Loading nixos/modules/virtualisation/nixos-containers.nix +26 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,10 @@ let extraFlags+=("--network-bridge=$HOST_BRIDGE") fi if [ -n "$NETWORK_NAMESPACE_PATH" ]; then extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH") fi extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)}) for iface in $INTERFACES; do Loading Loading @@ -632,6 +636,20 @@ in ''; }; networkNamespace = mkOption { type = types.nullOr types.path; default = null; description = '' Takes the path to a file representing a kernel network namespace that the container shall run in. The specified path should refer to a (possibly bind-mounted) network namespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the container enter the given network namespace. One of the typical use cases is to give a network namespace under /run/netns created by ip-netns(8). Note that this option cannot be used together with other network-related options, such as --private-network or --network-interface=. ''; }; interfaces = mkOption { type = types.listOf types.str; default = []; Loading Loading @@ -793,6 +811,11 @@ in { warnings = optional (!config.boot.enableContainers && config.containers != {}) "containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true."; assertions = let mapper = name: cfg: optional (cfg.networkNamespace != null && (cfg.privateNetwork || cfg.interfaces != [])) "containers.${name}.networkNamespace is mutally exclusive to containers.${name}.privateNetwork and containers.${name}.interfaces."; in mkMerge (mapAttrsToList mapper config.containers); } (mkIf (config.boot.enableContainers) (let Loading Loading @@ -897,6 +920,9 @@ in LOCAL_ADDRESS6=${cfg.localAddress6} ''} ''} ${optionalString (cfg.networkNamespace != null) '' NETWORK_NAMESPACE_PATH=${cfg.networkNamespace} ''} INTERFACES="${toString cfg.interfaces}" MACVLANS="${toString cfg.macvlans}" ${optionalString cfg.autoStart '' Loading Loading
nixos/modules/virtualisation/nixos-containers.nix +26 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,10 @@ let extraFlags+=("--network-bridge=$HOST_BRIDGE") fi if [ -n "$NETWORK_NAMESPACE_PATH" ]; then extraFlags+=("--network-namespace-path=$NETWORK_NAMESPACE_PATH") fi extraFlags+=(${lib.escapeShellArgs (mapAttrsToList nspawnExtraVethArgs cfg.extraVeths)}) for iface in $INTERFACES; do Loading Loading @@ -632,6 +636,20 @@ in ''; }; networkNamespace = mkOption { type = types.nullOr types.path; default = null; description = '' Takes the path to a file representing a kernel network namespace that the container shall run in. The specified path should refer to a (possibly bind-mounted) network namespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the container enter the given network namespace. One of the typical use cases is to give a network namespace under /run/netns created by ip-netns(8). Note that this option cannot be used together with other network-related options, such as --private-network or --network-interface=. ''; }; interfaces = mkOption { type = types.listOf types.str; default = []; Loading Loading @@ -793,6 +811,11 @@ in { warnings = optional (!config.boot.enableContainers && config.containers != {}) "containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true."; assertions = let mapper = name: cfg: optional (cfg.networkNamespace != null && (cfg.privateNetwork || cfg.interfaces != [])) "containers.${name}.networkNamespace is mutally exclusive to containers.${name}.privateNetwork and containers.${name}.interfaces."; in mkMerge (mapAttrsToList mapper config.containers); } (mkIf (config.boot.enableContainers) (let Loading Loading @@ -897,6 +920,9 @@ in LOCAL_ADDRESS6=${cfg.localAddress6} ''} ''} ${optionalString (cfg.networkNamespace != null) '' NETWORK_NAMESPACE_PATH=${cfg.networkNamespace} ''} INTERFACES="${toString cfg.interfaces}" MACVLANS="${toString cfg.macvlans}" ${optionalString cfg.autoStart '' Loading
