c2vi/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3f6e79b8500b97add4f5c5b12e58d08b2aa5fba
dotfiles/mods/fusu-services.nix
Sebastian Moser d3f6e79b85 has libvirtd in container in fusu-services.nix
2025-10-03 17:29:42 +02:00

75 lines
2.3 KiB
Nix
Raw Blame History

{ pkgs, dataDir, config, inputs, system, ... }: let
/**
thanks: @melektron
This builder creates a small shell script that wraps arion to specify
it to operate on a specific registered arion service identified by `srv_name`.
This can be used to manage the docker-compose functionality of an arion service
that is defined in the NixOS system, independently from the systemctl service that
starts it. If you start/stop compose projects using this, you should first stop
the systemctl service.
*/
createArionServiceManager = srv_name: setup: (
pkgs.writeShellScriptBin "manage-arion-${srv_name}" ''
echo operating on: ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml}
${setup}
${pkgs.lib.getExe inputs.arion.packages."${system}".arion} --prebuilt-file ${config.virtualisation.arion.projects."${srv_name}".settings.out.dockerComposeYaml} $@
''
);
in {
environment.systemPackages = [
pkgs.arion
# Do install the docker CLI to talk to podman.
# Not needed when virtualisation.docker.enable = true;
pkgs.docker-client
# add all the service managers
(createArionServiceManager "libvirt" "")
];
# Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05.
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
users.extraUsers.me.extraGroups = ["podman"];
######################## libvirtd in container #########################
virtualisation.arion = {
backend = "podman-socket";
projects.libvirt.settings.services.libvirt = { pkgs, lib, ... }: {
nixos.useSystemd = true;
service.useHostStore = true;
nixos.configuration = {
boot.tmp.useTmpfs = true;
virtualisation.libvirtd = {
enable = true;
};
users.users.me = {
uid = 1001;
isNormalUser = true;
password = "changeme";
extraGroups = [ "networkmanager" "wheel" "libvirtd" "plugdev" ];
};
};
service = {
privileged = true;
volumes = [
"${dataDir}/libvirt/run:/run/libvirt"
"${dataDir}/libvirt/lib:/var/lib/libvirt"
];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink