lxc: progress
This commit is contained in:
parent
3b5e493ce9
commit
6e8fd7e77e
|
@ -3,9 +3,31 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
profilesDir = "/nix/var/nix/profiles/lxc";
|
||||||
gcRoots = "/nix/var/nix/gcroots/lxc";
|
|
||||||
containers = config.lxc.containers;
|
containers = config.lxc.containers;
|
||||||
nixPath = config.nix.nixPath;
|
nixPath = config.nix.nixPath;
|
||||||
|
|
||||||
|
toLxcConfig' = path: a:
|
||||||
|
if builtins.isString a
|
||||||
|
then "${path} = ${a}\n"
|
||||||
|
else if builtins.isInt a
|
||||||
|
then "${path} = ${toString a}\n"
|
||||||
|
else if builtins.isAttrs a
|
||||||
|
then lib.concatMapStrings (name:
|
||||||
|
let
|
||||||
|
path' = if path == ""
|
||||||
|
then name
|
||||||
|
else "${path}.${name}";
|
||||||
|
in
|
||||||
|
toLxcConfig' path' (builtins.getAttr name a)
|
||||||
|
) (builtins.attrNames a)
|
||||||
|
else if builtins.isList a
|
||||||
|
then lib.concatMapStrings (toLxcConfig' path) a
|
||||||
|
else throw "Invalid LXC config value";
|
||||||
|
toLxcConfig = toLxcConfig' "";
|
||||||
|
|
||||||
|
lxc-rootfs = pkgs.runCommand "lxc-rootfs" {} ''
|
||||||
|
mkdir -p $out/share/lxc/rootfs/{dev,nix/store,proc,run,sys,tmp}
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
options = with types; {
|
options = with types; {
|
||||||
lxc.containers = mkOption {
|
lxc.containers = mkOption {
|
||||||
|
@ -15,6 +37,10 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (containers != {}) {
|
config = mkIf (containers != {}) {
|
||||||
|
environment = {
|
||||||
|
systemPackages = [ pkgs.lxc pkgs.apparmor-parser lxc-rootfs ];
|
||||||
|
pathsToLink = [ "/share/lxc" ];
|
||||||
|
};
|
||||||
virtualisation.lxc = {
|
virtualisation.lxc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
@ -22,7 +48,28 @@ in {
|
||||||
systemd.services =
|
systemd.services =
|
||||||
builtins.foldl' (services: name:
|
builtins.foldl' (services: name:
|
||||||
let
|
let
|
||||||
|
systemDir = "/${profilesDir}/${name}/system";
|
||||||
|
lxcDefaults = {
|
||||||
|
lxc = {
|
||||||
|
uts.name = name;
|
||||||
|
rootfs.path = "/run/current-system/sw/share/lxc/rootfs";
|
||||||
|
mount.entry = [
|
||||||
|
"${systemDir}/init /init none bind,ro 0 0"
|
||||||
|
"/nix/store /nix/store none bind,ro 0 0"
|
||||||
|
];
|
||||||
|
autodev = 1;
|
||||||
|
include = "/run/current-system/sw/share/lxc/config/common.conf";
|
||||||
|
# TODO: userns?
|
||||||
|
# TODO: apparmor?
|
||||||
|
apparmor.profile = "generated";
|
||||||
|
environment = "TERM=linux";
|
||||||
|
};
|
||||||
|
};
|
||||||
config = builtins.getAttr name containers;
|
config = builtins.getAttr name containers;
|
||||||
|
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
|
||||||
|
# TODO: better merging
|
||||||
|
(toLxcConfig (lxcDefaults // config.lxc));
|
||||||
|
|
||||||
builder = {
|
builder = {
|
||||||
description = "Build NixOS for lxc container ${name}";
|
description = "Build NixOS for lxc container ${name}";
|
||||||
wants = [ "nix-daemon.socket" ];
|
wants = [ "nix-daemon.socket" ];
|
||||||
|
@ -38,7 +85,6 @@ in {
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p ${profilesDir}/${name}
|
mkdir -p ${profilesDir}/${name}
|
||||||
mkdir -p ${gcRoots}/${name}
|
|
||||||
|
|
||||||
nix-env -p ${profilesDir}/${name}/system \
|
nix-env -p ${profilesDir}/${name}/system \
|
||||||
-I nixos-config=${config.nixos-config} \
|
-I nixos-config=${config.nixos-config} \
|
||||||
|
@ -48,12 +94,14 @@ in {
|
||||||
};
|
};
|
||||||
starter = {
|
starter = {
|
||||||
description = "LXC container ${name}";
|
description = "LXC container ${name}";
|
||||||
requires = [ "lxc-container-${name}-builder" ];
|
requires = [ "lxc-container-${name}-builder.service" ];
|
||||||
after = [ "lxc-container-${name}-builder" ];
|
after = [ "lxc-container-${name}-builder.service" ];
|
||||||
|
|
||||||
path = with pkgs; [ lxc ];
|
path = with pkgs; [ lxc apparmor-parser ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
|
mkdir -p /var/lib/lxc/${name}
|
||||||
|
ln -fs ${lxcConfig} /var/lib/lxc/${name}/config
|
||||||
lxc-start -F -n ${name}
|
lxc-start -F -n ${name}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue