Disable various services when running inside a container

5 files changed, 9 insertions, 0 deletions

diff --git a/nixos/modules/services/audio/alsa.nix b/nixos/modules/services/audio/alsa.nix
index d021b8bd3ba..c9a2ef4589b 100644
--- a/nixos/modules/services/audio/alsa.nix
+++ b/nixos/modules/services/audio/alsa.nix
@@ -55,6 +55,7 @@ in
       { description = "Store Sound Card State";
         wantedBy = [ "multi-user.target" ];
         unitConfig.RequiresMountsFor = "/var/lib/alsa";
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
diff --git a/nixos/modules/services/hardware/acpid.nix b/nixos/modules/services/hardware/acpid.nix
index adba6394dcf..2329f38dfc2 100644
--- a/nixos/modules/services/hardware/acpid.nix
+++ b/nixos/modules/services/hardware/acpid.nix
@@ -110,6 +110,7 @@ in
 
         exec = "acpid --confdir ${acpiConfDir}";
 
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
         unitConfig.ConditionPathExists = [ "/proc/acpi" ];
       };
 
diff --git a/nixos/modules/services/logging/klogd.nix b/nixos/modules/services/logging/klogd.nix
index d7d0bbf89a5..36b530d0077 100644
--- a/nixos/modules/services/logging/klogd.nix
+++ b/nixos/modules/services/logging/klogd.nix
@@ -32,6 +32,8 @@ with pkgs.lib;
 
         path = [ pkgs.sysklogd ];
 
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
+
         exec =
           "klogd -c 1 -2 -n " +
           "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index 1707828d0db..1aefe75931b 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -279,6 +279,7 @@ in
       { description = "Nix Daemon Socket";
         wantedBy = [ "sockets.target" ];
         before = [ "multi-user.target" ];
+        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
         socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
       };
 
@@ -290,6 +291,8 @@ in
 
         environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
 
+        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
+
         serviceConfig =
           { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
             KillMode = "process";
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
index 07b5606eaca..ea263b3c89d 100644
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -114,6 +114,8 @@ in
 
         path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
 
+        unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+
         serviceConfig =
           { Type = "forking";
             PIDFile = "/run/dhcpcd.pid";