lxc-containers.nix: start with non-ephemeral rootfs
This commit is contained in:
parent
7615d4d8de
commit
53cbe8e74b
|
@ -90,17 +90,7 @@ in
|
|||
lxc.init.cmd = "/init"
|
||||
|
||||
lxc.mount.entry = /nix/store nix/store none bind,ro 0 0
|
||||
lxc.mount.entry = none nix/var tmpfs defaults 0 0
|
||||
lxc.mount.entry = none bin tmpfs defaults 0 0
|
||||
#lxc.mount.entry = none dev tmpfs defaults 0 0
|
||||
lxc.mount.entry = none root tmpfs defaults 0 0
|
||||
lxc.mount.entry = none tmp tmpfs defaults 0 0
|
||||
# TODO: make non-ephemeral
|
||||
lxc.mount.entry = none var tmpfs defaults 0 0
|
||||
lxc.mount.entry = none home tmpfs defaults 0 0
|
||||
lxc.mount.entry = none usr tmpfs defaults 0 0
|
||||
lxc.mount.entry = none run tmpfs defaults 0 0
|
||||
lxc.mount.entry = none etc tmpfs defaults 0 0
|
||||
lxc,mount.auto = proc:mixed sys:ro cgroup:mixed
|
||||
|
||||
lxc.autodev = 1
|
||||
|
@ -129,10 +119,15 @@ in
|
|||
path = [ config.nix.package pkgs.util-linux pkgs.git ];
|
||||
scriptArgs = "%i";
|
||||
script = ''
|
||||
mkdir -p /var/lib/lxc/$1
|
||||
[ ! -e /var/lib/lxc/$1/rootfs ] &&
|
||||
mkdir -p /nix/var/nix/gcroots/lxc
|
||||
|
||||
[ ! -e /nix/var/nix/gcroots/lxc/$1 ] &&
|
||||
flock /tmp/lxc-rootfs-build.lock -c \
|
||||
"nix build -o /var/lib/lxc/$1/rootfs zentralwerk-network#$1-rootfs"
|
||||
"nix build -o /nix/var/nix/gcroots/lxc/$1 zentralwerk-network#$1-rootfs"
|
||||
|
||||
SYSTEM=$(readlink /nix/var/nix/gcroots/lxc/$1)
|
||||
mkdir -p /var/lib/lxc/$1/rootfs/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
|
||||
ln -fs $SYSTEM/init /var/lib/lxc/$1/rootfs/init
|
||||
exit 0
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -156,12 +151,13 @@ in
|
|||
in
|
||||
"${script} %i";
|
||||
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
|
||||
# TODO: fails on writing /init
|
||||
ExecReload =
|
||||
let
|
||||
script = pkgs.writeScript "reload-lxc-container.sh" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
SYSTEM=$(dirname $(readlink $(readlink /var/lib/lxc/$1/rootfs)/init))
|
||||
SYSTEM=$(dirname $(readlink /var/lib/lxc/$1/rootfs/init))
|
||||
exec ${pkgs.lxc}/bin/lxc-attach -n $1 $SYSTEM/activate
|
||||
'';
|
||||
in
|
||||
|
|
|
@ -26,14 +26,7 @@ let
|
|||
);
|
||||
|
||||
mkRootfs = hostName:
|
||||
pkgs.runCommandLocal "rootfs_${hostName}" {
|
||||
src = self.nixosConfigurations.${hostName}.config.system.build.toplevel;
|
||||
} ''
|
||||
set -x
|
||||
mkdir -p $out/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
|
||||
ln -s $src/init $out/
|
||||
ln -s $src/etc $out/etc/static
|
||||
'';
|
||||
self.nixosConfigurations.${hostName}.config.system.build.toplevel;
|
||||
|
||||
rootfs-packages =
|
||||
builtins.foldl' (rootfs: hostName: rootfs // {
|
||||
|
|
Loading…
Reference in New Issue