diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/virtualisation/lxc.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-archive.tar nixpkgs-archive.tar.gz nixpkgs-archive.tar.bz2 nixpkgs-archive.tar.lz nixpkgs-archive.tar.xz nixpkgs-archive.tar.zst nixpkgs-archive.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/virtualisation/lxc.nix')
-rw-r--r-- | nixos/modules/virtualisation/lxc.nix | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix new file mode 100644 index 00000000000..0f8b22a45df --- /dev/null +++ b/nixos/modules/virtualisation/lxc.nix @@ -0,0 +1,86 @@ +# LXC Configuration + +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.virtualisation.lxc; + +in + +{ + ###### interface + + options.virtualisation.lxc = { + enable = + mkOption { + type = types.bool; + default = false; + description = + '' + This enables Linux Containers (LXC), which provides tools + for creating and managing system or application containers + on Linux. + ''; + }; + + systemConfig = + mkOption { + type = types.lines; + default = ""; + description = + '' + This is the system-wide LXC config. See + <citerefentry><refentrytitle>lxc.system.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. + ''; + }; + + defaultConfig = + mkOption { + type = types.lines; + default = ""; + description = + '' + Default config (default.conf) for new containers, i.e. for + network config. See <citerefentry><refentrytitle>lxc.container.conf + </refentrytitle><manvolnum>5</manvolnum></citerefentry>. + ''; + }; + + usernetConfig = + mkOption { + type = types.lines; + default = ""; + description = + '' + This is the config file for managing unprivileged user network + administration access in LXC. See <citerefentry> + <refentrytitle>lxc-usernet</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>. + ''; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.lxc ]; + environment.etc."lxc/lxc.conf".text = cfg.systemConfig; + environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig; + environment.etc."lxc/default.conf".text = cfg.defaultConfig; + systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; + + security.apparmor.packages = [ pkgs.lxc ]; + security.apparmor.policies = { + "bin.lxc-start".profile = '' + include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start + ''; + "lxc-containers".profile = '' + include ${pkgs.lxc}/etc/apparmor.d/lxc-containers + ''; + }; + }; +} |