summaryrefslogtreecommitdiff
path: root/modules/netns.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-10-03 17:15:36 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-10-03 17:15:36 +0200
commit9248259708bd6ade5e334a2cdfb29d2a20acb0dd (patch)
tree976a140d547557c8cdf98856510030fd35b83d1a /modules/netns.nix
parent59e54bd97f70711573d321f2d2aeee5da46bf95d (diff)
downloadnixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.gz
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.bz2
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.xz
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.zip
...
Diffstat (limited to 'modules/netns.nix')
-rw-r--r--modules/netns.nix14
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/netns.nix b/modules/netns.nix
index d4f07feb..dca3c0db 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -1,6 +1,6 @@
1{ pkgs, config, lib, ... }: 1{ pkgs, config, lib, ... }:
2 2
3with lib; 3with lib;
4 4
5let 5let
6 cfg = config.networking.namespaces; 6 cfg = config.networking.namespaces;
@@ -56,12 +56,12 @@ let
56 wants = ["network.target"]; 56 wants = ["network.target"];
57 conflicts = ["shutdown.target"]; 57 conflicts = ["shutdown.target"];
58 58
59 path = with pkgs; [ iproute config.systemd.package ]; 59 path = with pkgs; [ iproute2 config.systemd.package ];
60 60
61 serviceConfig = { 61 serviceConfig = {
62 SyslogIdentifier = "netns container ${containerName}"; 62 SyslogIdentifier = "netns container ${containerName}";
63 Type = "notify"; 63 Type = "notify";
64 64
65 RestartForceExitStatus = "133"; 65 RestartForceExitStatus = "133";
66 SuccessExitStatus = "133"; 66 SuccessExitStatus = "133";
67 67
@@ -114,7 +114,7 @@ let
114 --capability=CAP_SYS_TTY_CONFIG,CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN \ 114 --capability=CAP_SYS_TTY_CONFIG,CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN \
115 --ephemeral \ 115 --ephemeral \
116 --network-namespace-path=/run/netns/${containerCfg.netns} \ 116 --network-namespace-path=/run/netns/${containerCfg.netns} \
117 ${containerInit} "${containerCfg.config.system.build.toplevel}/init" 117 ${containerInit} "${containerCfg.config.system.build.toplevel}/init"
118 ''; 118 '';
119 }; 119 };
120in { 120in {
@@ -133,13 +133,13 @@ in {
133 assertions = [ 133 assertions = [
134 { assertion = cfg.containers != {} -> cfg.enable; message = "netns containers require netns@ service template"; } 134 { assertion = cfg.containers != {} -> cfg.enable; message = "netns containers require netns@ service template"; }
135 ]; 135 ];
136 136
137 systemd.services = { 137 systemd.services = {
138 "netns@" = mkIf cfg.enable { 138 "netns@" = mkIf cfg.enable {
139 description = "%I network namspace"; 139 description = "%I network namspace";
140 before = [ "network-pre.target" ]; 140 before = [ "network-pre.target" ];
141 wants = [ "network-pre.target" ]; 141 wants = [ "network-pre.target" ];
142 path = with pkgs; [ iproute utillinux ]; 142 path = with pkgs; [ iproute2 util-linux ];
143 serviceConfig = { 143 serviceConfig = {
144 Type = "oneshot"; 144 Type = "oneshot";
145 RemainAfterExit = true; 145 RemainAfterExit = true;
@@ -149,7 +149,7 @@ in {
149 umount /var/run/netns/"$1" 149 umount /var/run/netns/"$1"
150 mount --bind /proc/self/ns/net /var/run/netns/"$1" 150 mount --bind /proc/self/ns/net /var/run/netns/"$1"
151 ''} %I"; 151 ''} %I";
152 ExecStop = "${pkgs.iproute}/bin/ip netns del %I"; 152 ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
153 }; 153 };
154 }; 154 };
155 } // mapAttrs' mkContainerService cfg.containers; 155 } // mapAttrs' mkContainerService cfg.containers;