diff options
Diffstat (limited to 'nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix b/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix index 0c6822319a5b..0d06fb3c0322 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix @@ -16,7 +16,7 @@ let "LimitNOFILE" "LimitAS" "LimitNPROC" "LimitMEMLOCK" "LimitLOCKS" "LimitSIGPENDING" "LimitMSGQUEUE" "LimitNICE" "LimitRTPRIO" "LimitRTTIME" "OOMScoreAdjust" "CPUAffinity" "Hostname" "ResolvConf" "Timezone" - "LinkJournal" + "LinkJournal" "Ephemeral" "AmbientCapability" ]) (assertValueOneOf "Boot" boolValues) (assertValueOneOf "ProcessTwo" boolValues) @@ -26,11 +26,13 @@ let checkFiles = checkUnitConfig "Files" [ (assertOnlyFields [ "ReadOnly" "Volatile" "Bind" "BindReadOnly" "TemporaryFileSystem" - "Overlay" "OverlayReadOnly" "PrivateUsersChown" + "Overlay" "OverlayReadOnly" "PrivateUsersChown" "BindUser" + "Inaccessible" "PrivateUserOwnership" ]) (assertValueOneOf "ReadOnly" boolValues) (assertValueOneOf "Volatile" (boolValues ++ [ "state" ])) (assertValueOneOf "PrivateUsersChown" boolValues) + (assertValueOneOf "PrivateUserOwnership" [ "off" "chown" "map" "auto" ]) ]; checkNetwork = checkUnitConfig "Network" [ @@ -48,11 +50,10 @@ let default = {}; example = { Parameters = "/bin/sh"; }; type = types.addCheck (types.attrsOf unitOption) checkExec; - description = '' + description = lib.mdDoc '' Each attribute in this set specifies an option in the - <literal>[Exec]</literal> section of this unit. See - <citerefentry><refentrytitle>systemd.nspawn</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details. + `[Exec]` section of this unit. See + {manpage}`systemd.nspawn(5)` for details. ''; }; @@ -60,11 +61,10 @@ let default = {}; example = { Bind = [ "/home/alice" ]; }; type = types.addCheck (types.attrsOf unitOption) checkFiles; - description = '' + description = lib.mdDoc '' Each attribute in this set specifies an option in the - <literal>[Files]</literal> section of this unit. See - <citerefentry><refentrytitle>systemd.nspawn</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details. + `[Files]` section of this unit. See + {manpage}`systemd.nspawn(5)` for details. ''; }; @@ -72,11 +72,10 @@ let default = {}; example = { Private = false; }; type = types.addCheck (types.attrsOf unitOption) checkNetwork; - description = '' + description = lib.mdDoc '' Each attribute in this set specifies an option in the - <literal>[Network]</literal> section of this unit. See - <citerefentry><refentrytitle>systemd.nspawn</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details. + `[Network]` section of this unit. See + {manpage}`systemd.nspawn(5)` for details. ''; }; }; @@ -105,7 +104,7 @@ in { systemd.nspawn = mkOption { default = {}; type = with types; attrsOf (submodule instanceOptions); - description = "Definition of systemd-nspawn configurations."; + description = lib.mdDoc "Definition of systemd-nspawn configurations."; }; }; @@ -116,7 +115,13 @@ in { in mkMerge [ (mkIf (cfg != {}) { - environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []); + environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits { + allowCollisions = false; + type = "nspawn"; + inherit units; + upstreamUnits = []; + upstreamWants = []; + }); }) { systemd.targets.multi-user.wants = [ "machines.target" ]; |