dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

virtualisation/lxc-container: use system.build.image

Browse Source
This commit is contained in:
phaer 2024-11-22 11:47:30 +01:00
parent f3563c996e
commit 06ad3811a8
2 changed files with 109 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
nixos/modules/virtualisation/lxc-container.nix
View File

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
meta = {
@ -8,18 +13,27 @@
imports = [
./lxc-instance-common.nix
(lib.mkRemovedOptionModule [ "virtualisation" "lxc" "nestedContainer" ] "")
(lib.mkRemovedOptionModule [ "virtualisation" "lxc" "privilegedContainer" ] "")
(lib.mkRemovedOptionModule [
"virtualisation"
"lxc"
"nestedContainer"
] "")
(lib.mkRemovedOptionModule [
"virtualisation"
"lxc"
"privilegedContainer"
] "")
];
options = { };
config = let
initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";
in {
boot.isContainer = true;
boot.postBootCommands =
''
config =
let
initScript = if config.boot.initrd.systemd.enable then "prepare-root" else "init";
in
{
boot.isContainer = true;
boot.postBootCommands = ''
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
@ -31,78 +45,84 @@
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# supplement 99-ethernet-default-dhcp which excludes veth
systemd.network = lib.mkIf config.networking.useDHCP {
networks."99-lxc-veth-default-dhcp" = {
matchConfig = {
Type = "ether";
Kind = "veth";
Name = [
"en*"
"eth*"
];
# supplement 99-ethernet-default-dhcp which excludes veth
systemd.network = lib.mkIf config.networking.useDHCP {
networks."99-lxc-veth-default-dhcp" = {
matchConfig = {
Type = "ether";
Kind = "veth";
Name = [
"en*"
"eth*"
];
};
DHCP = "yes";
networkConfig.IPv6PrivacyExtensions = "kernel";
};
DHCP = "yes";
networkConfig.IPv6PrivacyExtensions = "kernel";
};
system.nixos.tags = lib.mkOverride 99 [ "lxc" ];
image.extension = "tar.xz";
image.filePath = "tarball/${config.image.fileName}";
system.build.image = lib.mkOverride 99 config.system.build.tarball;
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
fileName = config.image.baseName;
extraArgs = "--owner=0";
storeContents = [
{
object = config.system.build.toplevel;
symlink = "none";
}
];
contents = [
{
source = config.system.build.toplevel + "/${initScript}";
target = "/sbin/init";
}
# Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
# Nixos will setup the same symlink after start.
{
source = config.system.build.toplevel + "/etc/os-release";
target = "/etc/os-release";
}
];
extraCommands = "mkdir -p proc sys dev";
};
system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
hydraBuildProduct = true;
noStrip = true; # keep directory structure
comp = "zstd -Xcompression-level 6";
storeContents = [ config.system.build.toplevel ];
pseudoFiles = [
"/sbin d 0755 0 0"
"/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"
"/dev d 0755 0 0"
"/proc d 0555 0 0"
"/sys d 0555 0 0"
];
};
system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
#!${pkgs.runtimeShell}
${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
'';
# networkd depends on this, but systemd module disables this for containers
systemd.additionalUpstreamSystemUnits = [ "systemd-udev-trigger.service" ];
systemd.packages = [ pkgs.distrobuilder.generator ];
system.activationScripts.installInitScript = lib.mkForce ''
ln -fs $systemConfig/${initScript} /sbin/init
'';
};
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
extraArgs = "--owner=0";
storeContents = [
{
object = config.system.build.toplevel;
symlink = "none";
}
];
contents = [
{
source = config.system.build.toplevel + "/${initScript}";
target = "/sbin/init";
}
# Technically this is not required for lxc, but having also make this configuration work with systemd-nspawn.
# Nixos will setup the same symlink after start.
{
source = config.system.build.toplevel + "/etc/os-release";
target = "/etc/os-release";
}
];
extraCommands = "mkdir -p proc sys dev";
};
system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
hydraBuildProduct = true;
noStrip = true; # keep directory structure
comp = "zstd -Xcompression-level 6";
storeContents = [config.system.build.toplevel];
pseudoFiles = [
"/sbin d 0755 0 0"
"/sbin/init s 0555 0 0 ${config.system.build.toplevel}/${initScript}"
"/dev d 0755 0 0"
"/proc d 0555 0 0"
"/sys d 0555 0 0"
];
};
system.build.installBootLoader = pkgs.writeScript "install-lxc-sbin-init.sh" ''
#!${pkgs.runtimeShell}
${pkgs.coreutils}/bin/ln -fs "$1/${initScript}" /sbin/init
'';
# networkd depends on this, but systemd module disables this for containers
systemd.additionalUpstreamSystemUnits = ["systemd-udev-trigger.service"];
systemd.packages = [ pkgs.distrobuilder.generator ];
system.activationScripts.installInitScript = lib.mkForce ''
ln -fs $systemConfig/${initScript} /sbin/init
'';
};
}

9
nixos/modules/virtualisation/lxc-image-metadata.nix
View File

@ -46,6 +46,10 @@ let
else { files = []; properties = {}; };
in {
imports = [
../image/file-options.nix
];
meta = {
maintainers = lib.teams.lxc.members;
};
@ -87,7 +91,12 @@ in {
};
config = {
system.nixos.tags = [ "lxc" "metadata" ];
image.extension = "tar.xz";
image.filePath = "tarball/${config.image.fileName}";
system.build.image = config.system.build.metadata;
system.build.metadata = pkgs.callPackage ../../lib/make-system-tarball.nix {
fileName = config.image.baseName;
contents = [
{
source = toYAML "metadata.yaml" {