2021-04-28 03:55:09 +01:00
|
|
|
{ lib, config, pkgs, ... }:
|
2014-12-11 21:58:17 +00:00
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
2021-04-28 03:55:09 +01:00
|
|
|
let
|
|
|
|
templateSubmodule = { ... }: {
|
|
|
|
options = {
|
|
|
|
enable = mkEnableOption "this template";
|
|
|
|
|
|
|
|
target = mkOption {
|
|
|
|
description = "Path in the container";
|
|
|
|
type = types.path;
|
|
|
|
};
|
|
|
|
template = mkOption {
|
|
|
|
description = ".tpl file for rendering the target";
|
|
|
|
type = types.path;
|
|
|
|
};
|
|
|
|
when = mkOption {
|
|
|
|
description = "Events which trigger a rewrite (create, copy)";
|
|
|
|
type = types.listOf (types.str);
|
|
|
|
};
|
|
|
|
properties = mkOption {
|
|
|
|
description = "Additional properties";
|
|
|
|
type = types.attrs;
|
|
|
|
default = {};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
toYAML = name: attrs: pkgs.runCommandNoCC name {
|
|
|
|
preferLocalBuild = true;
|
|
|
|
json = builtins.toFile "${name}.json" (builtins.toJSON attrs);
|
|
|
|
nativeBuildInputs = [ pkgs.remarshal ];
|
|
|
|
} "json2yaml -i $json -o $out";
|
|
|
|
|
|
|
|
cfg = config.virtualisation.lxc;
|
|
|
|
templates = if cfg.templates != {} then let
|
|
|
|
list = mapAttrsToList (name: value: { inherit name; } // value)
|
|
|
|
(filterAttrs (name: value: value.enable) cfg.templates);
|
|
|
|
in
|
|
|
|
{
|
|
|
|
files = map (tpl: {
|
|
|
|
source = tpl.template;
|
|
|
|
target = "/templates/${tpl.name}.tpl";
|
|
|
|
}) list;
|
|
|
|
properties = listToAttrs (map (tpl: nameValuePair tpl.target {
|
|
|
|
when = tpl.when;
|
|
|
|
template = "${tpl.name}.tpl";
|
|
|
|
properties = tpl.properties;
|
|
|
|
}) list);
|
|
|
|
}
|
|
|
|
else { files = []; properties = {}; };
|
|
|
|
|
|
|
|
in
|
2014-12-11 21:58:17 +00:00
|
|
|
{
|
|
|
|
imports = [
|
2015-04-19 20:38:22 +01:00
|
|
|
../profiles/docker-container.nix # FIXME, shouldn't include something from profiles/
|
2014-12-11 21:58:17 +00:00
|
|
|
];
|
|
|
|
|
2021-04-28 03:55:09 +01:00
|
|
|
options = {
|
|
|
|
virtualisation.lxc = {
|
|
|
|
templates = mkOption {
|
|
|
|
description = "Templates for LXD";
|
|
|
|
type = types.attrsOf (types.submodule (templateSubmodule));
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-04-28 03:29:09 +01:00
|
|
|
config = {
|
|
|
|
system.build.tarball = mkForce (pkgs.callPackage ../../lib/make-system-tarball.nix {
|
|
|
|
extraArgs = "--owner=0";
|
|
|
|
|
|
|
|
storeContents = [
|
2021-04-28 03:55:09 +01:00
|
|
|
{
|
|
|
|
object = config.system.build.toplevel;
|
|
|
|
symlink = "none";
|
|
|
|
}
|
2021-04-28 03:29:09 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
contents = [
|
|
|
|
{
|
2021-04-28 03:55:09 +01:00
|
|
|
source = toYAML "metadata.yaml" {
|
|
|
|
architecture = builtins.elemAt (builtins.match "^([a-z0-9_]+).+" (toString pkgs.system)) 0;
|
|
|
|
creation_date = 1;
|
|
|
|
properties = {
|
|
|
|
description = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} ${pkgs.system}";
|
|
|
|
os = "nixos";
|
|
|
|
release = "${config.system.nixos.codeName}";
|
|
|
|
};
|
|
|
|
templates = templates.properties;
|
|
|
|
};
|
2021-04-28 03:29:09 +01:00
|
|
|
target = "/metadata.yaml";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
source = config.system.build.toplevel + "/init";
|
|
|
|
target = "/sbin/init";
|
|
|
|
}
|
2021-04-28 03:55:09 +01:00
|
|
|
] ++ templates.files;
|
2021-04-28 03:29:09 +01:00
|
|
|
|
|
|
|
extraCommands = "mkdir -p proc sys dev";
|
|
|
|
});
|
|
|
|
|
|
|
|
# Allow the user to login as root without password.
|
|
|
|
users.users.root.initialHashedPassword = mkOverride 150 "";
|
|
|
|
|
|
|
|
# Some more help text.
|
|
|
|
services.getty.helpLine =
|
|
|
|
''
|
|
|
|
|
|
|
|
Log in as "root" with an empty password.
|
|
|
|
'';
|
|
|
|
|
|
|
|
# Containers should be light-weight, so start sshd on demand.
|
|
|
|
services.openssh.enable = mkDefault true;
|
|
|
|
services.openssh.startWhenNeeded = mkDefault true;
|
|
|
|
|
|
|
|
# Allow ssh connections
|
2021-04-28 03:59:24 +01:00
|
|
|
services.openssh.openFirewall = mkDefault true;
|
2021-04-28 03:29:09 +01:00
|
|
|
};
|
2014-12-11 21:58:17 +00:00
|
|
|
}
|