forked from zentralwerk/network
lxc-containers.nix: start with non-ephemeral rootfs
This commit is contained in:
parent
7615d4d8de
commit
53cbe8e74b
|
@ -90,17 +90,7 @@ in
|
||||||
lxc.init.cmd = "/init"
|
lxc.init.cmd = "/init"
|
||||||
|
|
||||||
lxc.mount.entry = /nix/store nix/store none bind,ro 0 0
|
lxc.mount.entry = /nix/store nix/store none bind,ro 0 0
|
||||||
lxc.mount.entry = none nix/var tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none bin tmpfs defaults 0 0
|
|
||||||
#lxc.mount.entry = none dev tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none root tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none tmp tmpfs defaults 0 0
|
lxc.mount.entry = none tmp tmpfs defaults 0 0
|
||||||
# TODO: make non-ephemeral
|
|
||||||
lxc.mount.entry = none var tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none home tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none usr tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none run tmpfs defaults 0 0
|
|
||||||
lxc.mount.entry = none etc tmpfs defaults 0 0
|
|
||||||
lxc,mount.auto = proc:mixed sys:ro cgroup:mixed
|
lxc,mount.auto = proc:mixed sys:ro cgroup:mixed
|
||||||
|
|
||||||
lxc.autodev = 1
|
lxc.autodev = 1
|
||||||
|
@ -129,10 +119,15 @@ in
|
||||||
path = [ config.nix.package pkgs.util-linux pkgs.git ];
|
path = [ config.nix.package pkgs.util-linux pkgs.git ];
|
||||||
scriptArgs = "%i";
|
scriptArgs = "%i";
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p /var/lib/lxc/$1
|
mkdir -p /nix/var/nix/gcroots/lxc
|
||||||
[ ! -e /var/lib/lxc/$1/rootfs ] &&
|
|
||||||
|
[ ! -e /nix/var/nix/gcroots/lxc/$1 ] &&
|
||||||
flock /tmp/lxc-rootfs-build.lock -c \
|
flock /tmp/lxc-rootfs-build.lock -c \
|
||||||
"nix build -o /var/lib/lxc/$1/rootfs zentralwerk-network#$1-rootfs"
|
"nix build -o /nix/var/nix/gcroots/lxc/$1 zentralwerk-network#$1-rootfs"
|
||||||
|
|
||||||
|
SYSTEM=$(readlink /nix/var/nix/gcroots/lxc/$1)
|
||||||
|
mkdir -p /var/lib/lxc/$1/rootfs/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
|
||||||
|
ln -fs $SYSTEM/init /var/lib/lxc/$1/rootfs/init
|
||||||
exit 0
|
exit 0
|
||||||
'';
|
'';
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
|
@ -156,12 +151,13 @@ in
|
||||||
in
|
in
|
||||||
"${script} %i";
|
"${script} %i";
|
||||||
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
|
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
|
||||||
|
# TODO: fails on writing /init
|
||||||
ExecReload =
|
ExecReload =
|
||||||
let
|
let
|
||||||
script = pkgs.writeScript "reload-lxc-container.sh" ''
|
script = pkgs.writeScript "reload-lxc-container.sh" ''
|
||||||
#! ${pkgs.runtimeShell} -e
|
#! ${pkgs.runtimeShell} -e
|
||||||
|
|
||||||
SYSTEM=$(dirname $(readlink $(readlink /var/lib/lxc/$1/rootfs)/init))
|
SYSTEM=$(dirname $(readlink /var/lib/lxc/$1/rootfs/init))
|
||||||
exec ${pkgs.lxc}/bin/lxc-attach -n $1 $SYSTEM/activate
|
exec ${pkgs.lxc}/bin/lxc-attach -n $1 $SYSTEM/activate
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
|
@ -26,14 +26,7 @@ let
|
||||||
);
|
);
|
||||||
|
|
||||||
mkRootfs = hostName:
|
mkRootfs = hostName:
|
||||||
pkgs.runCommandLocal "rootfs_${hostName}" {
|
self.nixosConfigurations.${hostName}.config.system.build.toplevel;
|
||||||
src = self.nixosConfigurations.${hostName}.config.system.build.toplevel;
|
|
||||||
} ''
|
|
||||||
set -x
|
|
||||||
mkdir -p $out/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
|
|
||||||
ln -s $src/init $out/
|
|
||||||
ln -s $src/etc $out/etc/static
|
|
||||||
'';
|
|
||||||
|
|
||||||
rootfs-packages =
|
rootfs-packages =
|
||||||
builtins.foldl' (rootfs: hostName: rootfs // {
|
builtins.foldl' (rootfs: hostName: rootfs // {
|
||||||
|
|
Loading…
Reference in New Issue