Sync with vpsAdminOS config

author: Nguyễn Gia Phong <cnx@loang.net> 2023-10-04 16:39:42 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2023-10-04 16:39:42 +0900
commit: dbeaf6ad86c07006c78659e9790e5e756c7e6603 (patch)
tree: 69d6149954226370c6fd982ff5148f47247310fa
parent: 4298169a2ab58e019577ac32618cc46f19e45786 (diff)
download: nixos-conf-dbeaf6ad86c07006c78659e9790e5e756c7e6603.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/vpsadminos.nix b/vpsadminos.nix
index 009d464..45337b3 100644
--- a/vpsadminos.nix
+++ b/vpsadminos.nix
@@ -18,11 +18,24 @@ in {
   networking.dhcpcd.extraConfig = "noipv4ll";
 
   systemd.services.systemd-sysctl.enable = false;
+  systemd.services.systemd-oomd.enable = false;
   systemd.sockets."systemd-journald-audit".enable = false;
   systemd.mounts = [ {where = "/sys/kernel/debug"; enable = false;} ];
   systemd.services.systemd-udev-trigger.enable = false;
   systemd.services.rpc-gssd.enable = false;
 
+  # Due to our restrictions in /sys, the default systemd-udev-trigger fails
+  # on accessing PCI devices, etc. Override it to match only network devices.
+  # In addition, boot.isContainer prevents systemd-udev-trigger.service from
+  # being enabled at all, so add it explicitly.
+  systemd.additionalUpstreamSystemUnits = [
+    "systemd-udev-trigger.service"
+  ];
+  systemd.services.systemd-udev-trigger.serviceConfig.ExecStart = [
+    ""
+    "-udevadm trigger --subsystem-match=net --action=add"
+  ];
+
   boot.isContainer = true;
   boot.enableContainers = mkDefault true;
   boot.loader.initScript.enable = true;
author	Nguyễn Gia Phong <cnx@loang.net>	2023-10-04 16:39:42 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2023-10-04 16:39:42 +0900
commit	dbeaf6ad86c07006c78659e9790e5e756c7e6603 (patch)
tree	69d6149954226370c6fd982ff5148f47247310fa
parent	4298169a2ab58e019577ac32618cc46f19e45786 (diff)
download	nixos-conf-dbeaf6ad86c07006c78659e9790e5e756c7e6603.tar.gz