2024-06-24 08:27:33 +00:00
|
|
|
startup=0
|
|
|
|
gpu_passthrough_intel=0
|
|
|
|
gpu_passthrough_nvidia=0
|
|
|
|
# Turning off seccomp filtering improves performance at the expense of security
|
|
|
|
seccomp=1
|
|
|
|
|
|
|
|
# Use bridge networking to provide an isolated network namespace,
|
|
|
|
# so nixos can manage firewall rules
|
|
|
|
# Ensure to change br1 to the interface name you want to use
|
|
|
|
# You may want to add additional options here, e.g. bind mounts
|
|
|
|
systemd_nspawn_user_args=--network-bridge=br1
|
|
|
|
--bind-ro=./lxd.nix:/etc/nixos/lxd.nix
|
|
|
|
|
|
|
|
# Script to run on the HOST before starting the jail
|
|
|
|
pre_start_hook=#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
echo 'PRE_START_HOOK'
|
|
|
|
|
|
|
|
# If there's no machine-id then this we're about to start the jail for the first time
|
|
|
|
if [ ! -e ./rootfs/etc/machine-id ]; then
|
|
|
|
echo 'BEFORE_FIRST_BOOT'
|
|
|
|
# Create empty nix module to satisfy import in default lxc configuration.nix
|
|
|
|
echo '{ ... }:{}' > ./lxd.nix
|
2024-06-24 13:40:45 +00:00
|
|
|
cp /etc/resolv.conf ./rootfs/etc/resolv.conf
|
2024-06-24 08:27:33 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Only used while creating the jail
|
|
|
|
distro=nixos
|
|
|
|
release=24.05
|
|
|
|
|
|
|
|
# # Example initial_setup which rebuild the system,
|
|
|
|
# # for when you mount your own /etc/nixos/configuration.nix inside the jail
|
|
|
|
# initial_setup=#!/run/current-system/sw/bin/bash
|
|
|
|
# . /etc/bashrc
|
|
|
|
# set -x
|
|
|
|
# ifconfig
|
|
|
|
# nixos-rebuild switch
|
|
|
|
# echo "All Done"
|
|
|
|
|
|
|
|
# You generally will not need to change the options below
|
|
|
|
systemd_run_default_args=--property=KillMode=mixed
|
|
|
|
--property=Type=notify
|
|
|
|
--property=RestartForceExitStatus=133
|
|
|
|
--property=SuccessExitStatus=133
|
|
|
|
--property=Delegate=yes
|
|
|
|
--property=TasksMax=infinity
|
|
|
|
--collect
|
|
|
|
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
|
|
|
|
|
|
|
systemd_nspawn_default_args=--keep-unit
|
|
|
|
--quiet
|
|
|
|
--boot
|
|
|
|
--bind-ro=/sys/module
|
|
|
|
--inaccessible=/sys/module/apparmor
|