summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorJörg Thalheim <joerg@thalheim.io>2018-03-16 09:58:54 +0000
committerJörg Thalheim <joerg@thalheim.io>2018-04-14 11:02:24 +0100
commit7663de114a365259f07425aa582b3c5890c00874 (patch)
tree64b2b65cb9f55c5e6b167717e6741d481221adc0 /nixos
parent615599c6954268f85c88e4beb237a4447ab0e4a3 (diff)
downloadnixlib-7663de114a365259f07425aa582b3c5890c00874.tar
nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.gz
nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.bz2
nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.lz
nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.xz
nixlib-7663de114a365259f07425aa582b3c5890c00874.tar.zst
nixlib-7663de114a365259f07425aa582b3c5890c00874.zip
lxd: 2.16 -> 3.0.0
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/tasks/filesystems/zfs.nix2


-rw-r--r--nixos/modules/virtualisation/lxc.nix5


-rw-r--r--nixos/modules/virtualisation/lxd.nix60


3 files changed, 39 insertions, 28 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index 50cf30cc48de..c3bf897d51fd 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -305,6 +305,8 @@ in
         }
       ];
 
+      virtualisation.lxd.zfsSupport = true;
+
       boot = {
         kernelModules = [ "spl" "zfs" ] ;
         extraModulePackages = with packages; [ spl zfs ];
diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix
index 2310fe984325..9b5adaf08249 100644
--- a/nixos/modules/virtualisation/lxc.nix
+++ b/nixos/modules/virtualisation/lxc.nix
@@ -74,6 +74,9 @@ in
     systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
 
     security.apparmor.packages = [ pkgs.lxc ];
-    security.apparmor.profiles = [ "${pkgs.lxc}/etc/apparmor.d/lxc-containers" ];
+    security.apparmor.profiles = [
+      "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
+      "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
+    ];
   };
 }
diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix
index 4988886baf60..3e76cdacfc4b 100644
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
@@ -15,28 +15,34 @@ in
 
   options = {
 
-    virtualisation.lxd.enable =
-      mkOption {
+    virtualisation.lxd = {
+      enable = mkOption {
         type = types.bool;
         default = false;
-        description =
-          ''
-            This option enables lxd, a daemon that manages
-            containers. Users in the "lxd" group can interact with
-            the daemon (e.g. to start or stop containers) using the
-            <command>lxc</command> command line tool, among others.
-          '';
+        description = ''
+          This option enables lxd, a daemon that manages
+          containers. Users in the "lxd" group can interact with
+          the daemon (e.g. to start or stop containers) using the
+          <command>lxc</command> command line tool, among others.
+        '';
       };
-
+      zfsSupport = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          enables lxd to use zfs as a storage for containers.
+          This option is enabled by default if a zfs pool is configured
+          with nixos.
+        '';
+      };
+    };
   };
 
-
   ###### implementation
 
   config = mkIf cfg.enable {
 
-    environment.systemPackages =
-      [ pkgs.lxd ];
+    environment.systemPackages = [ pkgs.lxd ];
 
     security.apparmor = {
       enable = true;
@@ -47,31 +53,31 @@ in
       packages = [ pkgs.lxc ];
     };
 
-    systemd.services.lxd =
-      { description = "LXD Container Management Daemon";
+    systemd.services.lxd = {
+      description = "LXD Container Management Daemon";
 
-        wantedBy = [ "multi-user.target" ];
-        after = [ "systemd-udev-settle.service" ];
+      wantedBy = [ "multi-user.target" ];
+      after = [ "systemd-udev-settle.service" ];
 
-        # TODO(wkennington): Add lvm2 and thin-provisioning-tools
-        path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
+      path = lib.optional cfg.zfsSupport pkgs.zfs;
 
-        preStart = ''
-          mkdir -m 0755 -p /var/lib/lxc/rootfs
-        '';
+      preStart = ''
+        mkdir -m 0755 -p /var/lib/lxc/rootfs
+      '';
 
-        serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
-        serviceConfig.Type = "simple";
-        serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
+      serviceConfig = {
+        ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
+        Type = "simple";
+        KillMode = "process"; # when stopping, leave the containers alone
       };
 
+    };
+
     users.extraGroups.lxd.gid = config.ids.gids.lxd;
 
     users.extraUsers.root = {
       subUidRanges = [ { startUid = 1000000; count = 65536; } ];
       subGidRanges = [ { startGid = 1000000; count = 65536; } ];
     };
-
   };
-
 }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-03 07:50:34 +0000