nixos/lxc-container: enable udev-trigger for nested containers

2023-10-11 23:35:53 -04:00 · 2023-10-11 23:35:53 -04:00 · dbeeeb8e06
commit dbeeeb8e06
parent 2d386760f7
1 changed files with 12 additions and 9 deletions
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@ -9,15 +9,16 @@ in {
  options = {
    virtualisation.lxc = {
-      privilegedContainer = lib.mkOption {
+      nestedContainer = lib.mkEnableOption (lib.mdDoc ''
-        type = lib.types.bool;
+        Whether this container is configured as a nested container. On LXD containers this is recommended
-        default = false;
+        for all containers and is enabled with `security.nesting = true`.
-        description = lib.mdDoc ''
+      '');
-          Whether this LXC container will be running as a privileged container or not. If set to `true` then
+
-          additional configuration will be applied to the `systemd` instance running within the container as
+      privilegedContainer = lib.mkEnableOption (lib.mdDoc ''
-          recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).
+        Whether this LXC container will be running as a privileged container or not. If set to `true` then
-        '';
+        additional configuration will be applied to the `systemd` instance running within the container as
-      };
+        recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).
      '');
    };
  };
@ -68,6 +69,8 @@ in {
      ln -fs "$1/init" /sbin/init
    '';
    systemd.additionalUpstreamSystemUnits = lib.mkIf cfg.nestedContainer ["systemd-udev-trigger.service"];
    # Add the overrides from lxd distrobuilder
    # https://github.com/lxc/distrobuilder/blob/05978d0d5a72718154f1525c7d043e090ba7c3e0/distrobuilder/main.go#L630
    systemd.packages = [