nixos/lxd: partial fix

2018-02-10 17:18:53 +09:00 · 2018-02-10 17:18:53 +09:00 · 65faff97ff
commit 65faff97ff
parent ad78e52357
1 changed files with 13 additions and 0 deletions
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
@ -38,6 +38,15 @@ in
    environment.systemPackages =
      [ pkgs.lxd ];

+    security.apparmor = {
+      enable = true;
+      profiles = [
+        "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
+        "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
+      ];
+      packages = [ pkgs.lxc ];
+    };
+
    systemd.services.lxd =
      { description = "LXD Container Management Daemon";

@ -47,6 +56,10 @@ in
        # TODO(wkennington): Add lvm2 and thin-provisioning-tools
        path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];

+        preStart = ''
+          mkdir -m 0755 -p /var/lib/lxc/rootfs
+        '';
+
        serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
        serviceConfig.Type = "simple";
        serviceConfig.KillMode = "process"; # when stopping, leave the containers alone