vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

lpt2: split containers

Browse source
This commit is contained in:
müde 2026-05-07 18:21:38 +02:00
parent 90dfef044c
commit 9d2ecaa010
2 changed files with 58 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

57
nixosConfigurations/muede-lpt2/containers.nix Normal file
View file

@ -0,0 +1,57 @@
{ self, ... }:
{
config = {
boot.enableContainers = true;
virtualisation.containers.enable = true;
containers.damocles = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
bindMounts."/persist/damocles-lab" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
};
containers.damocles-lab = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/workspace" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
};
# Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn
# before it finishes halting, leaving cgroups busy and breaking restarts.
systemd.services."container@damocles".serviceConfig = {
TimeoutStopSec = "60s";
# After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups.
# Without this, the immediate restart attempt fails with "Device or resource busy".
RestartSec = "5s";
};
systemd.services."container@damocles-lab".serviceConfig = {
TimeoutStopSec = "60s";
RestartSec = "5s";
};
};
}

54
nixosConfigurations/muede-lpt2/default.nix
View file

@ -1,6 +1,7 @@
{ self, ... }: { self, ... }:
{ {
imports = [ imports = [
./containers.nix
./hardware.nix ./hardware.nix
]; ];
@ -64,58 +65,5 @@
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
containers.damocles = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
bindMounts."/persist/damocles-lab" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
};
containers.damocles-lab = {
autoStart = false;
privateNetwork = false;
path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;
bindMounts."/etc/nix/distributed-build-key" = {
hostPath = "/etc/nix/distributed-build-key";
isReadOnly = true;
};
bindMounts."/workspace" = {
hostPath = "/persist/damocles-lab";
isReadOnly = false;
};
bindMounts."/persist/damocles-ssh" = {
hostPath = "/persist/damocles-ssh";
isReadOnly = true;
};
};
# Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn
# before it finishes halting, leaving cgroups busy and breaking restarts.
systemd.services."container@damocles".serviceConfig = {
TimeoutStopSec = "60s";
# After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups.
# Without this, the immediate restart attempt fails with "Device or resource busy".
RestartSec = "5s";
};
systemd.services."container@damocles-lab".serviceConfig = {
TimeoutStopSec = "60s";
RestartSec = "5s";
};
boot.enableContainers = true;
virtualisation.containers.enable = true;
}; };
} }