mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
feat: use configurable link name in containers
This commit is contained in:
parent
eafe3b673c
commit
c94084496a
5 changed files with 38 additions and 53 deletions
|
@ -10,20 +10,18 @@ in {
|
|||
gc.automatic = mkForce false;
|
||||
};
|
||||
|
||||
systemd.network.networks = {
|
||||
"10-${guestCfg.networking.mainLinkName}" = {
|
||||
matchConfig.Name = guestCfg.networking.mainLinkName;
|
||||
DHCP = "yes";
|
||||
dhcpV4Config.UseDNS = false;
|
||||
dhcpV6Config.UseDNS = false;
|
||||
ipv6AcceptRAConfig.UseDNS = false;
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
systemd.network.networks."10-${guestCfg.networking.mainLinkName}" = {
|
||||
matchConfig.Name = guestCfg.networking.mainLinkName;
|
||||
DHCP = "yes";
|
||||
dhcpV4Config.UseDNS = false;
|
||||
dhcpV6Config.UseDNS = false;
|
||||
ipv6AcceptRAConfig.UseDNS = false;
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
|
||||
networking.nftables.firewall = {
|
||||
|
|
|
@ -12,15 +12,12 @@ guestName: guestCfg: {
|
|||
flip
|
||||
mapAttrs'
|
||||
nameValuePair
|
||||
substring
|
||||
;
|
||||
|
||||
initialLinkName = "mv-${(substring 0 12 (builtins.hashString "sha256" guestName))}";
|
||||
in {
|
||||
ephemeral = true;
|
||||
privateNetwork = true;
|
||||
autoStart = guestCfg.autostart;
|
||||
macvlans = ["${guestCfg.container.macvlan}:${initialLinkName}"];
|
||||
macvlans = ["${guestCfg.container.macvlan}:${guestCfg.networking.mainLinkName}"];
|
||||
extraFlags = [
|
||||
"--uuid=${builtins.substring 0 32 (builtins.hashString "sha256" guestName)}"
|
||||
];
|
||||
|
@ -63,14 +60,6 @@ in {
|
|||
device = zfsCfg.guestMountpoint;
|
||||
options = ["bind"];
|
||||
});
|
||||
|
||||
# Rename the network interface to our liking
|
||||
systemd.network.links = {
|
||||
"01-${guestCfg.networking.mainLinkName}" = {
|
||||
matchConfig.Name = initialLinkName;
|
||||
linkConfig.Name = guestCfg.networking.mainLinkName;
|
||||
};
|
||||
};
|
||||
}
|
||||
(import ./common-guest-config.nix guestName guestCfg)
|
||||
]
|
||||
|
|
|
@ -31,6 +31,12 @@
|
|||
lib.genAttrs backends (_: {})
|
||||
// mapAttrs (_: listToAttrs) (groupBy (x: x.value.backend) (attrsToList config.guests));
|
||||
|
||||
# List the necessary mount units for the given guest
|
||||
fsMountUnitsFor = guestCfg:
|
||||
map
|
||||
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
|
||||
(attrValues guestCfg.zfs);
|
||||
|
||||
# Configuration required on the host for a specific guest
|
||||
defineGuest = _guestName: guestCfg: {
|
||||
# Add the required datasets to the disko configuration of the machine
|
||||
|
@ -43,7 +49,6 @@
|
|||
systemd.services = mkMerge (flip map (attrValues guestCfg.zfs) (zfsCfg: let
|
||||
fsMountUnit = "${utils.escapeSystemdPath zfsCfg.hostMountpoint}.mount";
|
||||
in {
|
||||
# Ensure that the zfs dataset exists before it is mounted.
|
||||
"zfs-ensure-${utils.escapeSystemdPath zfsCfg.hostMountpoint}" = {
|
||||
wantedBy = [fsMountUnit];
|
||||
before = [fsMountUnit];
|
||||
|
@ -68,14 +73,9 @@
|
|||
|
||||
defineMicrovm = guestName: guestCfg: {
|
||||
# Ensure that the zfs dataset exists before it is mounted.
|
||||
systemd.services."microvm@${guestName}" = let
|
||||
fsMountUnits =
|
||||
map
|
||||
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
|
||||
(attrValues guestCfg.zfs);
|
||||
in {
|
||||
requires = fsMountUnits;
|
||||
after = fsMountUnits;
|
||||
systemd.services."microvm@${guestName}" = {
|
||||
requires = fsMountUnitsFor guestCfg;
|
||||
after = fsMountUnitsFor guestCfg;
|
||||
};
|
||||
|
||||
microvm.vms.${guestName} = import ./microvm.nix guestName guestCfg attrs;
|
||||
|
@ -83,19 +83,15 @@
|
|||
|
||||
defineContainer = guestName: guestCfg: {
|
||||
# Ensure that the zfs dataset exists before it is mounted.
|
||||
systemd.services."container@${guestName}" = let
|
||||
fsMountUnits =
|
||||
map
|
||||
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
|
||||
(attrValues guestCfg.zfs);
|
||||
in {
|
||||
requires = fsMountUnits;
|
||||
after = fsMountUnits;
|
||||
systemd.services."container@${guestName}" = {
|
||||
requires = fsMountUnitsFor guestCfg;
|
||||
after = fsMountUnitsFor guestCfg;
|
||||
# Don't use the notify service type. Using exec will always consider containers
|
||||
# started immediately and donesn't wait until the container is fully booted.
|
||||
# Containers should behave like independent machines, and issues inside the container
|
||||
# will unnecessarily lock up the service on the host otherwise.
|
||||
# This causes issues on system activation.
|
||||
# This causes issues on system activation or when containers take longer to start
|
||||
# than TimeoutStartSec.
|
||||
serviceConfig.Type = lib.mkForce "exec";
|
||||
};
|
||||
|
||||
|
@ -162,7 +158,7 @@ in {
|
|||
|
||||
macvtapInterface = mkOption {
|
||||
type = types.str;
|
||||
description = "The host macvtap interface to which the microvm should be attached";
|
||||
description = "The host interface to which the microvm should be attached via macvtap";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -174,12 +170,15 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
mainLinkName = mkOption {
|
||||
type = types.str;
|
||||
default = "wan";
|
||||
description = "The main ethernet link name inside of the VM";
|
||||
};
|
||||
networking.mainLinkName = mkOption {
|
||||
type = types.str;
|
||||
description = "The main ethernet link name inside of the guest. For containers, this cannot be named similar to an existing interface on the host.";
|
||||
default =
|
||||
if submod.config.backend == "microvm"
|
||||
then submod.config.microvm.macvtapInterface
|
||||
else if submod.config.backend == "container"
|
||||
then "mv-${submod.config.container.macvlan}"
|
||||
else throw "Invalid backend";
|
||||
};
|
||||
|
||||
zfs = mkOption {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue