mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-10 01:33:11 +01:00
6b5020dc9c
Eventually we'd like to change our posture on this, and somehow ensure that 'init' is always our systemd binary, but for now containers require us to do it this way.
127 lines
3.4 KiB
Nix
127 lines
3.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
meta = {
|
|
maintainers = lib.teams.lxc.members;
|
|
};
|
|
|
|
imports = [
|
|
./lxc-instance-common.nix
|
|
|
|
(lib.mkRemovedOptionModule [
|
|
"virtualisation"
|
|
"lxc"
|
|
"nestedContainer"
|
|
] "")
|
|
(lib.mkRemovedOptionModule [
|
|
"virtualisation"
|
|
"lxc"
|
|
"privilegedContainer"
|
|
] "")
|
|
];
|
|
|
|
options = { };
|
|
|
|
config =
|
|
|
|
{
|
|
boot.isContainer = true;
|
|
boot.postBootCommands = ''
|
|
# After booting, register the contents of the Nix store in the Nix
|
|
# database.
|
|
if [ -f /nix-path-registration ]; then
|
|
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
|
|
rm /nix-path-registration
|
|
fi
|
|
|
|
# nixos-rebuild also requires a "system" profile
|
|
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
|
'';
|
|
|
|
# supplement 99-ethernet-default-dhcp which excludes veth
|
|
systemd.network = lib.mkIf config.networking.useDHCP {
|
|
networks."99-lxc-veth-default-dhcp" = {
|
|
matchConfig = {
|
|
Type = "ether";
|
|
Kind = "veth";
|
|
Name = [
|
|
"en*"
|
|
"eth*"
|
|
];
|
|
};
|
|
DHCP = "yes";
|
|
networkConfig.IPv6PrivacyExtensions = "kernel";
|
|
};
|
|
};
|
|
|
|
system.nixos.tags = lib.mkOverride 99 [ "lxc" ];
|
|
image.extension = "tar.xz";
|
|
image.filePath = "tarball/${config.image.fileName}";
|
|
system.build.image = lib.mkOverride 99 config.system.build.tarball;
|
|
|
|
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
|
|
fileName = config.image.baseName;
|
|
extraArgs = "--owner=0";
|
|
|
|
storeContents = [
|
|
{
|
|
object = config.system.build.toplevel;
|
|
symlink = "none";
|
|
}
|
|
];
|
|
|
|
contents = [
|
|
{
|
|
source = config.system.build.toplevel + "/init";
|
|
target = "/sbin/init";
|
|
}
|
|
# Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
|
|
# Nixos will setup the same symlink after start.
|
|
{
|
|
source = config.system.build.toplevel + "/etc/os-release";
|
|
target = "/etc/os-release";
|
|
}
|
|
];
|
|
|
|
extraCommands = "mkdir -p proc sys dev";
|
|
};
|
|
|
|
system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
|
|
fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
|
|
|
|
hydraBuildProduct = true;
|
|
noStrip = true; # keep directory structure
|
|
comp = "zstd -Xcompression-level 6";
|
|
|
|
storeContents = [ config.system.build.toplevel ];
|
|
|
|
pseudoFiles = [
|
|
"/sbin d 0755 0 0"
|
|
"/sbin/init s 0555 0 0 ${config.system.build.toplevel}/init"
|
|
"/dev d 0755 0 0"
|
|
"/proc d 0555 0 0"
|
|
"/sys d 0555 0 0"
|
|
];
|
|
};
|
|
|
|
system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
|
|
#!${pkgs.runtimeShell}
|
|
${pkgs.coreutils}/bin/ln -fs "$1/init" /sbin/init
|
|
'';
|
|
|
|
# networkd depends on this, but systemd module disables this for containers
|
|
systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ];
|
|
|
|
systemd.packages = [ pkgs.distrobuilder.generator ];
|
|
|
|
system.activationScripts.installInitScript = lib.mkForce ''
|
|
ln -fs $systemConfig/init /sbin/init
|
|
'';
|
|
};
|
|
}
|