From 06ad3811a856a1769e35eecfd2c2d56aebf0ae6a Mon Sep 17 00:00:00 2001
From: phaer <hello@phaer.org>
Date: Fri, 22 Nov 2024 11:47:30 +0100
Subject: [PATCH] virtualisation/lxc-container: use system.build.image

---
 .../modules/virtualisation/lxc-container.nix  | 180 ++++++++++--------
 .../virtualisation/lxc-image-metadata.nix     |   9 +
 2 files changed, 109 insertions(+), 80 deletions(-)

diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index ff7a4c11060b..8bd252e96c28 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -1,4 +1,9 @@
-{ lib, config, pkgs, ... }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
 
 {
   meta = {
@@ -8,18 +13,27 @@
   imports = [
     ./lxc-instance-common.nix
 
-    (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "nestedContainer" ] "")
-    (lib.mkRemovedOptionModule [ "virtualisation" "lxc" "privilegedContainer" ] "")
+    (lib.mkRemovedOptionModule [
+      "virtualisation"
+      "lxc"
+      "nestedContainer"
+    ] "")
+    (lib.mkRemovedOptionModule [
+      "virtualisation"
+      "lxc"
+      "privilegedContainer"
+    ] "")
   ];
 
   options = { };
 
-  config = let
-    initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";
-  in {
-    boot.isContainer = true;
-    boot.postBootCommands =
-      ''
+  config =
+    let
+      initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";
+    in
+    {
+      boot.isContainer = true;
+      boot.postBootCommands = ''
         # After booting, register the contents of the Nix store in the Nix
         # database.
         if [ -f /nix-path-registration ]; then
@@ -31,78 +45,84 @@
         ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
       '';
 
-    # supplement 99-ethernet-default-dhcp which excludes veth
-    systemd.network = lib.mkIf config.networking.useDHCP {
-      networks."99-lxc-veth-default-dhcp" = {
-        matchConfig = {
-          Type = "ether";
-          Kind = "veth";
-          Name = [
-            "en*"
-            "eth*"
-          ];
+      # supplement 99-ethernet-default-dhcp which excludes veth
+      systemd.network = lib.mkIf config.networking.useDHCP {
+        networks."99-lxc-veth-default-dhcp" = {
+          matchConfig = {
+            Type = "ether";
+            Kind = "veth";
+            Name = [
+              "en*"
+              "eth*"
+            ];
+          };
+          DHCP = "yes";
+          networkConfig.IPv6PrivacyExtensions = "kernel";
         };
-        DHCP = "yes";
-        networkConfig.IPv6PrivacyExtensions = "kernel";
       };
+
+      system.nixos.tags = lib.mkOverride 99 [ "lxc" ];
+      image.extension = "tar.xz";
+      image.filePath = "tarball/${config.image.fileName}";
+      system.build.image = lib.mkOverride 99 config.system.build.tarball;
+
+      system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
+        fileName = config.image.baseName;
+        extraArgs = "--owner=0";
+
+        storeContents = [
+          {
+            object = config.system.build.toplevel;
+            symlink = "none";
+          }
+        ];
+
+        contents = [
+          {
+            source = config.system.build.toplevel + "/${initScript}";
+            target = "/sbin/init";
+          }
+          # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
+          # Nixos will setup the same symlink after start.
+          {
+            source = config.system.build.toplevel + "/etc/os-release";
+            target = "/etc/os-release";
+          }
+        ];
+
+        extraCommands = "mkdir -p proc sys dev";
+      };
+
+      system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
+        fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
+
+        hydraBuildProduct = true;
+        noStrip = true; # keep directory structure
+        comp = "zstd -Xcompression-level 6";
+
+        storeContents = [ config.system.build.toplevel ];
+
+        pseudoFiles = [
+          "/sbin d 0755 0 0"
+          "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"
+          "/dev d 0755 0 0"
+          "/proc d 0555 0 0"
+          "/sys d 0555 0 0"
+        ];
+      };
+
+      system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
+        #!${pkgs.runtimeShell}
+        ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
+      '';
+
+      # networkd depends on this, but systemd module disables this for containers
+      systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ];
+
+      systemd.packages = [ pkgs.distrobuilder.generator ];
+
+      system.activationScripts.installInitScript = lib.mkForce ''
+        ln -fs $systemConfig/${initScript} /sbin/init
+      '';
     };
-
-    system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
-      extraArgs = "--owner=0";
-
-      storeContents = [
-        {
-          object = config.system.build.toplevel;
-          symlink = "none";
-        }
-      ];
-
-      contents = [
-        {
-          source = config.system.build.toplevel + "/${initScript}";
-          target = "/sbin/init";
-        }
-        # Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
-        # Nixos will setup the same symlink after start.
-        {
-          source = config.system.build.toplevel + "/etc/os-release";
-          target = "/etc/os-release";
-        }
-      ];
-
-      extraCommands = "mkdir -p proc sys dev";
-    };
-
-    system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
-      fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
-
-      hydraBuildProduct = true;
-      noStrip = true; # keep directory structure
-      comp = "zstd -Xcompression-level 6";
-
-      storeContents = [config.system.build.toplevel];
-
-      pseudoFiles = [
-        "/sbin d 0755 0 0"
-        "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"
-        "/dev d 0755 0 0"
-        "/proc d 0555 0 0"
-        "/sys d 0555 0 0"
-      ];
-    };
-
-    system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
-      #!${pkgs.runtimeShell}
-      ${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
-    '';
-
-    # networkd depends on this, but systemd module disables this for containers
-    systemd.additionalUpstreamSystemUnits = ["systemd-udev-trigger.service"];
-
-    systemd.packages = [ pkgs.distrobuilder.generator ];
-
-    system.activationScripts.installInitScript = lib.mkForce ''
-      ln -fs $systemConfig/${initScript} /sbin/init
-    '';
-  };
 }
diff --git a/nixos/modules/virtualisation/lxc-image-metadata.nix b/nixos/modules/virtualisation/lxc-image-metadata.nix
index eb14f9dc5fc1..4b6596dc8e12 100644
--- a/nixos/modules/virtualisation/lxc-image-metadata.nix
+++ b/nixos/modules/virtualisation/lxc-image-metadata.nix
@@ -46,6 +46,10 @@ let
   else { files = []; properties = {}; };
 
 in {
+  imports = [
+    ../image/file-options.nix
+  ];
+
   meta = {
     maintainers = lib.teams.lxc.members;
   };
@@ -87,7 +91,12 @@ in {
   };
 
   config = {
+    system.nixos.tags = [ "lxc" "metadata" ];
+    image.extension = "tar.xz";
+    image.filePath = "tarball/${config.image.fileName}";
+    system.build.image = config.system.build.metadata;
     system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {
+      fileName = config.image.baseName;
       contents = [
         {
           source = toYAML "metadata.yaml" {