document my day

This commit is contained in:
Peder Bergebakken Sundt 2024-04-13 19:48:42 +02:00
parent c76b3504b1
commit 3b972d07af

View File

@ -28,6 +28,20 @@ machinectl remove "$NSPAWN_NAME" || true # TODO: is this interactive?
#machinectl pull-tar "https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz" "$NSPAWN_NAME" --verify=no
machinectl import-tar "$TARBALL" "$NSPAWN_NAME"
# TODO: get sandbox working
# https://wiki.archlinux.org/index.php?title=Systemd-nspawn&oldid=703843#Run_docker_in_systemd-nspawn
#[Files]
#Bind=/sys/fs/cgroup
#Bind=/proc
#[Exec]
#Capability=all
#SystemCallFilter=@known @priviledged
#SystemCallFilter=add_key keyctl bpf
#Parameters=systemd.legacy_systemd_cgroup_controller=yes
#Parameters=systemd.unified_cgroup_hierarchy=0
#PrivateUsers=no
#PrivateUsersOwnership=no
# use host network
mkdir -p /etc/systemd/nspawn
tee /etc/systemd/nspawn/"$NSPAWN_NAME".nspawn <<"EOF"