nixos/proxmox-lxc: fix ping in unprivileged LXCs

2025-06-12 04:35:41 +03:00 · 2024-06-15 20:29:01 +05:30 · 2024-06-15 20:29:01 +05:30 · 01b159092f
commit 01b159092f
parent 33f93a8999
1 changed files with 8 additions and 0 deletions
--- a/nixos/modules/virtualisation/proxmox-lxc.nix
+++ b/nixos/modules/virtualisation/proxmox-lxc.nix
@ -65,6 +65,14 @@ with lib;
        hostName = mkIf (!cfg.manageHostName) (mkForce "");
      };

+      # unprivileged LXCs can't set net.ipv4.ping_group_range
+      security.wrappers.ping = mkIf (!cfg.privileged) {
+        owner = "root";
+        group = "root";
+        capabilities = "cap_net_raw+p";
+        source = "${pkgs.iputils.out}/bin/ping";
+      };
+
      services.openssh = {
        enable = mkDefault true;
        startWhenNeeded = mkDefault true;