pyrox.dev
lol
Merge pull request #255116 from adamcstephens/lxd/udev-container
systemd: allow udev-trigger to run on lxd containers with nesting
authored by
Mario Rodas
and committed by
GitHub
25b9f4d2
a9f6c4e4
+11
-10
+1
-1
nixos/modules/system/boot/systemd.nix
+1
-1
nixos/modules/system/boot/systemd.nix
···
53
53
"systemd-udevd-kernel.socket"
54
54
"systemd-udevd.service"
55
55
"systemd-udev-settle.service"
56
-
] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [
56
+
] ++ (optional (!config.boot.isContainer || config.virtualisation.lxc.nestedContainer) "systemd-udev-trigger.service") ++ [
57
57
# hwdb.bin is managed by NixOS
58
58
# "systemd-hwdb-update.service"
59
59
+10
-9
nixos/modules/virtualisation/lxc-container.nix
+10
-9
nixos/modules/virtualisation/lxc-container.nix
···
9
9
10
10
options = {
11
11
virtualisation.lxc = {
12
-
privilegedContainer = lib.mkOption {
13
-
type = lib.types.bool;
14
-
default = false;
15
-
description = lib.mdDoc ''
16
-
Whether this LXC container will be running as a privileged container or not. If set to `true` then
17
-
additional configuration will be applied to the `systemd` instance running within the container as
18
-
recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).
19
-
'';
20
-
};
12
+
nestedContainer = lib.mkEnableOption (lib.mdDoc ''
13
+
Whether this container is configured as a nested container. On LXD containers this is recommended
14
+
for all containers and is enabled with `security.nesting = true`.
15
+
'');
16
+
17
+
privilegedContainer = lib.mkEnableOption (lib.mdDoc ''
18
+
Whether this LXC container will be running as a privileged container or not. If set to `true` then
19
+
additional configuration will be applied to the `systemd` instance running within the container as
20
+
recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/).
21
+
'');
21
22
};
22
23
};
23
24