lxc.autodev = 1
lxc.kmsg = 0
lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill lease linux_immutable net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_chroot sys_nice sys_ptrace sys_tty_config sys_resource sys_boot audit_write audit_control mknod

# Setup the LXC devices in /dev/lxc/
lxc.devttydir = lxc

lxc.init_cmd = /usr/lib/systemd/systemd

# Set the halt/stop signals
lxc.haltsignal=SIGRTMIN+4
lxc.stopsignal=SIGRTMIN+14

# Set the pivot directory
lxc.pivotdir = lxc_putold

# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp = /etc/lxc/default.seccomp

lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.ipv4.gateway = 172.23.75.2
lxc.network.ipv6.gateway = fe80::1

# cgroups
lxc.cgroup.devices.deny = a
## Allow any mknod (but not reading/writing the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## Allow specific devices
### /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
### /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
### /dev/full
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
### /dev/tty
lxc.cgroup.devices.allow = c 5:0 rwm
### /dev/console
lxc.cgroup.devices.allow = c 5:1 rwm
### /dev/ptmx
lxc.cgroup.devices.allow = c 5:2 rwm
### /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
### /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
### fuse
lxc.cgroup.devices.allow = c 10:229 rwm

lxc.cgroup.memory.soft_limit_in_bytes = 1500M
lxc.cgroup.memory.limit_in_bytes = 2000M
lxc.cgroup.cpu.shares = 256
lxc.cgroup.blkio.weight = 500

# Setup the default mounts
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /data/pacman/pkg var/cache/pacman/pkg none bind 0 0
lxc.mount.entry = /data/pacman/sync var/lib/pacman/sync none bind 0 0
lxc.mount.entry = /data/containers/login/rootfs/var/lib/aurrepo srv/repo none bind,ro,create=dir,umask=0 0 0
lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0

lxc.hook.clone = /etc/lxc/hooks/setup-machine-id
lxc.hook.clone = /etc/lxc/hooks/remove-journal
lxc.hook.clone = /etc/lxc/hooks/cleanup-lxc-config
lxc.hook.clone = /etc/lxc/hooks/create-lxc-config
lxc.hook.clone = /etc/lxc/hooks/update-zone
lxc.hook.clone = /etc/lxc/hooks/update-hetzner-rdns
lxc.hook.clone = /etc/lxc/hooks/ansible
lxc.hook.autodev = /etc/lxc/hooks/dn42-routes