3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix
pennae bd56368848 nixos/*: md-convert hidden plaintext options
most of these are hidden because they're either part of a submodule that
doesn't have its type rendered (eg because the submodule type is used in
an either type) or because they are explicitly hidden. some of them are
merely hidden from nix-doc-munge by how their option is put together.
2022-08-31 16:32:54 +02:00

76 lines
1.8 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
{
options.proxmoxLXC = {
privileged = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable privileged mounts
'';
};
manageNetwork = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to manage network interfaces through nix options
When false, systemd-networkd is enabled to accept network
configuration from proxmox.
'';
};
manageHostName = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to manage hostname through nix options
When false, the hostname is picked up from /etc/hostname
populated by proxmox.
'';
};
};
config =
let
cfg = config.proxmoxLXC;
in
{
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
storeContents = [{
object = config.system.build.toplevel;
symlink = "none";
}];
contents = [{
source = config.system.build.toplevel + "/init";
target = "/sbin/init";
}];
extraCommands = "mkdir -p root etc/systemd/network";
};
boot = {
isContainer = true;
loader.initScript.enable = true;
};
networking = mkIf (!cfg.manageNetwork) {
useDHCP = false;
useHostResolvConf = false;
useNetworkd = true;
# pick up hostname from /etc/hostname generated by proxmox
hostName = mkIf (!cfg.manageHostName) (mkForce "");
};
services.openssh = {
enable = mkDefault true;
startWhenNeeded = mkDefault true;
};
systemd.mounts = mkIf (!cfg.privileged)
[{ where = "/sys/kernel/debug"; enable = false; }];
};
}