nixos-containers: bindMounts: change default to readOnly. use EXTRA_NSPAWN_FLAGS

2024-11-01 15:11:25 +00:00 · 2015-05-26 13:41:31 +00:00 · 2015-05-26 13:41:31 +00:00 · ae2279bcdb
commit ae2279bcdb
parent 4d551227c9
1 changed files with 7 additions and 9 deletions
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@ -47,7 +47,7 @@ let
      mountPoint = mkOption {
        example = "/mnt/usb";
        type = types.str;
-        description = "Location of the mounted in the container file systems";
+        description = "Mount point on the container file system";
      };
      hostPath = mkOption {
        default = null;
@ -56,7 +56,7 @@ let
        description = "Location of the host path to be mounted";
      };
      isReadOnly = mkOption {
-        default = false;
+        default = true;
        example = true;
        type = types.bool;
        description = "Determine whether the mounted path will be accessed in read-only mode";
@ -288,7 +288,7 @@ in
            exec ${config.systemd.package}/bin/systemd-nspawn \
              --keep-unit \
              -M "$INSTANCE" -D "$root" $extraFlags \
-              $EXTRABINDS \
+              $EXTRA_NSPAWN_FLAGS \
              --bind-ro=/nix/store \
              --bind-ro=/nix/var/nix/db \
              --bind-ro=/nix/var/nix/daemon-socket \
@ -384,12 +384,10 @@ in
                LOCAL_ADDRESS=${cfg.localAddress}
              ''}
            ''}
-           ${optionalString cfg.autoStart ''
-             AUTO_START=1
-           ''}
-
-           EXTRABINDS="${mkBindFlags cfg.bindMounts}"
-
+            ${optionalString cfg.autoStart ''
+              AUTO_START=1
+            ''}
+            EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}"
          '';
      }) config.containers;