38
       -
                 Type = "ether";

     

       39
       -
                 Kind = "veth";

     

       40
       -
                 Name = [

     

       41
       -
                   "en*"

     

       42
       -
                   "eth*"

     

       43
       -
                 ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       44
        
               };

     

       45
       -
               DHCP = "yes";

     

       46
       -
               networkConfig.IPv6PrivacyExtensions = "kernel";

     

       47
        
             };

     

       48
       -
           };

     

       49
        
       

     

       50
       -
           system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       51
       -
             extraArgs = "--owner=0";

     

       0
        
       
     

       0
        
       
     

       52
        
       

     

       53
       -
             storeContents = [

     

       54
       -
               {

     

       55
       -
                 object = config.system.build.toplevel;

     

       56
       -
                 symlink = "none";

     

       57
       -
               }

     

       58
       -
             ];

     

       59
        
       

     

       60
       -
             contents = [

     

       61
       -
               {

     

       62
       -
                 source = config.system.build.toplevel + "/${initScript}";

     

       63
       -
                 target = "/sbin/init";

     

       64
       -
               }

     

       65
       -
               # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.

     

       66
       -
               # Nixos will setup the same symlink after start.

     

       67
       -
               {

     

       68
       -
                 source = config.system.build.toplevel + "/etc/os-release";

     

       69
       -
                 target = "/etc/os-release";

     

       70
       -
               }

     

       71
       -
             ];

     

       72
        
       

     

       73
       -
             extraCommands = "mkdir -p proc sys dev";

     

       74
       -
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       75
        
       

     

       76
       -
           system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {

     

       77
       -
             fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";

     

       78
        
       

     

       79
       -
             hydraBuildProduct = true;

     

       80
       -
             noStrip = true; # keep directory structure

     

       81
       -
             comp = "zstd -Xcompression-level 6";

     

       82
        
       

     

       83
       -
             storeContents = [config.system.build.toplevel];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       84
        
       

     

       85
       -
             pseudoFiles = [

     

       86
       -
               "/sbin d 0755 0 0"

     

       87
       -
               "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"

     

       88
       -
               "/dev d 0755 0 0"

     

       89
       -
               "/proc d 0555 0 0"

     

       90
       -
               "/sys d 0555 0 0"

     

       91
       -
             ];

     

       92
       -
           };

     

       93
        
       

     

       94
       -
           system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''

     

       95
       -
             #!${pkgs.runtimeShell}

     

       96
       -
             ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init

     

       97
       -
           '';

     

       98
        
       

     

       99
       -
           # networkd depends on this, but systemd module disables this for containers

     

       100
       -
           systemd.additionalUpstreamSystemUnits = ["systemd-udev-trigger.service"];

     

       101
        
       

     

       102
       -
           systemd.packages = [ pkgs.distrobuilder.generator ];

     

       103
        
       

     

       104
       -
           system.activationScripts.installInitScript = lib.mkForce ''

     

       105
       -
             ln -fs $systemConfig/${initScript} /sbin/init

     

       106
       -
           '';

     

       107
       -
         };

     

       108
        
       }

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         config,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
        
       

     

       8
        
       {

     

       9
        
         meta = {

     
···

       13
        
         imports = [

     

       14
        
           ./lxc-instance-common.nix

     

       15
        
       

     

       16
       +
           (lib.mkRemovedOptionModule [

     

       17
       +
             "virtualisation"

     

       18
       +
             "lxc"

     

       19
       +
             "nestedContainer"

     

       20
       +
           ] "")

     

       21
       +
           (lib.mkRemovedOptionModule [

     

       22
       +
             "virtualisation"

     

       23
       +
             "lxc"

     

       24
       +
             "privilegedContainer"

     

       25
       +
           ] "")

     

       26
        
         ];

     

       27
        
       

     

       28
        
         options = { };

     

       29
        
       

     

       30
       +
         config =

     

       31
       +
           let

     

       32
       +
             initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";

     

       33
       +
           in

     

       34
       +
           {

     

       35
       +
             boot.isContainer = true;

     

       36
       +
             boot.postBootCommands = ''

     

       37
        
               # After booting, register the contents of the Nix store in the Nix

     

       38
        
               # database.

     

       39
        
               if [ -f /nix-path-registration ]; then

     
···

       45
        
               ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system

     

       46
        
             '';

     

       47
        
       

     

       48
       +
             # supplement 99-ethernet-default-dhcp which excludes veth

     

       49
       +
             systemd.network = lib.mkIf config.networking.useDHCP {

     

       50
       +
               networks."99-lxc-veth-default-dhcp" = {

     

       51
       +
                 matchConfig = {

     

       52
       +
                   Type = "ether";

     

       53
       +
                   Kind = "veth";

     

       54
       +
                   Name = [

     

       55
       +
                     "en*"

     

