diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2018-03-16 09:58:54 +0000 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2018-04-14 11:02:24 +0100 |
commit | 7663de114a365259f07425aa582b3c5890c00874 (patch) | |
tree | 64b2b65cb9f55c5e6b167717e6741d481221adc0 /nixos/modules | |
parent | 615599c6954268f85c88e4beb237a4447ab0e4a3 (diff) | |
download | nixlib-7663de114a365259f07425aa582b3c5890c00874.tar nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.gz nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.bz2 nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.lz nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.xz nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.zst nixlib-7663de114a365259f07425aa582b3c5890c00874.zip |
lxd: 2.16 -> 3.0.0
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/lxc.nix | 5 | ||||
-rw-r--r-- | nixos/modules/virtualisation/lxd.nix | 60 |
3 files changed, 39 insertions, 28 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 50cf30cc48de..c3bf897d51fd 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -305,6 +305,8 @@ in } ]; + virtualisation.lxd.zfsSupport = true; + boot = { kernelModules = [ "spl" "zfs" ] ; extraModulePackages = with packages; [ spl zfs ]; diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix index 2310fe984325..9b5adaf08249 100644 --- a/nixos/modules/virtualisation/lxc.nix +++ b/nixos/modules/virtualisation/lxc.nix @@ -74,6 +74,9 @@ in systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; security.apparmor.packages = [ pkgs.lxc ]; - security.apparmor.profiles = [ "${pkgs.lxc}/etc/apparmor.d/lxc-containers" ]; + security.apparmor.profiles = [ + "${pkgs.lxc}/etc/apparmor.d/lxc-containers" + "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start" + ]; }; } diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 4988886baf60..3e76cdacfc4b 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -15,28 +15,34 @@ in options = { - virtualisation.lxd.enable = - mkOption { + virtualisation.lxd = { + enable = mkOption { type = types.bool; default = false; - description = - '' - This option enables lxd, a daemon that manages - containers. Users in the "lxd" group can interact with - the daemon (e.g. to start or stop containers) using the - <command>lxc</command> command line tool, among others. - ''; + description = '' + This option enables lxd, a daemon that manages + containers. Users in the "lxd" group can interact with + the daemon (e.g. to start or stop containers) using the + <command>lxc</command> command line tool, among others. + ''; }; - + zfsSupport = mkOption { + type = types.bool; + default = false; + description = '' + enables lxd to use zfs as a storage for containers. + This option is enabled by default if a zfs pool is configured + with nixos. + ''; + }; + }; }; - ###### implementation config = mkIf cfg.enable { - environment.systemPackages = - [ pkgs.lxd ]; + environment.systemPackages = [ pkgs.lxd ]; security.apparmor = { enable = true; @@ -47,31 +53,31 @@ in packages = [ pkgs.lxc ]; }; - systemd.services.lxd = - { description = "LXD Container Management Daemon"; + systemd.services.lxd = { + description = "LXD Container Management Daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "systemd-udev-settle.service" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; - # TODO(wkennington): Add lvm2 and thin-provisioning-tools - path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ]; + path = lib.optional cfg.zfsSupport pkgs.zfs; - preStart = '' - mkdir -m 0755 -p /var/lib/lxc/rootfs - ''; + preStart = '' + mkdir -m 0755 -p /var/lib/lxc/rootfs + ''; - serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd"; - serviceConfig.Type = "simple"; - serviceConfig.KillMode = "process"; # when stopping, leave the containers alone + serviceConfig = { + ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd"; + Type = "simple"; + KillMode = "process"; # when stopping, leave the containers alone }; + }; + users.extraGroups.lxd.gid = config.ids.gids.lxd; users.extraUsers.root = { subUidRanges = [ { startUid = 1000000; count = 65536; } ]; subGidRanges = [ { startGid = 1000000; count = 65536; } ]; }; - }; - } |