lxc: progress, nixcloud-webservices
This commit is contained in:
parent
2e8ca6c52f
commit
2e2fa3b8f1
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ lib, ... }:
|
||||
|
||||
let
|
||||
yggaddr = import ../yggaddr.nix;
|
||||
|
@ -47,6 +47,7 @@ in {
|
|||
lxc.containers = {
|
||||
trivial = {
|
||||
nixos-config = "/tmp/trivial.nix";
|
||||
lxc = {};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs,
|
||||
... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
nixcloud-webservices = builtins.fetchGit {
|
||||
url = "https://github.com/nixcloud/nixcloud-webservices.git";
|
||||
};
|
||||
nixcloud = (
|
||||
import "${nixcloud-webservices}/pkgs" { inherit pkgs; }
|
||||
).nixcloud;
|
||||
|
||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
||||
containers = config.lxc.containers;
|
||||
nixPath = config.nix.nixPath;
|
||||
|
@ -37,15 +45,21 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf (containers != {}) {
|
||||
environment = {
|
||||
systemPackages = [ pkgs.lxc pkgs.apparmor-parser lxc-rootfs ];
|
||||
pathsToLink = [ "/share/lxc" ];
|
||||
};
|
||||
virtualisation.lxc = {
|
||||
enable = true;
|
||||
};
|
||||
virtualisation.lxc.enable = true;
|
||||
environment.systemPackages = [ nixcloud.container ];
|
||||
|
||||
systemd.services =
|
||||
virtualisation.lxc.defaultConfig = ''
|
||||
lxc.id_map = u 0 100000 65536
|
||||
lxc.id_map = g 0 100000 65536
|
||||
'';
|
||||
users.users.root.subGidRanges = [
|
||||
{ count = 65536; startGid = 100000; }
|
||||
];
|
||||
users.users.root.subUidRanges = [
|
||||
{ count = 65536; startUid = 100000; }
|
||||
];
|
||||
|
||||
systemd.services = if true then {} else
|
||||
builtins.foldl' (services: name:
|
||||
let
|
||||
systemDir = "/${profilesDir}/${name}/system";
|
||||
|
@ -59,15 +73,13 @@ in {
|
|||
];
|
||||
autodev = 1;
|
||||
include = "/run/current-system/sw/share/lxc/config/common.conf";
|
||||
# TODO: userns?
|
||||
# TODO: apparmor?
|
||||
apparmor.profile = "generated";
|
||||
environment = "TERM=linux";
|
||||
};
|
||||
};
|
||||
config = builtins.getAttr name containers;
|
||||
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
|
||||
# TODO: better merging
|
||||
# TODO: more intelligent merging?
|
||||
(toLxcConfig (lxcDefaults // config.lxc));
|
||||
|
||||
builder = {
|
||||
|
|
Loading…
Reference in New Issue