diff options
| author | Matthew Bauer <mjbauer95@gmail.com> | 2020-06-11 10:49:40 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-11 10:49:40 -0500 |
| commit | 656783a3d1864fc94ed4183c267f641e644640d0 (patch) | |
| tree | b097fa2f314b9fa498170661b524ac0efc821d78 /nixos/modules/virtualisation | |
| parent | 2c7ec299fa29903cf0c93cb1d090dc2c85011c47 (diff) | |
| parent | 8ae7ac9e8c959cf0524331550f858549edd5152e (diff) | |
| download | nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar.gz nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar.bz2 nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar.lz nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar.xz nixlib-656783a3d1864fc94ed4183c267f641e644640d0.tar.zst nixlib-656783a3d1864fc94ed4183c267f641e644640d0.zip | |
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/lxd.nix | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 53b89a9f55b1..3958fc2c1d7c 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -15,7 +15,6 @@ in ###### interface options = { - virtualisation.lxd = { enable = mkOption { type = types.bool; @@ -25,12 +24,18 @@ in containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the <command>lxc</command> command line tool, among others. + + Most of the time, you'll also want to start lxcfs, so + that containers can "see" the limits: + <code> + virtualisation.lxc.lxcfs.enable = true; + </code> ''; }; package = mkOption { type = types.package; - default = pkgs.lxd; + default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; }; defaultText = "pkgs.lxd"; description = '' The LXD package to use. @@ -65,6 +70,7 @@ in with nixos. ''; }; + recommendedSysctlSettings = mkOption { type = types.bool; default = false; @@ -83,7 +89,6 @@ in ###### implementation config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; security.apparmor = { @@ -115,6 +120,12 @@ in LimitNOFILE = "1048576"; LimitNPROC = "infinity"; TasksMax = "infinity"; + + # By default, `lxd` loads configuration files from hard-coded + # `/usr/share/lxc/config` - since this is a no-go for us, we have to + # explicitly tell it where the actual configuration files are + Environment = mkIf (config.virtualisation.lxc.lxcfs.enable) + "LXD_LXC_TEMPLATE_CONFIG=${pkgs.lxcfs}/share/lxc/config"; }; }; |