BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/nixos/modules/virtualisation
History
Eelco Dolstra 895bcdd1cb Add support for running a container with a private network interface 
For example, the following sets up a container named ‘foo’.  The
container will have a single network interface eth0, with IP address
10.231.136.2.  The host will have an interface c-foo with IP address
10.231.136.1.

  systemd.containers.foo =
    { privateNetwork = true;
      hostAddress = "10.231.136.1";
      localAddress = "10.231.136.2";
      config =
        { services.openssh.enable = true; };
    };

With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules.  This is secure because it cannot touch the
interfaces of the host.

The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
..
amazon-config.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
amazon-image.nix Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox. 2014-02-24 18:05:26 +01:00
container-login.nix Provide a simple way to log into containers 2014-03-17 14:10:47 +01:00
containers.nix Add support for running a container with a private network interface 2014-03-18 10:49:25 +01:00
ec2-data.nix Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
google-compute-config.nix Add initial configuration for Google Compute Engine 2013-12-11 15:32:27 +01:00
google-compute-image.nix Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox. 2014-02-24 18:05:26 +01:00
libvirtd.nix nixos/libvirtd-service: fix fail-to-start when no machines are configured 2013-12-09 19:41:44 +01:00
nova-config.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
nova-image.nix Rename environment.nix -> nix.package 2013-10-28 22:45:57 +01:00
nova.nix nixos: capitalize a bunch of service descriptions 2013-11-09 20:45:50 +01:00
qemu-opts Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
qemu-vm.nix Removed obsolete option services.xserver.videoDriver 2014-02-18 23:13:00 +01:00
run-in-netns.c Add support for running a container with a private network interface 2014-03-18 10:49:25 +01:00
virtualbox-guest.nix services.mesa -> hardware.opengl 2014-02-08 14:45:37 -05:00
virtualbox-image.nix virtualbox-image.nix: initialRootPassword setting should be easily overrideable 2014-02-14 09:06:26 -05:00
xen-dom0.nix nixos: capitalize a bunch of service descriptions 2013-11-09 20:45:50 +01:00
xen-domU.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00