materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

materusPC: init archlinux nspawn container

This commit is contained in:
Mateusz Słodkowicz 2024-10-15 23:45:46 +02:00
parent a075a51ed4
commit 533691247d
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
2 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
configurations/host/materusPC/containers/arch.nix Normal file
View File

@ -0,0 +1,98 @@
{ config, pkgs, lib, ... }:
let
mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
extraMirrors = [ ];
getty = [ 5 6 ];
ttys = [ 5 6 7 8 ] ++ getty;
startPkgs = lib.strings.concatStringsSep " " [ "base" "base-devel" "dbus" "less" "nano" "bash-completion" ];
scripts = {
preStart = pkgs.writeShellScript "arch-pre-start" ''
if [ ! -d "/var/lib/machines/archlinux" ]; then
export PATH=''${PATH:+''${PATH}:}${lib.strings.makeBinPath (with pkgs; [ wget coreutils-full gnutar zstd ]) }
ARCH_IMAGE=$(mktemp)
trap 'rm $ARCH_IMAGE' EXIT
wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
mkdir -p /var/lib/machines/archlinux
trap 'rm -rf /var/lib/machines/archlinux' ERR
tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
rm "/var/lib/machines/archlinux/etc/resolv.conf"
[ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"
systemd-machine-id-setup --root="/var/lib/machines/archlinux"
systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
export PATH=/bin
pacman-key --init && pacman-key --populate
pacman -Rs --noconfirm arch-install-scripts
pacman -Sy --noconfirm --needed ${startPkgs}
pacman -Syu --noconfirm
systemctl disable getty@tty1.service
${lib.strings.concatStringsSep "\n" (lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service"))}
"
fi
'';
};
in
{
systemd.nspawn."archlinux" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "bind";
Capability = "all";
PrivateUsers="no";
};
filesConfig = {
BindReadOnly = [
"/etc/resolv.conf:/etc/resolv.conf"
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/dev/input"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/tmp/.X11-unix"
/materus
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Private = false;
};
};
systemd.services."systemd-nspawn@archlinux" = {
enable = true;
preStart = "${scripts.preStart}";
overrideStrategy = "asDropin";
serviceConfig = {
DeviceAllow = [ "char-tty rwm" "char-input rwm" "char-drm rwm" ];
};
};
}

3
configurations/host/materusPC/containers/default.nix
View File

@ -1,5 +1,8 @@
{...}: {...}:
{ {
imports = [
./arch.nix
];
virtualisation.lxc.enable = true; virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true; virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = false; virtualisation.lxd.enable = false;