nix-config/lib/lxc-container.nix

75 lines
1.9 KiB
Nix

{ pkgs, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/docker-container.nix")
];
networking.networkmanager.dns = "unbound";
networking.useHostResolvConf = false;
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 1;
nix.buildCores = lib.mkDefault 4;
networking.useNetworkd = true;
networking.useDHCP = false;
services.resolved.enable = false;
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.interfaces.eth0 = {
useDHCP = false;
preferTempAddress = false;
};
systemd.network.networks."40-eth0" = {
networkConfig = {
IPv6AcceptRA = true;
LinkLocalAddressing = "ipv6";
};
};
boot.isContainer = true;
# /sbin/init
boot.loader.initScript.enable = true;
boot.loader.grub.enable = false;
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
'';
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
# add central logging
services.journalbeat = {
enable = true;
tags = [ "container" ];
extraConfig = ''
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
'';
};
# Required for remote deployment
services.openssh.enable = true;
}