DevComp/coder-devenv
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity
coder-devenv/vendor/docker-nixos/configuration.nix

126 lines
No EOL
3.9 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, lib, ... }:
let
options = import ./options.nix;
flake = ''
{
description = "Container";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
container-base-config.url = "path:/baseconfig";
user-config.url = "${options.flakeUrl}";
};
outputs = { nixpkgs, user-config, container-base-config, ... }@inputs: {
nixosConfigurations.container = user-config.nixosConfigurations.${options.nixosConfiguration}.extendModules {
modules = [container-base-config.nixosModules.containerConfig];
};
};
}
'';
in {
system.stateVersion = "24.05";
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.isContainer = true;
fileSystems."/" =
{ device = "overlay";
fsType = "overlay";
noCheck = true;
};
fileSystems."/run" =
{ device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=2G" "mode=777" ];
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
environment.noXlibs = lib.mkForce true;
nix.settings.sandbox = false;
networking.firewall.enable = lib.mkDefault false;
networking.hostName = lib.mkForce "";
networking.interfaces.eth0.useDHCP = false;
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
networking.networkmanager.enable = lib.mkForce false;
#networking.resolvconf.dnsExtensionMechanism = false;
networking.useDHCP = false;
networking.wireless.enable = false;
nix.distributedBuilds = true;
security.audit.enable = false;
security.sudo.enable = true;
systemd.enableEmergencyMode = false;
systemd.services.console-getty.enable = lib.mkForce false;
systemd.services.rescue.enable = false;
systemd.services.systemd-firstboot.enable = lib.mkForce false;
systemd.services.systemd-hostnamed.enable = lib.mkForce false;
# minimal.nix
documentation.enable = lib.mkDefault false;
documentation.doc.enable = lib.mkDefault false;
documentation.info.enable = lib.mkDefault false;
documentation.man.enable = lib.mkDefault false;
documentation.nixos.enable = lib.mkDefault false;
# Perl is a default package.
environment.defaultPackages = lib.mkDefault [ ];
environment.stub-ld.enable = false;
# The lessopen package pulls in Perl.
programs.less.lessopen = lib.mkDefault null;
# This pulls in nixos-containers which depends on Perl.
boot.enableContainers = lib.mkDefault false;
programs.command-not-found.enable = lib.mkDefault false;
services.logrotate.enable = lib.mkDefault false;
services.udisks2.enable = lib.mkDefault false;
xdg.autostart.enable = lib.mkDefault false;
xdg.icons.enable = lib.mkDefault false;
xdg.mime.enable = lib.mkDefault false;
xdg.sounds.enable = lib.mkDefault false;
systemd.mounts = [{
where = "/sys/kernel/debug";
enable = false;
}];
#boot.isContainer = true;
boot.loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = false;
};
boot.postBootCommands = lib.mkForce "";
system.activationScripts.specialfs = lib.mkForce "";
# don't set sycstl values in a container
#systemd.services.systemd-sysctl.restartTriggers = lib.mkDefault [ ];
environment.etc."sysctl.d/60-nixos.conf" = lib.mkForce { text = "# disabled\n"; };
environment.etc."sysctl.d/50-default.conf" = lib.mkForce { text = "# diasbled\n"; };
environment.etc."sysctl.d/50-coredump.conf" = lib.mkForce { text = "# disabled\n"; };
# Docker makes this read only
environment.etc."hosts".enable = false;
boot.kernel.sysctl = lib.mkForce { "kernel.dmesg_restrict" = 0; };
systemd.services.create-switch-script = {
enable = true;
script = ''
mkdir -p /build
echo '${flake}' > /build/flake.nix
cp /options.nix /baseconfig/options.nix
/run/current-system/sw/bin/nixos-rebuild switch --flake /build#container
'';
wantedBy = [ "multi-user.target" ];
};
}
Reference in a new issue View git blame Copy permalink