dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/whale2: Update to netavark backend
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 31m25s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2024-06-03 18:29:36 +01:00
parent 1df34e0515
commit 41fd54cfad
1 changed files with 18 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
nixos/boxes/colony/vms/whale2/default.nix
View File

@ -108,45 +108,30 @@ in
oci-containers = { oci-containers = {
backend = "podman"; backend = "podman";
}; };
# NixOS has switched to using netavark, which is native to podman. It's currently missing an option to containers.containersConf.settings.network = {
# disable iptables rules generation, which is very annoying. network_backend = "netavark";
containers.containersConf.settings.network.network_backend = mkForce "cni"; firewall_driver = "none";
};
}; };
environment = { environment = {
etc = { etc = {
"cni/net.d/90-colony.conflist".text = toJSON { "containers/networks/colony.json".text = toJSON {
cniVersion = "0.4.0";
name = "colony"; name = "colony";
plugins = [ id = "0000000000000000000000000000000000000000000000000000000000000001";
driver = "bridge";
network_interface = "oci";
ipv6_enabled = true;
internal = false;
dns_enabled = false;
subnets = [
{ {
type = "bridge"; subnet = prefixes.oci.v4;
bridge = "oci"; gateway = net.cidr.host 1 prefixes.oci.v4;
isGateway = true; }
ipMasq = false; {
hairpinMode = true; subnet = prefixes.oci.v6;
ipam = { gateway = net.cidr.host 1 prefixes.oci.v6;
type = "host-local";
routes = [
{ dst = "0.0.0.0/0"; }
{ dst = "::/0"; }
];
ranges = [
[
{
subnet = prefixes.oci.v4;
gateway = net.cidr.host 1 prefixes.oci.v4;
}
]
[
{
subnet = prefixes.oci.v6;
gateway = net.cidr.host 1 prefixes.oci.v6;
}
]
];
};
capabilities.ips = true;
} }
]; ];
}; };