diff options
| author | Mario Rodas <marsam@users.noreply.github.com> | 2023-09-28 02:17:27 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-28 02:17:27 -0500 |
| commit | 25b9f4d2b66203dca5bb1a6e15862c6da5982d42 (patch) | |
| tree | 6b89d56a9645a8276e917278a82b3a6c732a1456 | |
| parent | a9f6c4e42df9296e3994fdf1f6af9ec99ec385bc (diff) | |
| parent | 8565cd862a614cc53a5798d398b8b11d98122ba0 (diff) | |
| download | nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar.gz nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar.bz2 nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar.lz nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar.xz nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.tar.zst nixpkgs-25b9f4d2b66203dca5bb1a6e15862c6da5982d42.zip | |
Merge pull request #255116 from adamcstephens/lxd/udev-container
systemd: allow udev-trigger to run on lxd containers with nesting
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/lxc-container.nix | 19 |
2 files changed, 11 insertions, 10 deletions
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 8e38072b4c6..06027a946b2 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -53,7 +53,7 @@ let "systemd-udevd-kernel.socket" "systemd-udevd.service" "systemd-udev-settle.service" - ] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [ + ] ++ (optional (!config.boot.isContainer || config.virtualisation.lxc.nestedContainer) "systemd-udev-trigger.service") ++ [ # hwdb.bin is managed by NixOS # "systemd-hwdb-update.service" diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix index 9402d3bf37d..7f01b450433 100644 --- a/nixos/modules/virtualisation/lxc-container.nix +++ b/nixos/modules/virtualisation/lxc-container.nix @@ -9,15 +9,16 @@ in { options = { virtualisation.lxc = { - privilegedContainer = lib.mkOption { - type = lib.types.bool; - default = false; - description = lib.mdDoc '' - Whether this LXC container will be running as a privileged container or not. If set to `true` then - additional configuration will be applied to the `systemd` instance running within the container as - recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/). - ''; - }; + nestedContainer = lib.mkEnableOption (lib.mdDoc '' + Whether this container is configured as a nested container. On LXD containers this is recommended + for all containers and is enabled with `security.nesting = true`. + ''); + + privilegedContainer = lib.mkEnableOption (lib.mdDoc '' + Whether this LXC container will be running as a privileged container or not. If set to `true` then + additional configuration will be applied to the `systemd` instance running within the container as + recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/). + ''); }; }; |