nixos/services/nspawn.nix

{ config, lib, ... }:

with lib;

mkIf (elem "nspawn" config.machine.services) {
  systemd = let
    fn = import ../fn.nix { inherit lib; };
  in {
    nspawn = recursiveUpdate (listToAttrs (
      (map (
        name: {
          name = name;
          value = { networkConfig.VirtualEthernet = "no"; };
        }
      )
        (fn.lst { p = /var/lib/machines; t = "directory"; b = false; })
      ))) {
        "64Arch" = {
          filesConfig = {
            "BindReadOnly" = ["/tmp/.X11-unix"];
            "Bind" = ["/dev/snd" "/dev/dri"];
            # TODO: Add this to service overrides
            # "DeviceAllow" = [ "/dev/dri/renderD128" ];
          };
        };
      };
  };
}
Nspawn containers use host network for now. 2021-10-28 15:18:03 +02:00			`{ config, lib, ... }:`

			`with lib;`

			`mkIf (elem "nspawn" config.machine.services) {`
			`systemd = let`
			`fn = import ../fn.nix { inherit lib; };`
			`in {`
			`nspawn = recursiveUpdate (listToAttrs (`
			`(map (`
			`name: {`
			`name = name;`
			`value = { networkConfig.VirtualEthernet = "no"; };`
			`}`
			`)`
			`(fn.lst { p = /var/lib/machines; t = "directory"; b = false; })`
			`))) {`
			`"64Arch" = {`
			`filesConfig = {`
			`"BindReadOnly" = ["/tmp/.X11-unix"];`
			`"Bind" = ["/dev/snd" "/dev/dri"];`
			`# TODO: Add this to service overrides`
			`# "DeviceAllow" = [ "/dev/dri/renderD128" ];`
			`};`
			`};`
			`};`
			`};`
			`}`