lxc-containers.nix: start with non-ephemeral rootfs

This commit is contained in:
Astro 2021-04-04 20:00:40 +02:00
parent 7615d4d8de
commit 53cbe8e74b
2 changed files with 11 additions and 22 deletions

View File

@ -90,17 +90,7 @@ in
lxc.init.cmd = "/init"
lxc.mount.entry = /nix/store nix/store none bind,ro 0 0
lxc.mount.entry = none nix/var tmpfs defaults 0 0
lxc.mount.entry = none bin tmpfs defaults 0 0
#lxc.mount.entry = none dev tmpfs defaults 0 0
lxc.mount.entry = none root tmpfs defaults 0 0
lxc.mount.entry = none tmp tmpfs defaults 0 0
# TODO: make non-ephemeral
lxc.mount.entry = none var tmpfs defaults 0 0
lxc.mount.entry = none home tmpfs defaults 0 0
lxc.mount.entry = none usr tmpfs defaults 0 0
lxc.mount.entry = none run tmpfs defaults 0 0
lxc.mount.entry = none etc tmpfs defaults 0 0
lxc,mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.autodev = 1
@ -129,10 +119,15 @@ in
path = [ config.nix.package pkgs.util-linux pkgs.git ];
scriptArgs = "%i";
script = ''
mkdir -p /var/lib/lxc/$1
[ ! -e /var/lib/lxc/$1/rootfs ] &&
mkdir -p /nix/var/nix/gcroots/lxc
[ ! -e /nix/var/nix/gcroots/lxc/$1 ] &&
flock /tmp/lxc-rootfs-build.lock -c \
"nix build -o /var/lib/lxc/$1/rootfs zentralwerk-network#$1-rootfs"
"nix build -o /nix/var/nix/gcroots/lxc/$1 zentralwerk-network#$1-rootfs"
SYSTEM=$(readlink /nix/var/nix/gcroots/lxc/$1)
mkdir -p /var/lib/lxc/$1/rootfs/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
ln -fs $SYSTEM/init /var/lib/lxc/$1/rootfs/init
exit 0
'';
serviceConfig.Type = "oneshot";
@ -156,12 +151,13 @@ in
in
"${script} %i";
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
# TODO: fails on writing /init
ExecReload =
let
script = pkgs.writeScript "reload-lxc-container.sh" ''
#! ${pkgs.runtimeShell} -e
SYSTEM=$(dirname $(readlink $(readlink /var/lib/lxc/$1/rootfs)/init))
SYSTEM=$(dirname $(readlink /var/lib/lxc/$1/rootfs/init))
exec ${pkgs.lxc}/bin/lxc-attach -n $1 $SYSTEM/activate
'';
in

View File

@ -26,14 +26,7 @@ let
);
mkRootfs = hostName:
pkgs.runCommandLocal "rootfs_${hostName}" {
src = self.nixosConfigurations.${hostName}.config.system.build.toplevel;
} ''
set -x
mkdir -p $out/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
ln -s $src/init $out/
ln -s $src/etc $out/etc/static
'';
self.nixosConfigurations.${hostName}.config.system.build.toplevel;
rootfs-packages =
builtins.foldl' (rootfs: hostName: rootfs // {