Prevent containers from running non-container services

2026-02-22 18:18:05 -08:00
parent 4cf50b5fb1
commit 684851d641
3 changed files with 3 additions and 3 deletions
--- a/common/default.nix
+++ b/common/default.nix
@@ -102,5 +102,5 @@
  security.acme.defaults.email = "zuckerberg@neet.dev";
  # Enable Desktop Environment if this is a PC (machine role is "personal")
-  de.enable = lib.mkDefault (config.thisMachine.hasRole."personal");
+  de.enable = lib.mkDefault (config.thisMachine.hasRole."personal" && !config.boot.isContainer);
 }
--- a/common/nix-builder.nix
+++ b/common/nix-builder.nix
@@ -12,7 +12,7 @@ let
 in
 lib.mkMerge [
  # configure builder
-  (lib.mkIf thisMachineIsABuilder {
+  (lib.mkIf (thisMachineIsABuilder && !config.boot.isContainer) {
    users.users.${builderUserName} = {
      description = "Distributed Nix Build User";
      group = builderUserName;
--- a/common/server/atticd.nix
+++ b/common/server/atticd.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 {
-  config = lib.mkIf (config.thisMachine.hasRole."binary-cache") {
+  config = lib.mkIf (config.thisMachine.hasRole."binary-cache" && !config.boot.isContainer) {
    services.atticd = {
      enable = true;
      environmentFile = config.age.secrets.atticd-credentials.path;