fix(virtualisation): add & extend sub{u,g}id ranges
This commit is contained in:
parent
7fae92e31d
commit
5ba17c8ccf
GPG key ID:
671E39E6744C807D
|
|
@ -145,6 +145,7 @@ rec {
|
||||||
user.extraGroups = [ "wheel" "audio" "disk" "media" ];
|
user.extraGroups = [ "wheel" "audio" "disk" "media" ];
|
||||||
modules = [ homeManagerModules.git ];
|
modules = [ homeManagerModules.git ];
|
||||||
config = ./home/felschr.nix;
|
config = ./home/felschr.nix;
|
||||||
|
usesContainers = true;
|
||||||
})
|
})
|
||||||
({ pkgs, ... }: {
|
({ pkgs, ... }: {
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
|
|
@ -168,6 +169,7 @@ rec {
|
||||||
user.extraGroups = [ "wheel" "audio" "disk" ];
|
user.extraGroups = [ "wheel" "audio" "disk" ];
|
||||||
modules = [ homeManagerModules.git ];
|
modules = [ homeManagerModules.git ];
|
||||||
config = ./home/felschr-work.nix;
|
config = ./home/felschr-work.nix;
|
||||||
|
usesContainers = true;
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
specialArgs = { inherit inputs nixConfig; };
|
specialArgs = { inherit inputs nixConfig; };
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
name:
|
name:
|
||||||
{ user ? { }, hm ? { }, modules ? [ ], config, ... }:
|
{ user ? { }, hm ? { }, modules ? [ ], config, usesContainers ? false, ... }:
|
||||||
|
|
||||||
{ pkgs, lib, home-manager, ... }: {
|
{ pkgs, lib, home-manager, ... }: {
|
||||||
imports = [ home-manager.nixosModules.home-manager ];
|
imports = [ home-manager.nixosModules.home-manager ];
|
||||||
|
|
@ -7,6 +7,16 @@ name:
|
||||||
users.users."${name}" = {
|
users.users."${name}" = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
|
||||||
|
# increase sub{u,g}id range for container user namespaces
|
||||||
|
subUidRanges = lib.optionals usesContainers [{
|
||||||
|
startUid = 100000;
|
||||||
|
count = 60000000;
|
||||||
|
}];
|
||||||
|
subGidRanges = lib.optionals usesContainers [{
|
||||||
|
startGid = 100000;
|
||||||
|
count = 60000000;
|
||||||
|
}];
|
||||||
} // user;
|
} // user;
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
|
|
|
||||||
|
|
@ -7,4 +7,27 @@ _:
|
||||||
# Create unique User Namespace for the container
|
# Create unique User Namespace for the container
|
||||||
containers.userns = "auto";
|
containers.userns = "auto";
|
||||||
};
|
};
|
||||||
|
virtualisation.containers.storage.settings = {
|
||||||
|
# defaults
|
||||||
|
storage = {
|
||||||
|
driver = "overlay";
|
||||||
|
graphroot = "/var/lib/containers/storage";
|
||||||
|
runroot = "/run/containers/storage";
|
||||||
|
};
|
||||||
|
|
||||||
|
# SUB_UID_MAX: https://man7.org/linux/man-pages/man5/login.defs.5.html
|
||||||
|
storage.options.auto-userns-max-size = 600100000;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Increase sub{u,g}id range
|
||||||
|
users.users."root" = {
|
||||||
|
subUidRanges = [{
|
||||||
|
startUid = 60100000;
|
||||||
|
count = 60000000;
|
||||||
|
}];
|
||||||
|
subGidRanges = [{
|
||||||
|
startGid = 60100000;
|
||||||
|
count = 60000000;
|
||||||
|
}];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue