forked from evolix/ansible-roles
40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
{% if lxc_unprivilegied_containers %}
|
|
# Run containers in unprivilegied mode.
|
|
# Map both user and group IDs in range 0-9999 in the container to the IDs
|
|
# 100000-109999 on the host.
|
|
lxc.id_map = u 0 100000 10000
|
|
lxc.id_map = g 0 100000 10000
|
|
|
|
{% endif %}
|
|
# Set the default network virtualization method.
|
|
{% if ansible_distribution_major_version is version('9', '<=') %}
|
|
lxc.network.type = {{lxc_network_type}}
|
|
{% else %}
|
|
lxc.net.0.type = {{lxc_network_type}}
|
|
{% endif %}
|
|
|
|
|
|
{% if lxc_mount_part %}
|
|
# Mount {{lxc_mount_part}} into containers.
|
|
lxc.mount.entry = {{lxc_mount_part}} {{lxc_mount_part |replace('/', '')}} none bind 0 0
|
|
|
|
{% endif %}
|
|
# Only one tty is enough.
|
|
# This require that you disabled others tty ([2-6]) in systemd.
|
|
{% if ansible_distribution_major_version is version('9', '<=') %}
|
|
lxc.tty = 1
|
|
{% else %}
|
|
lxc.tty.max = 1
|
|
{% endif %}
|
|
|
|
# Run 64bits containers
|
|
lxc.arch = x86_64
|
|
|
|
# Start containers on boot by default
|
|
lxc.start.auto = 1
|
|
|
|
{% if ansible_distribution_major_version is version('9', '>') %}
|
|
# Set LXC container unconfined in AppArmor
|
|
lxc.apparmor.profile = unconfined
|
|
{% endif %}
|