# For lxcfs and sane defaults
lxc.include = /usr/share/lxc/config/common.conf

lxc.utsname = {{ id }}
# Handled by lxc@.service
lxc.start.auto = 0
lxc.rootfs = /var/lib/lxc/{{ id }}/rootfs
lxc.rootfs.backend = dir

lxc.autodev = 1
lxc.kmsg = 0

{%- set n = 0 %}
{%- for net, conf in container['interfaces'].items() %}
lxc.network.type={{ conf['type'] }}
lxc.network.flags=up
{%-   if conf.get('hwaddr') %}
lxc.network.hwaddr={{ conf['hwaddr'] }}
{%-   else %}
lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str__().rjust(2, '0') }}
{%-   endif %}
{%- if conf['type'] == 'veth' %}
lxc.network.veth.pair={{ id }}-{{ net }}
{%- endif %}

{%- set hosts = pillar['hosts-inet'].get(net) %}
{%- set inet_addr = hosts and hosts.get(id) %}
{%- if inet_addr %}
{%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
{%- endif %}
{%- set gw = conf.get('gw') %}
{%- if gw %}
lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
{%- endif %}

{%- for ctx, hosts in pillar['hosts-inet6'].items() %}
{%-   set hosts6 = hosts.get(net) %}
{%-   set inet6_addr = hosts6 and hosts6.get(id) %}
{%-   set prefix6 = pillar['subnets-inet6'][ctx].get(net) %}
{%-   if inet6_addr and prefix6 %}
{%-     set prefix6_len = prefix6.split('/')[1] %}
lxc.network.ipv6={{ inet6_addr }}/{{ prefix6_len }}
{%-   endif %}
{%-   set gw6 = conf.get('gw6') %}
{%-   if gw6 and hosts.get(net) and hosts[net].get(gw6) %}
lxc.network.ipv6.gateway={{ hosts[net][gw6] }}
{%-   endif %}
{%- endfor %}

{%- if conf['type'] == 'veth' %}
lxc.network.link=br-{{ net }}
{%- elif conf['type'] == 'phys' %}
lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
{%- endif %}
lxc.network.name={{ net }}

{%- set n = n + 1 %}
{%- endfor %}


lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod

lxc.cgroup.memory.limit_in_bytes = 4G
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 512M


# tuntap
lxc.cgroup.devices.allow = c 10:200 rw
lxc.hook.autodev = /var/lib/lxc/autodev.sh