diff options
Diffstat (limited to 'nixos/modules/virtualisation')
| -rw-r--r-- | nixos/modules/virtualisation/containers.nix | 49 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/digital-ocean-config.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/incus.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/lxc.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/lxd.nix | 9 |
5 files changed, 20 insertions, 57 deletions
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index d726955307861..65620dd3935b8 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -28,43 +28,6 @@ in description = "Enable the OCI seccomp BPF hook"; }; - cdi = { - dynamic.nvidia.enable = mkOption { - type = types.bool; - default = false; - description = '' - Enable dynamic CDI configuration for NVidia devices by running nvidia-container-toolkit on boot. - ''; - }; - - static = mkOption { - type = types.attrs; - default = { }; - description = '' - Declarative CDI specification. Each key of the attribute set - will be mapped to a file in /etc/cdi. It is required for every - key to be provided in JSON format. - ''; - example = { - some-vendor = builtins.fromJSON '' - { - "cdiVersion": "0.5.0", - "kind": "some-vendor.com/foo", - "devices": [], - "containerEdits": [] - } - ''; - - some-other-vendor = { - cdiVersion = "0.5.0"; - kind = "some-other-vendor.com/bar"; - devices = []; - containerEdits = []; - }; - }; - }; - }; - containersConf.settings = mkOption { type = toml.type; default = { }; @@ -150,8 +113,6 @@ in config = lib.mkIf cfg.enable { - hardware.nvidia-container-toolkit-cdi-generator.enable = lib.mkIf cfg.cdi.dynamic.nvidia.enable true; - virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ]; virtualisation.containers.containersConf.settings = { @@ -163,13 +124,7 @@ in }; }; - environment.etc = let - cdiStaticConfigurationFiles = (lib.attrsets.mapAttrs' - (name: value: - lib.attrsets.nameValuePair "cdi/${name}.json" - { text = builtins.toJSON value; }) - cfg.cdi.static); - in { + environment.etc = { "containers/containers.conf".source = toml.generate "containers.conf" cfg.containersConf.settings; @@ -183,7 +138,7 @@ in "containers/policy.json".source = if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) else "${pkgs.skopeo.policy}/default-policy.json"; - } // cdiStaticConfigurationFiles; + }; }; diff --git a/nixos/modules/virtualisation/digital-ocean-config.nix b/nixos/modules/virtualisation/digital-ocean-config.nix index 2d5bc0661d48d..4ef2b85551c66 100644 --- a/nixos/modules/virtualisation/digital-ocean-config.nix +++ b/nixos/modules/virtualisation/digital-ocean-config.nix @@ -41,7 +41,7 @@ with lib; kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; initrd.kernelModules = [ "virtio_scsi" ]; kernelModules = [ "virtio_pci" "virtio_net" ]; - loader.grub.devices = lib.mkDefault ["/dev/vda"]; + loader.grub.devices = ["/dev/vda"]; }; services.openssh = { enable = mkDefault true; diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix index 08e8288fb2038..2d7ccac7d92c8 100644 --- a/nixos/modules/virtualisation/incus.nix +++ b/nixos/modules/virtualisation/incus.nix @@ -41,6 +41,7 @@ let qemu-utils rsync squashfsTools + swtpm systemd thin-provisioning-tools util-linux @@ -111,7 +112,12 @@ in package = lib.mkPackageOption pkgs "incus-lts" { }; - lxcPackage = lib.mkPackageOption pkgs "lxc" { }; + lxcPackage = lib.mkOption { + type = lib.types.package; + default = config.virtualisation.lxc.package; + defaultText = lib.literalExpression "config.virtualisation.lxc.package"; + description = "The lxc package to use."; + }; clientPackage = lib.mkOption { type = lib.types.package; diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix index 7d7d48db924f8..1ef322588a68c 100644 --- a/nixos/modules/virtualisation/lxc.nix +++ b/nixos/modules/virtualisation/lxc.nix @@ -32,6 +32,7 @@ in {manpage}`lxc.system.conf(5)`. ''; }; + package = lib.mkPackageOption pkgs "lxc" { }; defaultConfig = lib.mkOption { @@ -57,19 +58,19 @@ in ###### implementation config = lib.mkIf cfg.enable { - environment.systemPackages = [ pkgs.lxc ]; + environment.systemPackages = [ cfg.package ]; environment.etc."lxc/lxc.conf".text = cfg.systemConfig; environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig; environment.etc."lxc/default.conf".text = cfg.defaultConfig; systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; - security.apparmor.packages = [ pkgs.lxc ]; + security.apparmor.packages = [ cfg.package ]; security.apparmor.policies = { "bin.lxc-start".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start + include ${cfg.package}/etc/apparmor.d/usr.bin.lxc-start ''; "lxc-containers".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/lxc-containers + include ${cfg.package}/etc/apparmor.d/lxc-containers ''; }; }; diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 51d9a9482091d..4c94b3dfe946d 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -35,10 +35,11 @@ in { package = lib.mkPackageOption pkgs "lxd-lts" { }; - lxcPackage = lib.mkPackageOption pkgs "lxc" { - extraDescription = '' - Required for AppArmor profiles. - ''; + lxcPackage = lib.mkOption { + type = lib.types.package; + default = config.virtualisation.lxc.package; + defaultText = lib.literalExpression "config.virtualisation.lxc.package"; + description = "The lxc package to use."; }; zfsSupport = lib.mkOption { |