The other part of dotfiles

2024-06-27 15:31:12 +02:00 · 2024-06-27 15:31:12 +02:00 · 9f1ba4a64b
commit 9f1ba4a64b
parent 2fbfed0e7a
25 changed files with 1089 additions and 0 deletions
--- a/modules/virtualisation/lxc.nix
+++ b/modules/virtualisation/lxc.nix
@ -0,0 +1,46 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.lxc;
+in
+{
+  options.lxc = {
+    enable = lib.mkEnableOption "Enable LXC module";
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation = {
+      # Enable LXC containers
+      lxd = {
+        enable = true;
+
+        # This turns on a few sysctl settings that the LXD documentation recommends
+        # for running in production.
+        recommendedSysctlSettings = true;
+      };
+
+      # This enables lxcfs, which is a FUSE fs that sets up some things so that
+      # things like /proc and cgroups work better in lxd containers.
+      # See https://linuxcontainers.org/lxcfs/introduction/ for more info.
+      #
+      # Also note that the lxcfs NixOS option says that in order to make use of
+      # lxcfs in the container, you need to include the following NixOS setting
+      # in the NixOS container guest configuration:
+      #
+      # virtualisation.lxc.defaultConfig = "lxc.include = ''${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
+      lxc.lxcfs.enable = true;
+    };
+
+    # ip forwarding is needed for NAT'ing to work.
+    boot.kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+    };
+
+    # kernel module for forwarding to work
+    boot.kernelModules = [ "nf_nat_ftp" ];
+
+    users.users.${config.mainUser.userName}.extraGroups = [ "lxd" ];
+
+  };
+
+}