I am currently using Nix Flakes to create containers by using the nixpkgs.lib.nixosSystem function with boot.isContainer set to true. However I need to add an additional capability to it (CAP_IPC_LOCK) so I can use mongodb (issue is here: https://jira.mongodb.org/browse/SERVER-32773). How do I add capabilities as the NixOS setting is under containers.<name>.additionalCapabilities?
1 Like
It seems the command (https://github.com/NixOS/nixpkgs/blob/6897cb1b623c80989753d7a668de46fa0714c345/pkgs/tools/virtualization/nixos-container/nixos-container.pl) just builds the configuration so the setting of capabilities doesn’t happen there. The container file (https://github.com/NixOS/nixpkgs/blob/564cb4d81d4f734dd068684adec5a60077397fe9/nixos/modules/virtualisation/nixos-containers.nix) seems to generate a start script with capabilities set. However, I still cannot find how to set those capabilities at the top level for a configuration file, instead of a declared container.
1 Like
If anyone has this issue it seems that it is not possible with base NixOS. It is possible (and works great) with extra-container. What I do is create the config in a nix flake and use --nixos-path option to make sure it evaluates with the flake nixpkgs input.
1 Like