| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | # Systemd services for lxd. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | { config, lib, pkgs, ... }: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | with lib; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | let | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   cfg = config.virtualisation.lxd; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | in | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |   ###### interface | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   options = { | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |     virtualisation.lxd = { | 
					
						
							|  |  |  |       enable = mkOption { | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  |         type = types.bool; | 
					
						
							|  |  |  |         default = false; | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |         description = ''
 | 
					
						
							|  |  |  |           This option enables lxd, a daemon that manages | 
					
						
							|  |  |  |           containers. Users in the "lxd" group can interact with | 
					
						
							|  |  |  |           the daemon (e.g. to start or stop containers) using the | 
					
						
							|  |  |  |           <command>lxc</command> command line tool, among others. | 
					
						
							|  |  |  |         '';
 | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  |       }; | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |       zfsSupport = mkOption { | 
					
						
							|  |  |  |         type = types.bool; | 
					
						
							|  |  |  |         default = false; | 
					
						
							|  |  |  |         description = ''
 | 
					
						
							|  |  |  |           enables lxd to use zfs as a storage for containers. | 
					
						
							|  |  |  |           This option is enabled by default if a zfs pool is configured | 
					
						
							|  |  |  |           with nixos. | 
					
						
							|  |  |  |         '';
 | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |     }; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   ###### implementation | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   config = mkIf cfg.enable { | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |     environment.systemPackages = [ pkgs.lxd ]; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-10 17:18:53 +09:00
										 |  |  |     security.apparmor = { | 
					
						
							|  |  |  |       enable = true; | 
					
						
							|  |  |  |       profiles = [ | 
					
						
							|  |  |  |         "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start" | 
					
						
							|  |  |  |         "${pkgs.lxc}/etc/apparmor.d/lxc-containers" | 
					
						
							|  |  |  |       ]; | 
					
						
							|  |  |  |       packages = [ pkgs.lxc ]; | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |     systemd.services.lxd = { | 
					
						
							|  |  |  |       description = "LXD Container Management Daemon"; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |       wantedBy = [ "multi-user.target" ]; | 
					
						
							|  |  |  |       after = [ "systemd-udev-settle.service" ]; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |       path = lib.optional cfg.zfsSupport pkgs.zfs; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |       preStart = ''
 | 
					
						
							|  |  |  |         mkdir -m 0755 -p /var/lib/lxc/rootfs | 
					
						
							|  |  |  |       '';
 | 
					
						
							| 
									
										
										
										
											2018-02-10 17:18:53 +09:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |       serviceConfig = { | 
					
						
							|  |  |  |         ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd"; | 
					
						
							|  |  |  |         Type = "simple"; | 
					
						
							|  |  |  |         KillMode = "process"; # when stopping, leave the containers alone | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  |       }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-16 09:58:54 +00:00
										 |  |  |     }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-30 01:58:35 +02:00
										 |  |  |     users.groups.lxd.gid = config.ids.gids.lxd; | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-30 01:58:35 +02:00
										 |  |  |     users.users.root = { | 
					
						
							| 
									
										
										
										
											2015-09-13 23:27:31 -07:00
										 |  |  |       subUidRanges = [ { startUid = 1000000; count = 65536; } ]; | 
					
						
							|  |  |  |       subGidRanges = [ { startGid = 1000000; count = 65536; } ]; | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }; | 
					
						
							|  |  |  | } |