Give containers a writable /nix/var/nix/{profiles,gcroots}

These are stored on the host in /nix/var/nix/{profiles,gcroots}/per-container/<container-name> to ensure that container profiles/roots are not garbage-collected.
2024-09-21 12:38:41 +03:00 · 2014-03-17 15:23:20 +01:00 · 2014-03-17 15:23:20 +01:00 · ac215779dd
commit ac215779dd
parent ef8e0266a2
1 changed files with 10 additions and 1 deletions
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@ -110,10 +110,19 @@ with pkgs.lib;
            if ! [ -e ${container.root}/etc/os-release ]; then
              touch ${container.root}/etc/os-release
            fi
+
+            mkdir -p -m 0755 \
+              /nix/var/nix/profiles/per-container/${name} \
+              /nix/var/nix/gcroots/per-container/${name}
          '';

        serviceConfig.ExecStart =
-          "${config.systemd.package}/bin/systemd-nspawn -M ${name} -D ${container.root} --bind-ro=/nix ${container.path}/init";
+          "${config.systemd.package}/bin/systemd-nspawn"
+          + " -M ${name} -D ${container.root}"
+          + " --bind-ro=/nix/store --bind-ro=/nix/var/nix/db --bind-ro=/nix/var/nix/daemon-socket"
+          + " --bind=/nix/var/nix/profiles/per-container/${name}:/nix/var/nix/profiles"
+          + " --bind=/nix/var/nix/gcroots/per-container/${name}:/nix/var/nix/gcroots"
+          + " ${container.path}/init";

        preStop =
          ''