diff options
| author | Luca Bruno <lethalman88@gmail.com> | 2015-11-29 16:50:26 +0100 |
|---|---|---|
| committer | Luca Bruno <lethalman88@gmail.com> | 2015-11-29 16:50:26 +0100 |
| commit | 920b1d3591431837f4522ccff52fb65b241200cf (patch) | |
| tree | a63a1acebbee20444f4b3e9e2695ec712ba7aae3 /nixos/modules/virtualisation | |
| parent | 07a0204282224891492e7e1cfe72830a1fc32355 (diff) | |
| parent | a9056371a0a62da46ff88183a6535635ed085dec (diff) | |
| download | nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar.gz nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar.bz2 nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar.lz nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar.xz nixlib-920b1d3591431837f4522ccff52fb65b241200cf.tar.zst nixlib-920b1d3591431837f4522ccff52fb65b241200cf.zip | |
Merge branch 'master' into closure-size
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/containers.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 02cf1fe46a55..121ecbc9bf2c 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -47,6 +47,41 @@ let system = config.nixpkgs.system; + bindMountOpts = { name, config, ... }: { + + options = { + mountPoint = mkOption { + example = "/mnt/usb"; + type = types.str; + description = "Mount point on the container file system."; + }; + hostPath = mkOption { + default = null; + example = "/home/alice"; + type = types.nullOr types.str; + description = "Location of the host path to be mounted."; + }; + isReadOnly = mkOption { + default = true; + example = true; + type = types.bool; + description = "Determine whether the mounted path will be accessed in read-only mode."; + }; + }; + + config = { + mountPoint = mkDefault name; + }; + + }; + + mkBindFlag = d: + let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind="; + mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}"; + in flagPrefix + mountstr ; + + mkBindFlags = bs: concatMapStrings mkBindFlag (lib.attrValues bs); + in { @@ -142,6 +177,21 @@ in Wether the container is automatically started at boot-time. ''; }; + + bindMounts = mkOption { + type = types.loaOf types.optionSet; + options = [ bindMountOpts ]; + default = {}; + example = { "/home" = { hostPath = "/home/alice"; + isReadOnly = false; }; + }; + + description = + '' + An extra list of directories that is bound to the container. + ''; + }; + }; config = mkMerge @@ -249,12 +299,15 @@ in fi ''} + + # Run systemd-nspawn without startup notification (we'll # wait for the container systemd to signal readiness). EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \ exec ${config.systemd.package}/bin/systemd-nspawn \ --keep-unit \ -M "$INSTANCE" -D "$root" $extraFlags \ + $EXTRA_NSPAWN_FLAGS \ --bind-ro=/nix/store \ --bind-ro=/nix/var/nix/db \ --bind-ro=/nix/var/nix/daemon-socket \ @@ -354,6 +407,7 @@ in ${optionalString cfg.autoStart '' AUTO_START=1 ''} + EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}" ''; }) config.containers; |