This commit is contained in:
2025-04-18 11:50:53 +02:00
parent 730482c98b
commit c8a9b3cf43
22 changed files with 609 additions and 256 deletions
@@ -82,7 +82,7 @@ in
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "bind";
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "copy-host";
@@ -103,6 +103,8 @@ in
"/run/udev"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/shm"
"/dev/kfd"
@@ -110,6 +112,9 @@ in
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/var/lib/containers"
"/tmp/.X11-unix"
/materus
@@ -2,6 +2,7 @@
{
imports = [
./arch.nix
./fedora.nix
];
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
@@ -0,0 +1,75 @@
{
config,
pkgs,
lib,
...
}:
let
ttys = [
9
10
];
in
{
systemd.nspawn."fedora" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "off";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/tmp/.X11-unix"
/materus
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Bridge="br0";
};
};
systemd.services."systemd-nspawn@fedora" = {
enable = true;
overrideStrategy = "asDropin";
serviceConfig = {
ConditionPathExists="/var/lib/machines/fedora";
DeviceAllow = [
"char-tty rwm"
"char-input rwm"
"char-drm rwm"
];
};
};
}