2014-09-21 19:29:15 +00:00
|
|
|
# LXC Configuration
|
|
|
|
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
cfg = config.virtualisation.lxc;
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options.virtualisation.lxc = {
|
|
|
|
enable =
|
|
|
|
mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
This enables Linux Containers (LXC), which provides tools
|
|
|
|
for creating and managing system or application containers
|
|
|
|
on Linux.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
systemConfig =
|
|
|
|
mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
description =
|
|
|
|
''
|
2015-02-25 06:50:24 +00:00
|
|
|
This is the system-wide LXC config. See
|
|
|
|
<citerefentry><refentrytitle>lxc.system.conf</refentrytitle>
|
|
|
|
<manvolnum>5</manvolnum></citerefentry>.
|
2014-09-21 19:29:15 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
defaultConfig =
|
|
|
|
mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
Default config (default.conf) for new containers, i.e. for
|
2015-02-25 06:50:24 +00:00
|
|
|
network config. See <citerefentry><refentrytitle>lxc.container.conf
|
|
|
|
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
2014-09-21 19:29:15 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
usernetConfig =
|
|
|
|
mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
This is the config file for managing unprivileged user network
|
2015-02-25 06:50:24 +00:00
|
|
|
administration access in LXC. See <citerefentry>
|
2019-12-17 23:37:08 +00:00
|
|
|
<refentrytitle>lxc-usernet</refentrytitle><manvolnum>5</manvolnum>
|
2015-02-25 06:50:24 +00:00
|
|
|
</citerefentry>.
|
2014-09-21 19:29:15 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.systemPackages = [ pkgs.lxc ];
|
|
|
|
environment.etc."lxc/lxc.conf".text = cfg.systemConfig;
|
|
|
|
environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig;
|
|
|
|
environment.etc."lxc/default.conf".text = cfg.defaultConfig;
|
2017-03-14 11:34:04 +00:00
|
|
|
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
|
2014-09-21 19:29:15 +00:00
|
|
|
|
2017-01-10 21:47:23 +00:00
|
|
|
security.apparmor.packages = [ pkgs.lxc ];
|
2020-10-18 13:36:24 +00:00
|
|
|
security.apparmor.policies = {
|
|
|
|
"bin.lxc-start".profile = ''
|
|
|
|
include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start
|
|
|
|
'';
|
|
|
|
"lxc-containers".profile = ''
|
|
|
|
include ${pkgs.lxc}/etc/apparmor.d/lxc-containers
|
|
|
|
'';
|
|
|
|
};
|
2014-09-21 19:29:15 +00:00
|
|
|
};
|
|
|
|
}
|