movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/podman: open firewall for aardvark-dns

Browse source
This commit is contained in:
sohalt 2024-01-15 18:34:06 +01:00
parent 5ec415b260
commit 38b2778765
1 changed files with 20 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

33
nixos/modules/virtualisation/podman/default.nix
View file

@ -150,26 +150,33 @@ in
}; };
config = lib.mkIf cfg.enable config =
{ let
networkConfig = ({
dns_enabled = false;
driver = "bridge";
id = "0000000000000000000000000000000000000000000000000000000000000000";
internal = false;
ipam_options = { driver = "host-local"; };
ipv6_enabled = false;
name = "podman";
network_interface = "podman0";
subnets = [{ gateway = "10.88.0.1"; subnet = "10.88.0.0/16"; }];
} // cfg.defaultNetwork.settings);
inherit (networkConfig) dns_enabled network_interface;
in
lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ] environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.dockerCompat dockerCompat; ++ lib.optional cfg.dockerCompat dockerCompat;
# https://github.com/containers/podman/blob/097cc6eb6dd8e598c0e8676d21267b4edb11e144/docs/tutorials/basic_networking.md#default-network # https://github.com/containers/podman/blob/097cc6eb6dd8e598c0e8676d21267b4edb11e144/docs/tutorials/basic_networking.md#default-network
environment.etc."containers/networks/podman.json" = lib.mkIf (cfg.defaultNetwork.settings != { }) { environment.etc."containers/networks/podman.json" = lib.mkIf (cfg.defaultNetwork.settings != { }) {
source = json.generate "podman.json" ({ source = json.generate "podman.json" networkConfig;
dns_enabled = false;
driver = "bridge";
id = "0000000000000000000000000000000000000000000000000000000000000000";
internal = false;
ipam_options = { driver = "host-local"; };
ipv6_enabled = false;
name = "podman";
network_interface = "podman0";
subnets = [{ gateway = "10.88.0.1"; subnet = "10.88.0.0/16"; }];
} // cfg.defaultNetwork.settings);
}; };
# containers cannot reach aardvark-dns otherwise
networking.firewall.interfaces.${network_interface}.allowedUDPPorts = lib.mkIf dns_enabled [ 53 ];
virtualisation.containers = { virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration enable = true; # Enable common /etc/containers configuration
containersConf.settings = { containersConf.settings = {