nixpkgs/nixos/modules/virtualisation/lxc.nix

# LXC Configuration

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.virtualisation.lxc;

in

{
  ###### interface

  options.virtualisation.lxc = {
    enable =
      mkOption {
        type = types.bool;
        default = false;
        description =
          ''
            This enables Linux Containers (LXC), which provides tools
            for creating and managing system or application containers
            on Linux.
          '';
      };

    systemConfig =
      mkOption {
        type = types.lines;
        default = "";
        description =
          ''
            This is the system-wide LXC config. See
            <citerefentry><refentrytitle>lxc.system.conf</refentrytitle>
            <manvolnum>5</manvolnum></citerefentry>.
          '';
      };

    defaultConfig =
      mkOption {
        type = types.lines;
        default = "";
        description =
          ''
            Default config (default.conf) for new containers, i.e. for
            network config. See <citerefentry><refentrytitle>lxc.container.conf
            </refentrytitle><manvolnum>5</manvolnum></citerefentry>.
          '';
      };

    usernetConfig =
      mkOption {
        type = types.lines;
        default = "";
        description =
          ''
            This is the config file for managing unprivileged user network
            administration access in LXC. See <citerefentry>
            <refentrytitle>lxc-user-net</refentrytitle><manvolnum>5</manvolnum>
            </citerefentry>.
          '';
      };
  };

  ###### implementation

  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.lxc ];
    environment.etc."lxc/lxc.conf".text = cfg.systemConfig;
    environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig;
    environment.etc."lxc/default.conf".text = cfg.defaultConfig;
    systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];

    security.apparmor.packages = [ pkgs.lxc ];
    security.apparmor.profiles = [
      "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
      "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
    ];
  };
}
Add support for global LXC config files 2014-09-21 21:29:15 +02:00			`# LXC Configuration`

			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.virtualisation.lxc;`

			`in`

			`{`
			`###### interface`

			`options.virtualisation.lxc = {`
			`enable =`
			`mkOption {`
			`type = types.bool;`
			`default = false;`
			`description =`
			`''`
			`This enables Linux Containers (LXC), which provides tools`
			`for creating and managing system or application containers`
			`on Linux.`
			`'';`
			`};`

			`systemConfig =`
			`mkOption {`
			`type = types.lines;`
			`default = "";`
			`description =`
			`''`
nixos: citerefentry markup in lxc option descriptions 2015-02-25 07:50:24 +01:00			`This is the system-wide LXC config. See`
			`<citerefentry><refentrytitle>lxc.system.conf</refentrytitle>`
			`<manvolnum>5</manvolnum></citerefentry>.`
Add support for global LXC config files 2014-09-21 21:29:15 +02:00			`'';`
			`};`

			`defaultConfig =`
			`mkOption {`
			`type = types.lines;`
			`default = "";`
			`description =`
			`''`
			`Default config (default.conf) for new containers, i.e. for`
nixos: citerefentry markup in lxc option descriptions 2015-02-25 07:50:24 +01:00			`network config. See <citerefentry><refentrytitle>lxc.container.conf`
			`</refentrytitle><manvolnum>5</manvolnum></citerefentry>.`
Add support for global LXC config files 2014-09-21 21:29:15 +02:00			`'';`
			`};`

			`usernetConfig =`
			`mkOption {`
			`type = types.lines;`
			`default = "";`
			`description =`
			`''`
			`This is the config file for managing unprivileged user network`
nixos: citerefentry markup in lxc option descriptions 2015-02-25 07:50:24 +01:00			`administration access in LXC. See <citerefentry>`
			`<refentrytitle>lxc-user-net</refentrytitle><manvolnum>5</manvolnum>`
			`</citerefentry>.`
Add support for global LXC config files 2014-09-21 21:29:15 +02:00			`'';`
			`};`
			`};`

			`###### implementation`

			`config = mkIf cfg.enable {`
			`environment.systemPackages = [ pkgs.lxc ];`
			`environment.etc."lxc/lxc.conf".text = cfg.systemConfig;`
			`environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig;`
			`environment.etc."lxc/default.conf".text = cfg.defaultConfig;`
lxc: ensure directory /var/lib/lxc/rootfs 2017-03-14 11:34:04 +00:00			`systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];`
Add support for global LXC config files 2014-09-21 21:29:15 +02:00
apparmor: support for lxc profiles 2017-01-10 22:47:23 +01:00			`security.apparmor.packages = [ pkgs.lxc ];`
lxd: 2.16 -> 3.0.0 2018-03-16 09:58:54 +00:00			`security.apparmor.profiles = [`
			`"${pkgs.lxc}/etc/apparmor.d/lxc-containers"`
			`"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"`
			`];`
Add support for global LXC config files 2014-09-21 21:29:15 +02:00			`};`
			`}`