c8c53fcb11
The option is `false` by default since e349ccc77febd45abbd14be14f7de123ec4a4da2, so we don’t need to mention it explicitely in these minimal configs.
30 lines
718 B
Nix
30 lines
718 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
config = mkIf config.boot.isContainer {
|
|
|
|
# Disable some features that are not useful in a container.
|
|
services.udisks2.enable = mkDefault false;
|
|
powerManagement.enable = mkDefault false;
|
|
|
|
networking.useHostResolvConf = mkDefault true;
|
|
|
|
# Containers should be light-weight, so start sshd on demand.
|
|
services.openssh.startWhenNeeded = mkDefault true;
|
|
|
|
# Shut up warnings about not having a boot loader.
|
|
system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
|
|
|
|
# Not supported in systemd-nspawn containers.
|
|
security.audit.enable = false;
|
|
|
|
# Use the host's nix-daemon.
|
|
environment.variables.NIX_REMOTE = "daemon";
|
|
|
|
};
|
|
|
|
}
|