JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7ee31c7f94
nixpkgs/nixos/modules/services/networking
History
Eelco Dolstra 895bcdd1cb Add support for running a container with a private network interface 
For example, the following sets up a container named ‘foo’.  The
container will have a single network interface eth0, with IP address
10.231.136.2.  The host will have an interface c-foo with IP address
10.231.136.1.

  systemd.containers.foo =
    { privateNetwork = true;
      hostAddress = "10.231.136.1";
      localAddress = "10.231.136.2";
      config =
        { services.openssh.enable = true; };
    };

With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules.  This is secure because it cannot touch the
interfaces of the host.

The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
..
ircd-hybrid Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
ssh Add some primops to lib 2013-11-12 13:48:30 +01:00
amuled.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
avahi-daemon.nix nixos/avahi-service: small documentation update 2013-12-07 12:03:50 +01:00
bind.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
bitlbee.nix Strictly check the arguments to mkOption 2013-10-30 15:35:09 +01:00
chrony.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
cntlm.nix Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
connman.nix connman-vpn and connman-vpn dbus servise should start after connman service 2014-01-11 21:17:17 +01:00
ddclient.nix Correct web-skip value to match behavior of checkip.dyndns.com 2013-12-11 23:22:43 -05:00
dhcpcd.nix Add support for running a container with a private network interface 2014-03-18 10:49:25 +01:00
dhcpd.nix Manual: Render multi-line strings properly 2013-10-29 17:39:31 +01:00
dnsmasq.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
ejabberd.nix Make Ejabberd service work 2013-12-20 18:16:56 +04:00
firewall.nix firewall: Allow setting rate limits for pings 2014-03-14 14:55:30 -04:00
flashpolicyd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
freenet.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
git-daemon.nix git-daemon service: fix typo in option (close #1659) 2014-02-01 11:56:56 +01:00
gnunet.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
gogoclient.nix Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
gvpe.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
haproxy.nix nixos: haproxy module 2013-10-29 15:55:25 +01:00
hostapd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
ifplugd.nix Remove the dhclient module 2013-10-29 17:39:32 +01:00
iodined.nix Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
kippo.nix UID/GID fix for kippo 2014-03-12 03:32:56 -04:00
minidlna.nix nixos: don't white-list port 8200 in the firewall when minidlna is enabled 2013-12-23 21:32:13 +01:00
nat.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
networkmanager.nix networkmanager module: No need to start ModemManager explicitly, done by NM 2014-02-13 18:05:04 +01:00
notbit.nix notbit: Add systemd service for a system daemon 2014-03-15 04:36:15 -05:00
ntopng.nix nixos: add ntopng service 2013-12-09 21:35:01 +01:00
ntpd.nix Allow ntpq locally 2014-03-06 11:54:02 +01:00
oidentd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
openfire.nix Use the "assertions" option instead of mkAssert 2013-10-30 18:47:44 +01:00
openvpn.nix Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
prayer.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
privoxy.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
quassel.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
radvd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
rdnssd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
rpcbind.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
sabnzbd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
searx.nix searx: refactor a bit 2014-03-09 18:57:17 +01:00
supybot.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
tcpcrypt.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
tftpd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
unbound.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
vsftpd.nix Add an option to change vsftpd anonymos write umask. 2014-02-11 01:34:19 +04:00
wakeonlan.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
websockify.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
wicd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
wpa_supplicant.nix Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
xinetd.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00