lxc-containers.nix: get working
This commit is contained in:
parent
74c10c0446
commit
ea515088b3
|
@ -124,35 +124,58 @@ in
|
||||||
} (builtins.attrNames containers);
|
} (builtins.attrNames containers);
|
||||||
|
|
||||||
systemd.services."lxc-rootfs@" = {
|
systemd.services."lxc-rootfs@" = {
|
||||||
description = "Build a NixOS rootfs for LXC container '%i'";
|
description = "rootfs for '%i'";
|
||||||
wants = [ "nix-daemon.service" ];
|
wants = [ "nix-daemon.service" ];
|
||||||
path = [ config.nix.package pkgs.util-linux pkgs.git ];
|
path = [ config.nix.package pkgs.util-linux pkgs.git ];
|
||||||
scriptArgs = "%i";
|
scriptArgs = "%i";
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p /var/lib/lxc/$1
|
mkdir -p /var/lib/lxc/$1
|
||||||
|
[ ! -e /var/lib/lxc/$1/rootfs ] &&
|
||||||
flock /tmp/lxc-rootfs-build.lock -c \
|
flock /tmp/lxc-rootfs-build.lock -c \
|
||||||
"nix build -o /var/lib/lxc/$1/rootfs zentralwerk-network#$1-rootfs"
|
"nix build -o /var/lib/lxc/$1/rootfs zentralwerk-network#$1-rootfs"
|
||||||
|
exit 0
|
||||||
'';
|
'';
|
||||||
unitConfig.ConditionPathExists = "!/var/lib/lxc/%i/rootfs";
|
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."lxc@" = {
|
systemd.services."lxc@" = {
|
||||||
description = "LXC container '%i'";
|
description = "LXC container '%i'";
|
||||||
wants = [ "systemd-networkd.service" ];
|
wants = [ "systemd-networkd.service" ];
|
||||||
requires = [ "lxc-rootfs@%i.service" ];
|
requires = [ "lxc-rootfs@%i.service" ];
|
||||||
unitConfig.ConditionPathExists = "/var/lib/lxc/%i/rootfs";
|
after = [ "lxc-rootfs@%i.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${pkgs.lxc}/bin/lxc-start -F -C -n %i";
|
ExecStart =
|
||||||
|
let
|
||||||
|
script = pkgs.writeScript "start-lxc-container.sh" ''
|
||||||
|
#! ${pkgs.stdenv.shell} -e
|
||||||
|
|
||||||
|
[ -e /var/lib/lxc/$1/rootfs ]
|
||||||
|
exec ${pkgs.lxc}/bin/lxc-start -F -C -n $1
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
"${script} %i";
|
||||||
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
|
ExecStop = "${pkgs.lxc}/bin/lxc-stop -n %i";
|
||||||
|
ExecReload =
|
||||||
|
let
|
||||||
|
script = pkgs.writeScript "reload-lxc-container.sh" ''
|
||||||
|
#! ${pkgs.stdenv.shell} -e
|
||||||
|
|
||||||
|
SYSTEM=$(dirname $(readlink $(readlink /var/lib/lxc/$1/rootfs)/init))
|
||||||
|
exec ${pkgs.lxc}/bin/lxc-attach -n $1 $SYSTEM/activate
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
"${script} %i";
|
||||||
KillMode = "mixed";
|
KillMode = "mixed";
|
||||||
OOMPolicy = "kill";
|
OOMPolicy = "kill";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "5s";
|
RestartSec = "30s";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.targets.lxc-containers = {
|
systemd.targets.lxc-containers = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
wants = map (ctName: "lxc@${ctName}.service") (builtins.attrNames containers);
|
wants = map (ctName: "lxc@${ctName}.service")
|
||||||
|
(builtins.attrNames containers);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue