Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fpletz/nixos-nspawn-ephemeral

Declarative ephemeral NixOS nspawn containers
https://github.com/fpletz/nixos-nspawn-ephemeral

containers flake networkd nixos nspawn systemd

Last synced: 3 months ago
JSON representation

Declarative ephemeral NixOS nspawn containers

Host: GitHub
URL: https://github.com/fpletz/nixos-nspawn-ephemeral
Owner: fpletz
License: mit
Created: 2024-07-18T03:56:45.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-07-19T21:18:17.000Z (6 months ago)
Last Synced: 2024-09-28T09:01:58.498Z (3 months ago)
Topics: containers, flake, networkd, nixos, nspawn, systemd
Language: Nix
Homepage: https://fpletz.github.io/nixos-nspawn-ephemeral/
Size: 39.1 KB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Declarative ephemeral NixOS nspawn containers

This is a work in progress proof of concept for a simple alternative to NixOS containers. It
contains NixOS modules for a host machine and a container to run declarative NixOS nspawn
containers.

Imperative containers are not in scope of this project since it is the author's opinion that those
are the main issue holding back the upstream NixOS container migration to proper systemd-nspawn
support. Imperative containers need a separate state outside of the NixOS module system and
therefore a tool to manage that state. The author suggests importing the official container tarball
and using the regular imperative NixOS deployment options instead.

## Highlights

* first-class integration into `machinectl`
* `-M` flag for `systemctl` and `loginctl` works as intended
* uses systemd's `[email protected]` unit
* automatic network configuration using `systemd-networkd`
* user namespaces with dynamic UID/GID allocation
* ephemeral execution so no state is being kept across restarts
* if state is needed, bind mounts can be defined in the nspawn configuration

## TODO

* NixOS option interface is currently very simple
* needs more options like custom network config and bind mounts
* the whole host nix store is being bind mounted into the container
* explore if only needed store paths could be bind mounted instead
* maybe create an option to make a separate nix daemon instance available in the container
* explore how to pass credentials into the container and provide an interface

## How to use this

You can consume this flake and use the provided NixOS modules. See the `simple-container` check
in `checks.nix` for an example. If you are not using flakes, the NixOS modules are located in
`host.nix` and `container.nix`.