diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-04-13 19:10:53 +0200 |
---|---|---|
committer | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-04-13 19:10:53 +0200 |
commit | f3a1652b098bbe33e5ab8a827ff3778b3c2120b8 (patch) | |
tree | 243f5d1e82706ad3d727a26692bd1d53d9373776 /nixos/modules/virtualisation/nixos-containers.nix | |
parent | 561b7b74f8e5783f29bb589482b3ed60ce2c1318 (diff) | |
parent | c0c2f2903f310dd5efb86f02b4b5f824183f5173 (diff) |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos/modules/virtualisation/nixos-containers.nix')
-rw-r--r-- | nixos/modules/virtualisation/nixos-containers.nix | 71 |
1 files changed, 35 insertions, 36 deletions
diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index bde1ff9eeb98d..8892f2f154640 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -298,18 +298,18 @@ let mountPoint = mkOption { example = "/mnt/usb"; type = types.str; - description = lib.mdDoc "Mount point on the container file system."; + description = "Mount point on the container file system."; }; hostPath = mkOption { default = null; example = "/home/alice"; type = types.nullOr types.str; - description = lib.mdDoc "Location of the host path to be mounted."; + description = "Location of the host path to be mounted."; }; isReadOnly = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Determine whether the mounted path will be accessed in read-only mode."; + description = "Determine whether the mounted path will be accessed in read-only mode."; }; }; @@ -324,12 +324,12 @@ let node = mkOption { example = "/dev/net/tun"; type = types.str; - description = lib.mdDoc "Path to device node"; + description = "Path to device node"; }; modifier = mkOption { example = "rw"; type = types.str; - description = lib.mdDoc '' + description = '' Device node access modifier. Takes a combination `r` (read), `w` (write), and `m` (mknod). See the @@ -351,7 +351,7 @@ let type = types.nullOr types.str; default = null; example = "br0"; - description = lib.mdDoc '' + description = '' Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given. ''; @@ -363,22 +363,22 @@ let protocol = mkOption { type = types.str; default = "tcp"; - description = lib.mdDoc "The protocol specifier for port forwarding between host and container"; + description = "The protocol specifier for port forwarding between host and container"; }; hostPort = mkOption { type = types.int; - description = lib.mdDoc "Source port of the external interface on host"; + description = "Source port of the external interface on host"; }; containerPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Target port of container"; + description = "Target port of container"; }; }; }); default = []; example = [ { protocol = "tcp"; hostPort = 8080; containerPort = 80; } ]; - description = lib.mdDoc '' + description = '' List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be @@ -391,7 +391,7 @@ let type = types.nullOr types.str; default = null; example = "10.231.136.1"; - description = lib.mdDoc '' + description = '' The IPv4 address assigned to the host interface. (Not used when hostBridge is set.) ''; @@ -401,7 +401,7 @@ let type = types.nullOr types.str; default = null; example = "fc00::1"; - description = lib.mdDoc '' + description = '' The IPv6 address assigned to the host interface. (Not used when hostBridge is set.) ''; @@ -411,7 +411,7 @@ let type = types.nullOr types.str; default = null; example = "10.231.136.2"; - description = lib.mdDoc '' + description = '' The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is @@ -423,7 +423,7 @@ let type = types.nullOr types.str; default = null; example = "fc00::2"; - description = lib.mdDoc '' + description = '' The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is @@ -455,7 +455,7 @@ in boot.isContainer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this NixOS machine is a lightweight container running in another NixOS system. ''; @@ -464,7 +464,7 @@ in boot.enableContainers = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used). ''; @@ -476,7 +476,7 @@ in { options = { config = mkOption { - description = lib.mdDoc '' + description = '' A specification of the desired configuration of this container, as a NixOS module. ''; @@ -532,7 +532,7 @@ in path = mkOption { type = types.path; example = "/nix/var/nix/profiles/per-container/webserver"; - description = lib.mdDoc '' + description = '' As an alternative to specifying {option}`config`, you can specify the path to the evaluated NixOS system configuration, typically a @@ -544,7 +544,7 @@ in type = types.listOf types.str; default = []; example = [ "CAP_NET_ADMIN" "CAP_MKNOD" ]; - description = lib.mdDoc '' + description = '' Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information. @@ -555,7 +555,7 @@ in type = types.path; default = pkgs.path; defaultText = literalExpression "pkgs.path"; - description = lib.mdDoc '' + description = '' A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container. To only change the `pkgs` argument used inside the container modules, @@ -569,7 +569,7 @@ in specialArgs = mkOption { type = types.attrsOf types.unspecified; default = {}; - description = lib.mdDoc '' + description = '' A set of special arguments to be passed to NixOS modules. This will be merged into the `specialArgs` used to evaluate the NixOS configurations. @@ -579,7 +579,7 @@ in ephemeral = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. @@ -598,7 +598,7 @@ in enableTun = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allows the container to create and setup tunnel interfaces by granting the `NET_ADMIN` capability and enabling access to `/dev/net/tun`. @@ -608,7 +608,7 @@ in privateNetwork = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to give the container its own private virtual Ethernet interface. The interface is called `eth0`, and is hooked up to the interface @@ -623,7 +623,7 @@ in type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; - description = lib.mdDoc '' + description = '' The list of interfaces to be moved into the container. ''; }; @@ -632,7 +632,7 @@ in type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; - description = lib.mdDoc '' + description = '' The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container. @@ -642,7 +642,7 @@ in extraVeths = mkOption { type = with types; attrsOf (submodule { options = networkOptions; }); default = {}; - description = lib.mdDoc '' + description = '' Extra veth-pairs to be created for the container. ''; }; @@ -650,7 +650,7 @@ in autoStart = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the container is automatically started at boot-time. ''; }; @@ -658,7 +658,7 @@ in restartIfChanged = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the container should be restarted during a NixOS configuration switch if its definition has changed. ''; @@ -667,7 +667,7 @@ in timeoutStartSec = mkOption { type = types.str; default = "1min"; - description = lib.mdDoc '' + description = '' Time for the container to start. In case of a timeout, the container processes get killed. See {manpage}`systemd.time(7)` @@ -684,8 +684,7 @@ in } ''; - description = - lib.mdDoc '' + description = '' An extra list of directories that is bound to the container. ''; }; @@ -694,7 +693,7 @@ in type = with types; listOf (submodule allowedDeviceOpts); default = []; example = [ { node = "/dev/net/tun"; modifier = "rw"; } ]; - description = lib.mdDoc '' + description = '' A list of device nodes to which the containers has access to. ''; }; @@ -703,7 +702,7 @@ in type = types.listOf types.str; default = []; example = [ "/var" ]; - description = lib.mdDoc '' + description = '' Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument @@ -715,7 +714,7 @@ in type = types.listOf types.str; default = []; example = [ "--drop-capability=CAP_SYS_CHROOT" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details. ''; @@ -765,7 +764,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service `container-«name»` |