nix-config/modules/lxc-container.nix

{ hostRegistry, config, pkgs, lib, modulesPath, ... }:

{
  imports = [
    (modulesPath + "/profiles/docker-container.nix")
  ];

  boot = {
    isContainer = true;
    loader = {
      grub.enable = false;
      # /sbin/init
      initScript.enable = true;
    };
  };

  environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
    nameserver ${ns}
  '') config.networking.nameservers;

  fileSystems."/" = {
    fsType = "rootfs";
    device = "rootfs";
  };

  nix = {
    useSandbox = false;
    maxJobs = lib.mkDefault 1;
    buildCores = lib.mkDefault 4;
  };

  networking = {
    interfaces.eth0 = {
      useDHCP = false;
      tempAddress = "disabled";
    };
    nameservers = with hostRegistry.hosts.dnscache; [
      ip4
      ip6
      "9.9.9.9"
    ];
    networkmanager.dns = "unbound";
    useDHCP = false;
    useHostResolvConf = false;
    useNetworkd = true;
  };

  services = {
    # Required for remote deployment
    openssh.enable = true;
    resolved.enable = false;
  };

  # Create a few files early before packing tarball for Proxmox architecture/OS detection.
  system.extraSystemBuilderCmds = ''
    mkdir -m 0755 -p $out/bin
    ln -s ${pkgs.bash}/bin/bash $out/bin/sh
    mkdir -m 0755 -p $out/sbin
    ln -s ../init $out/sbin/init
  '';

  systemd.network.networks."40-eth0".networkConfig = {
    IPv6AcceptRA = true;
    LinkLocalAddressing = "ipv6";
  };
}
journalbeat: set logging host 2021-10-06 19:12:32 +02:00			`{ hostRegistry, config, pkgs, lib, modulesPath, ... }:`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00
			`{`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00			`imports = [`
			`(modulesPath + "/profiles/docker-container.nix")`
			`];`
Systemd breakage 2019-12-03 16:25:24 +01:00
			`boot = {`
			`isContainer = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`loader = {`
Systemd breakage 2019-12-03 16:25:24 +01:00			`grub.enable = false;`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`# /sbin/init`
Systemd breakage 2019-12-03 16:25:24 +01:00			`initScript.enable = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
			`};`

lib/lxc-container: make /etc/resolve.conf nameserver setting multi-line 2021-09-20 22:11:41 +02:00			`environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''`
			`nameserver ${ns}`
			`'') config.networking.nameservers;`
Systemd breakage 2019-12-03 16:25:24 +01:00
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`fileSystems."/" = {`
lib/lxc-container: disable DHCP globablly It is still configured for eth0. 2019-12-03 16:18:02 +01:00			`fsType = "rootfs";`
static ipv4 configuration for containers in the serv subnet 2020-05-22 17:24:56 +02:00			`device = "rootfs";`
config/lxc-container: use dnscache addrs from hostRegistry 2022-01-20 03:04:04 +01:00			`};`
activate central logging 2019-07-04 04:23:39 +02:00
lib/lxc-container: net.ipv6.conf.*.use_tempaddr=0 2019-11-03 21:14:31 +01:00			`nix = {`
lxc-container: don;t useDHCP by default 2020-05-22 18:34:09 +02:00			`useSandbox = false;`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`maxJobs = lib.mkDefault 1;`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`buildCores = lib.mkDefault 4;`
lib/lxc-container: net.ipv6.conf.*.use_tempaddr=0 2019-11-03 21:14:31 +01:00			`};`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00
config/lxc-container: use dnscache addrs from hostRegistry 2022-01-20 03:04:04 +01:00			`networking = {`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`interfaces.eth0 = {`
lib/lxc-container: disable DHCP globablly It is still configured for eth0. 2019-12-03 16:18:02 +01:00			`useDHCP = false;`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`tempAddress = "disabled";`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`nameservers = with hostRegistry.hosts.dnscache; [`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`ip4`
			`ip6`
config/lxc-container: use dnscache addrs from hostRegistry 2022-01-20 03:04:04 +01:00			`"9.9.9.9"`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`];`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`networkmanager.dns = "unbound";`
lib/lxc-container: disable DHCP globablly It is still configured for eth0. 2019-12-03 16:18:02 +01:00			`useDHCP = false;`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`useHostResolvConf = false;`
			`useNetworkd = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
activate central logging 2019-07-04 04:23:39 +02:00
			`services = {`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`# Required for remote deployment`
			`openssh.enable = true;`
			`resolved.enable = false;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00
			`# Create a few files early before packing tarball for Proxmox architecture/OS detection.`
Nixfmt everything 2021-02-22 11:45:12 +01:00			`system.extraSystemBuilderCmds = ''`
			`mkdir -m 0755 -p $out/bin`
			`ln -s ${pkgs.bash}/bin/bash $out/bin/sh`
			`mkdir -m 0755 -p $out/sbin`
			`ln -s ../init $out/sbin/init`
			`'';`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00
Nixfmt everything 2021-02-22 11:45:12 +01:00			`systemd.network.networks."40-eth0".networkConfig = {`
activate central logging 2019-07-04 04:23:39 +02:00			`IPv6AcceptRA = true;`
Refactor host registry 2022-01-16 13:26:37 +01:00			`LinkLocalAddressing = "ipv6";`
activate central logging 2019-07-04 04:23:39 +02:00			`};`
refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00			`}`