blob: 3913b474afbee11c22955c4c87a848f53632cf46 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
{ config, pkgs, lib, ... }:
with lib;
{
options.proxmoxLXC = {
privileged = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable privileged mounts
'';
};
manageNetwork = mkOption {
type = types.bool;
default = false;
description = ''
Whether to manage network interfaces through nix options
When false, systemd-networkd is enabled to accept network
configuration from proxmox.
'';
};
};
config =
let
cfg = config.proxmoxLXC;
in
{
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
storeContents = [{
object = config.system.build.toplevel;
symlink = "none";
}];
contents = [{
source = config.system.build.toplevel + "/init";
target = "/sbin/init";
}];
extraCommands = "mkdir -p root etc/systemd/network";
};
boot = {
isContainer = true;
loader.initScript.enable = true;
};
networking = mkIf (!cfg.manageNetwork) {
useDHCP = false;
useHostResolvConf = false;
useNetworkd = true;
};
services.openssh = {
enable = mkDefault true;
startWhenNeeded = mkDefault true;
};
systemd.mounts = mkIf (!cfg.privileged)
[{ where = "/sys/kernel/debug"; enable = false; }];
};
}
|