From a03d567652a609484466e63483e9a9454f575b51 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 31 Jan 2024 13:47:03 -0800 Subject: [PATCH] chore(ct): update template --- modules/nixos/access.nix | 1 - nixos/reisen-ct/filesystem.nix | 6 ++++++ tf/proxmox_vms.tf | 6 +++--- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/nixos/access.nix b/modules/nixos/access.nix index c59a0be8..816da2d5 100644 --- a/modules/nixos/access.nix +++ b/modules/nixos/access.nix @@ -190,7 +190,6 @@ in { }; nftables = mkIf (networking.nftables.enable && cfg.localaddrs.enable) rec { wants = [ "localaddrs.service" ]; - after = wants; serviceConfig = { ExecReload = mkBefore [ "+${localaddrs-reload}" diff --git a/nixos/reisen-ct/filesystem.nix b/nixos/reisen-ct/filesystem.nix index c26cfa7e..fb7c7e8d 100644 --- a/nixos/reisen-ct/filesystem.nix +++ b/nixos/reisen-ct/filesystem.nix @@ -5,4 +5,10 @@ inherit (lib) mkDefault; in { services.kanidm.serverSettings.db_fs_type = mkDefault "zfs"; + # work around a filesystem issue when migrating an unprivileged container to privileged + boot.postBootCommands = '' + if [[ $(stat -c '%u' /) != 0 ]]; then + chown 0:0 / /* + fi + ''; } diff --git a/tf/proxmox_vms.tf b/tf/proxmox_vms.tf index 9af08d2a..6577cbdd 100644 --- a/tf/proxmox_vms.tf +++ b/tf/proxmox_vms.tf @@ -1,6 +1,6 @@ variable "proxmox_container_template" { type = string - default = "local:vztmpl/reisen-ct-2024-01-26-nixos-system-x86_64-linux.tar.xz" + default = "local:vztmpl/ct-20240127-nixos-system-x86_64-linux.tar.xz" } data "proxmox_virtual_environment_vm" "kubernetes" { @@ -54,7 +54,7 @@ resource "proxmox_virtual_environment_container" "reimu" { started = false lifecycle { - ignore_changes = [started, description] + ignore_changes = [started, description, operating_system[0].template_file_id] } } @@ -112,7 +112,7 @@ resource "proxmox_virtual_environment_vm" "freeipa" { disk { datastore_id = "local-zfs" - file_format = "raw" + file_format = "raw" interface = "scsi0" size = 32 }