lxc: progress, nixcloud-webservices
This commit is contained in:
parent
2e8ca6c52f
commit
2e2fa3b8f1
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
yggaddr = import ../yggaddr.nix;
|
yggaddr = import ../yggaddr.nix;
|
||||||
|
|
@ -47,6 +47,7 @@ in {
|
||||||
lxc.containers = {
|
lxc.containers = {
|
||||||
trivial = {
|
trivial = {
|
||||||
nixos-config = "/tmp/trivial.nix";
|
nixos-config = "/tmp/trivial.nix";
|
||||||
|
lxc = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,15 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs,
|
||||||
|
... }:
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
nixcloud-webservices = builtins.fetchGit {
|
||||||
|
url = "https://github.com/nixcloud/nixcloud-webservices.git";
|
||||||
|
};
|
||||||
|
nixcloud = (
|
||||||
|
import "${nixcloud-webservices}/pkgs" { inherit pkgs; }
|
||||||
|
).nixcloud;
|
||||||
|
|
||||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
profilesDir = "/nix/var/nix/profiles/lxc";
|
||||||
containers = config.lxc.containers;
|
containers = config.lxc.containers;
|
||||||
nixPath = config.nix.nixPath;
|
nixPath = config.nix.nixPath;
|
||||||
|
|
@ -37,15 +45,21 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (containers != {}) {
|
config = mkIf (containers != {}) {
|
||||||
environment = {
|
virtualisation.lxc.enable = true;
|
||||||
systemPackages = [ pkgs.lxc pkgs.apparmor-parser lxc-rootfs ];
|
environment.systemPackages = [ nixcloud.container ];
|
||||||
pathsToLink = [ "/share/lxc" ];
|
|
||||||
};
|
|
||||||
virtualisation.lxc = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services =
|
virtualisation.lxc.defaultConfig = ''
|
||||||
|
lxc.id_map = u 0 100000 65536
|
||||||
|
lxc.id_map = g 0 100000 65536
|
||||||
|
'';
|
||||||
|
users.users.root.subGidRanges = [
|
||||||
|
{ count = 65536; startGid = 100000; }
|
||||||
|
];
|
||||||
|
users.users.root.subUidRanges = [
|
||||||
|
{ count = 65536; startUid = 100000; }
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services = if true then {} else
|
||||||
builtins.foldl' (services: name:
|
builtins.foldl' (services: name:
|
||||||
let
|
let
|
||||||
systemDir = "/${profilesDir}/${name}/system";
|
systemDir = "/${profilesDir}/${name}/system";
|
||||||
|
|
@ -59,15 +73,13 @@ in {
|
||||||
];
|
];
|
||||||
autodev = 1;
|
autodev = 1;
|
||||||
include = "/run/current-system/sw/share/lxc/config/common.conf";
|
include = "/run/current-system/sw/share/lxc/config/common.conf";
|
||||||
# TODO: userns?
|
|
||||||
# TODO: apparmor?
|
|
||||||
apparmor.profile = "generated";
|
apparmor.profile = "generated";
|
||||||
environment = "TERM=linux";
|
environment = "TERM=linux";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = builtins.getAttr name containers;
|
config = builtins.getAttr name containers;
|
||||||
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
|
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
|
||||||
# TODO: better merging
|
# TODO: more intelligent merging?
|
||||||
(toLxcConfig (lxcDefaults // config.lxc));
|
(toLxcConfig (lxcDefaults // config.lxc));
|
||||||
|
|
||||||
builder = {
|
builder = {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue