51 lines
1.4 KiB
Nix
51 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.lxc;
|
|
in
|
|
{
|
|
options.lxc = {
|
|
enable = lib.mkEnableOption "Enable LXC module";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
virtualisation = {
|
|
# Enable LXC containers
|
|
lxd = {
|
|
enable = true;
|
|
|
|
# This turns on a few sysctl settings that the LXD documentation recommends
|
|
# for running in production.
|
|
recommendedSysctlSettings = true;
|
|
};
|
|
|
|
# This enables lxcfs, which is a FUSE fs that sets up some things so that
|
|
# things like /proc and cgroups work better in lxd containers.
|
|
# See https://linuxcontainers.org/lxcfs/introduction/ for more info.
|
|
#
|
|
# Also note that the lxcfs NixOS option says that in order to make use of
|
|
# lxcfs in the container, you need to include the following NixOS setting
|
|
# in the NixOS container guest configuration:
|
|
#
|
|
# virtualisation.lxc.defaultConfig = "lxc.include = ''${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
|
|
lxc.lxcfs.enable = true;
|
|
};
|
|
|
|
# ip forwarding is needed for NAT'ing to work.
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.conf.all.forwarding" = true;
|
|
"net.ipv4.conf.default.forwarding" = true;
|
|
};
|
|
|
|
# kernel module for forwarding to work
|
|
boot.kernelModules = [ "nf_nat_ftp" ];
|
|
|
|
users.users.${config.mainUser.userName}.extraGroups = [ "lxd" ];
|
|
|
|
};
|
|
|
|
}
|