Loading nixos/modules/virtualisation/nixos-containers.nix +26 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,10 @@ let extraFlags+=("--network-bridge=$HOST_BRIDGE") fi if [ -n "$NETWORK_NAMESPACE_PATH" ]; then extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH") fi extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)}) for iface in $INTERFACES; do Loading Loading @@ -632,6 +636,20 @@ in ''; }; networkNamespace = mkOption { type = types.nullOr types.path; default = null; description = '' Takes the path to a file representing a kernel network namespace that the container shall run in. The specified path should refer to a (possibly bind-mounted) network namespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the container enter the given network namespace. One of the typical use cases is to give a network namespace under /run/netns created by ip-netns(8). Note that this option cannot be used together with other network-related options, such as --private-network or --network-interface=. ''; }; interfaces = mkOption { type = types.listOf types.str; default = []; Loading Loading @@ -793,6 +811,11 @@ in { warnings = optional (!config.boot.enableContainers && config.containers != {}) "containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true."; assertions = let mapper = name: cfg: optional (cfg.networkNamespace != null && (cfg.privateNetwork || cfg.interfaces != [])) "containers.${name}.networkNamespace is mutally exclusive to containers.${name}.privateNetwork and containers.${name}.interfaces."; in mkMerge (mapAttrsToList mapper config.containers); } (mkIf (config.boot.enableContainers) (let Loading Loading @@ -897,6 +920,9 @@ in LOCAL_ADDRESS6=${cfg.localAddress6} ''} ''} ${optionalString (cfg.networkNamespace != null) '' NETWORK_NAMESPACE_PATH=${cfg.networkNamespace} ''} INTERFACES="${toString cfg.interfaces}" MACVLANS="${toString cfg.macvlans}" ${optionalString cfg.autoStart '' Loading nixos/tests/containers-restart_networking.nix +5 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,11 @@ import ./make-test-python.nix ( } ]; networking.interfaces.eth1 = { ipv4.addresses = lib.mkForce [ ]; ipv6.addresses = lib.mkForce [ ]; }; specialisation.eth1.configuration = { networking.bridges.br0.interfaces = [ "eth1" ]; networking.interfaces = { Loading Loading
nixos/modules/virtualisation/nixos-containers.nix +26 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,10 @@ let extraFlags+=("--network-bridge=$HOST_BRIDGE") fi if [ -n "$NETWORK_NAMESPACE_PATH" ]; then extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH") fi extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)}) for iface in $INTERFACES; do Loading Loading @@ -632,6 +636,20 @@ in ''; }; networkNamespace = mkOption { type = types.nullOr types.path; default = null; description = '' Takes the path to a file representing a kernel network namespace that the container shall run in. The specified path should refer to a (possibly bind-mounted) network namespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the container enter the given network namespace. One of the typical use cases is to give a network namespace under /run/netns created by ip-netns(8). Note that this option cannot be used together with other network-related options, such as --private-network or --network-interface=. ''; }; interfaces = mkOption { type = types.listOf types.str; default = []; Loading Loading @@ -793,6 +811,11 @@ in { warnings = optional (!config.boot.enableContainers && config.containers != {}) "containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true."; assertions = let mapper = name: cfg: optional (cfg.networkNamespace != null && (cfg.privateNetwork || cfg.interfaces != [])) "containers.${name}.networkNamespace is mutally exclusive to containers.${name}.privateNetwork and containers.${name}.interfaces."; in mkMerge (mapAttrsToList mapper config.containers); } (mkIf (config.boot.enableContainers) (let Loading Loading @@ -897,6 +920,9 @@ in LOCAL_ADDRESS6=${cfg.localAddress6} ''} ''} ${optionalString (cfg.networkNamespace != null) '' NETWORK_NAMESPACE_PATH=${cfg.networkNamespace} ''} INTERFACES="${toString cfg.interfaces}" MACVLANS="${toString cfg.macvlans}" ${optionalString cfg.autoStart '' Loading
nixos/tests/containers-restart_networking.nix +5 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,11 @@ import ./make-test-python.nix ( } ]; networking.interfaces.eth1 = { ipv4.addresses = lib.mkForce [ ]; ipv6.addresses = lib.mkForce [ ]; }; specialisation.eth1.configuration = { networking.bridges.br0.interfaces = [ "eth1" ]; networking.interfaces = { Loading
