pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #255116 from adamcstephens/lxd/udev-container

systemd: allow udev-trigger to run on lxd containers with nesting

Mario Rodas 25b9f4d2 a9f6c4e4

options
unified split
Changed files
+11 -10
nixos
modules
system
boot
systemd.nix
virtualisation
lxc-container.nix
+1 -1
nixos/modules/system/boot/systemd.nix 
···

       
53

       
53

       
 

       
      "systemd-udevd-kernel.socket"


     

       
54

       
54

       
 

       
      "systemd-udevd.service"


     

       
55

       
55

       
 

       
      "systemd-udev-settle.service"


     

       
56

       

       
-

       
      ] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [


     

       

       
56

       
+

       
      ] ++ (optional (!config.boot.isContainer || config.virtualisation.lxc.nestedContainer) "systemd-udev-trigger.service") ++ [


     

       
57

       
57

       
 

       
      # hwdb.bin is managed by NixOS


     

       
58

       
58

       
 

       
      # "systemd-hwdb-update.service"


     

       
59

       
59
+10 -9
nixos/modules/virtualisation/lxc-container.nix 
···

       
9

       
9

       
 

       



     

       
10

       
10

       
 

       
  options = {


     

       
11

       
11

       
 

       
    virtualisation.lxc = {


     

       
12

       

       
-

       
      privilegedContainer = lib.mkOption {


     

       
13

       

       
-

       
        type = lib.types.bool;


     

       
14

       

       
-

       
        default = false;


     

       
15

       

       
-

       
        description = lib.mdDoc ''


     

       
16

       

       
-

       
          Whether this LXC container will be running as a privileged container or not. If set to `true` then


     

       
17

       

       
-

       
          additional configuration will be applied to the `systemd` instance running within the container as


     

       
18

       

       
-

       
          recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).


     

       
19

       

       
-

       
        '';


     

       
20

       

       
-

       
      };


     

       

       
12

       
+

       
      nestedContainer = lib.mkEnableOption (lib.mdDoc ''


     

       

       
13

       
+

       
        Whether this container is configured as a nested container. On LXD containers this is recommended


     

       

       
14

       
+

       
          for all containers and is enabled with `security.nesting = true`.


     

       

       
15

       
+

       
      '');


     

       

       
16

       
+

       



     

       

       
17

       
+

       
      privilegedContainer = lib.mkEnableOption (lib.mdDoc ''


     

       

       
18

       
+

       
        Whether this LXC container will be running as a privileged container or not. If set to `true` then


     

       

       
19

       
+

       
        additional configuration will be applied to the `systemd` instance running within the container as


     

       

       
20

       
+

       
        recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).


     

       

       
21

       
+

       
      '');


     

       
21

       
22

       
 

       
    };


     

       
22

       
23

       
 

       
  };


     

       
23

       
24