├── LICENSE
├── README.md
└── container-system.nix


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 David McFarland
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Using a non-NixOS distro as a nixos-container host #
 2 | 
 3 | 1. Install Nix in multi-user mode (https://nixos.org/nix/manual/#sect-multi-user-installation)
 4 | 
 5 | 2. Install required packages for `systemd-nspawn`
 6 | 
 7 |   e.g. on debian: `apt install systemd-container`
 8 | 
 9 | 3. As root install container-system
10 | 
11 |   `nix-env -iE 'f: import "${builtins.fetchGit http://github.com/corngood/portable-nixos-container.git}/container-system.nix"'`
12 | 
13 | 4. Symlink systemd units into host system
14 | 
15 |   ```
16 |   ln -s ~/.nix-profile/etc/systemd/system/{nat,container@}.service /etc/systemd/system
17 |   systemctl daemon-reload
18 |   ```
19 | 
20 | 5. Start and enable nat service (required for containers to have network access)
21 | 
22 |   ```
23 |   systemctl start nat
24 |   mkdir -p /etc/systemd/system/network.target.wants
25 |   ln -s ~/.nix-profile/etc/systemd/system/nat.service /etc/systemd/system/network.target.wants
26 |   ```
27 | 
28 | 6. Create containers using `nixos-container` or by deploying with `nixops`
29 | 
30 | 7. Permanently enable a container
31 | 
32 |   `ln -s /etc/systemd/system/container@.service /etc/systemd/system/multi-user.target.wants/container@[container-name].service`
33 | 
34 | 8. Expose ports
35 | 
36 |   Edit `/etc/containers/[container-name].conf` and add to `HOST_PORT`.  Each word will correspond to the value of a `systemd-nspawn` `--port` argument.
37 | 
38 |   You must restart the container for configuration changes to have an effect `systemctl restart container@[container-name]`.
39 | 
40 |   **WARNING** these ports may not be forwarded from the loopback interface.
41 | 
42 | 9. Configure `systemd-nspawn`
43 | 
44 |   Edit `/etc/containers/[container-name].conf` and add `EXTRA_NSPAWN_FLAGS`.  This variable will be appended to the nspawn arguments, and can contain anything from `man systemd-nspawn`.
45 | 
46 |   e.g. to create a bind mount: `--bind=/mnt/container/var:/var`
47 | 
48 |   `systemd-nspawn` may also be configured using `/etc/systemd/nspawn/[container-name].nspawn` according to the manual.
49 | 


--------------------------------------------------------------------------------
/container-system.nix:
--------------------------------------------------------------------------------
 1 | let
 2 |   configuration = { config, pkgs, ... }: {
 3 |     imports = [
 4 |       <nixpkgs/nixos/modules/virtualisation/docker-image.nix>
 5 |     ];
 6 |     time.timeZone = "America/Halifax";
 7 |     system.stateVersion = "19.09";
 8 |     boot.enableContainers = true;
 9 |     systemd.services."container@" = {
10 |       # the start script fails to touch these if they are broken symlinks
11 |       preStart = ''
12 |         if [ -d $root ]
13 |         then
14 |           rm $root/etc/{os-release,machine-id}
15 |         fi
16 |       '';
17 |     };
18 |     networking.nat = {
19 |       enable = true;
20 |       internalInterfaces = ["ve-+"];
21 |       externalInterface = "eth0";
22 |     };
23 |   };
24 |   nixos = import <nixpkgs/nixos> {
25 |     inherit configuration;
26 |     system = builtins.currentSystem;
27 |   };
28 |   system = nixos.config.system.build.toplevel;
29 |   # older version of nixos-container is required for compatibility with older systemd
30 |   nixos-container =
31 |     (import (builtins.fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.09.tar.gz) {})
32 |     .nixos-container;
33 | in
34 |   { pkgs ? import <nixpkgs> {} }: with pkgs;
35 |   stdenv.mkDerivation {
36 |     name = "container-system";
37 |     unpackPhase = ":";
38 |     installPhase = ''
39 |       mkdir -p $out/bin $out/etc/systemd/system
40 |       ln -s ${nixos-container}/bin/nixos-container $out/bin/nixos-container
41 |       ln -s ${system}/etc/systemd/system/{nat,container@}.service $out/etc/systemd/system/
42 |     '';
43 |   }
44 | 


--------------------------------------------------------------------------------