-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added documentation and instructions for nixOS jail #120
base: develop
Are you sure you want to change the base?
Conversation
Cool! Looks good. By the way I think you can add the bridge interface in the create statement: |
You're right, I missed it. Updated |
Thanks for the update! My idea behind the templates are to provide, if possible, a See for example the docker template: https://github.com/Jip-Hop/jailmaker/tree/main/templates/docker The readme is almost empty. It only contains the create command. Do you think you could setup the nixos jail by using the features of the |
While a part of it could be done (replacing/changing the configuration.nix), the OS will still have to be rebuilt manually. The issue with that is because, since host networking is used in the initial setup phase, it will either:
What could be done is editing/adding/replacing the I'll have a look into the above scenario and do some tests next week unless someone gets to it before me. |
I was curious so I tried this just now on my Cobia system. This is the first jail I'm installing on this one. Following the instruction the installation output is:
I think it would be wise to include an explanation about the Thanks for sharing this, I've been really interested exploring NixOS, and this is the perfect starting point for me. |
Thanks for pointing this out! Jailmaker checks if the init system is systemd. In the case of nixOS the init system is also systemd:
But it can't be determined from the filepath that the init system is indeed systemd. So the current check fails and throws this warning while it shouldn't... If we provide a template for nixOS then I think this check also requires some work... |
Perhaps the |
I also ran into NixOS/nixpkgs#63028 when removing the nixOS jail:
My jails are created in plain directories, not datasets. I had to run |
Interesting. I would say making v1.1.4 with datasets a requirement would make sense. Possibly even a check within the script. Or alternatively an additional step for the remove command if its directories & nixOS?
This is kinda tricky, specifically for nixos, because whatever task of this type you'd add would only be applied once you actually run
Happy to do so. I'm also just starting to learn NixOS :)
Yes I agree. Couldn't have been that easy after all |
Its more trickier than thought so far. The following is the issue. The nixOS image pulled is barebones, with directories and configuration created @ first boot. This means stuff such as The error is:
which seems to be a safety check from
The directories in question and the config The main problem is bypassing/finding a way around the systemd-nspawn safety check. From what I can see there isn't really any option to run it via Only option I see to get this working currently is actually adding support to But I'll dig into it more to see if I can find a workaround. |
You may be able to modify the extracted |
Since jailmaker v1.4.0 the |
I've tan some with the bew version, still unable to get it to fully work but making progress. I'm trying to edit the config in place with the initial setup and then running |
Is this something that would be accepted into nixos-hardware so it can just be used as a module for this "hardware"? I don't know if it'd accept the bits from the config file, but maybe something could be made to do that... There's a lot I don't know, and I'm experimenting with it also :) |
Added documentation and instructions for nixOS jail