       56
       +
                     "eth*"

     

       57
       +
                   ];

     

       58
       +
                 };

     

       59
       +
                 DHCP = "yes";

     

       60
       +
                 networkConfig.IPv6PrivacyExtensions = "kernel";

     

       61
        
               };

     

       0
        
       
     

       0
        
       
     

       62
        
             };

     

       0
        
       
     

       63
        
       

     

       64
       +
             system.nixos.tags = lib.mkOverride 99 [ "lxc" ];

     

       65
       +
             image.extension = "tar.xz";

     

       66
       +
             image.filePath = "tarball/${config.image.fileName}";

     

       67
       +
             system.build.image = lib.mkOverride 99 config.system.build.tarball;

     

       68
        
       

     

       69
       +
             system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       70
       +
               fileName = config.image.baseName;

     

       71
       +
               extraArgs = "--owner=0";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       72
        
       

     

       73
       +
               storeContents = [

     

       74
       +
                 {

     

       75
       +
                   object = config.system.build.toplevel;

     

       76
       +
                   symlink = "none";

     

       77
       +
                 }

     

       78
       +
               ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       79
        
       

     

       80
       +
               contents = [

     

       81
       +
                 {

     

       82
       +
                   source = config.system.build.toplevel + "/${initScript}";

     

       83
       +
                   target = "/sbin/init";

     

       84
       +
                 }

     

       85
       +
                 # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.

     

       86
       +
                 # Nixos will setup the same symlink after start.

     

       87
       +
                 {

     

       88
       +
                   source = config.system.build.toplevel + "/etc/os-release";

     

       89
       +
                   target = "/etc/os-release";

     

       90
       +
                 }

     

       91
       +
               ];

     

       92
        
       

     

       93
       +
               extraCommands = "mkdir -p proc sys dev";

     

       94
       +
             };

     

       95
        
       

     

       96
       +
             system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {

     

       97
       +
               fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";

     

       0
        
       
     

       98
        
       

     

       99
       +
               hydraBuildProduct = true;

     

       100
       +
               noStrip = true; # keep directory structure

     

       101
       +
               comp = "zstd -Xcompression-level 6";

     

       102
       +
       

     

       103
       +
               storeContents = [ config.system.build.toplevel ];

     

       104
        
       

     

       105
       +
               pseudoFiles = [

     

       106
       +
                 "/sbin d 0755 0 0"

     

       107
       +
                 "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"

     

       108
       +
                 "/dev d 0755 0 0"

     

       109
       +
                 "/proc d 0555 0 0"

     

       110
       +
                 "/sys d 0555 0 0"

     

       111
       +
               ];

     

       112
       +
             };

     

       113
        
       

     

       114
       +
             system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''

     

       115
       +
               #!${pkgs.runtimeShell}

     

       116
       +
               ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init

     

       117
       +
             '';

     

       118
        
       

     

       119
       +
             # networkd depends on this, but systemd module disables this for containers

     

       120
       +
             systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ];

     

       121
        
       

     

       122
       +
             systemd.packages = [ pkgs.distrobuilder.generator ];

     

       123
        
       

     

       124
       +
             system.activationScripts.installInitScript = lib.mkForce ''

     

       125
       +
               ln -fs $systemConfig/${initScript} /sbin/init

     

       126
       +
             '';

     

       127
       +
           };

     

       128
        
       }

nixos/modules/virtualisation/lxc-image-metadata.nix

···

       46
        
         else { files = []; properties = {}; };

     

       47
        
       

     

       48
        
       in {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       49
        
         meta = {

     

       50
        
           maintainers = lib.teams.lxc.members;

     

       51
        
         };

     
···

       87
        
         };

     

       88
        
       

     

       89
        
         config = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       90
        
           system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       0
        
       
     

       91
        
             contents = [

     

       92
        
               {

     

       93
        
                 source = toYAML "metadata.yaml" {

···

       46
        
         else { files = []; properties = {}; };

     

       47
        
       

     

       48
        
       in {

     

       49
       +
         imports = [

     

       50
       +
           ../image/file-options.nix

     

       51
       +
         ];

     

       52
       +
       

     

       53
        
         meta = {

     

       54
        
           maintainers = lib.teams.lxc.members;

     

       55
        
         };

     
···

       91
        
         };

     

       92
        
       

     

       93
        
         config = {

     

       94
       +
           system.nixos.tags = [ "lxc" "metadata" ];

     

       95
       +
           image.extension = "tar.xz";

     

       96
       +
           image.filePath = "tarball/${config.image.fileName}";

     

       97
       +
           system.build.image = config.system.build.metadata;

     

       98
        
           system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {

     

       99
       +
             fileName = config.image.baseName;

     

       100
        
             contents = [

     

       101
        
               {

     

       102
        
                 source = toYAML "metadata.yaml" {