diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 4bbb5a3a1669..89ee13d5cd97 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -196,7 +196,7 @@ in createBridgeDevice = n: v: nameValuePair "${n}-netdev" (let - deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; + deps = concatLists (map deviceDependency v.interfaces); in { description = "Bridge Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; @@ -237,7 +237,7 @@ in createVswitchDevice = n: v: nameValuePair "${n}-netdev" (let - deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; + deps = concatLists (map deviceDependency v.interfaces); ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; in { description = "Open vSwitch Interface ${n}"; @@ -270,7 +270,7 @@ in createBondDevice = n: v: nameValuePair "${n}-netdev" (let - deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; + deps = concatLists (map deviceDependency v.interfaces); in { description = "Bond Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix index 4a53f8c824f5..a3b0b29951bf 100644 --- a/nixos/tests/containers-physical_interfaces.nix +++ b/nixos/tests/containers-physical_interfaces.nix @@ -23,11 +23,11 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; }; - client = { config, pkgs, ... }: { - virtualisation.memorySize = 256; + bridged = { config, pkgs, ... }: { + virtualisation.memorySize = 128; virtualisation.vlans = [ 1 ]; - containers.client = { + containers.bridged = { privateNetwork = true; interfaces = [ "eth1" ]; @@ -40,27 +40,94 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; }; + + bonded = { config, pkgs, ... }: { + virtualisation.memorySize = 128; + virtualisation.vlans = [ 1 ]; + + containers.bonded = { + privateNetwork = true; + interfaces = [ "eth1" ]; + + config = { + networking.bonds.bond0 = { + interfaces = [ "eth1" ]; + mode = "active-backup"; + }; + networking.interfaces.bond0 = { + ip4 = [ { address = "10.10.0.3"; prefixLength = 24; } ]; + }; + networking.firewall.enable = false; + }; + }; + }; + + bridgedbond = { config, pkgs, ... }: { + virtualisation.memorySize = 128; + virtualisation.vlans = [ 1 ]; + + containers.bridgedbond = { + privateNetwork = true; + interfaces = [ "eth1" ]; + + config = { + networking.bonds.bond0 = { + interfaces = [ "eth1" ]; + mode = "active-backup"; + }; + networking.bridges.br0.interfaces = [ "bond0" ]; + networking.interfaces.br0 = { + ip4 = [ { address = "10.10.0.4"; prefixLength = 24; } ]; + }; + networking.firewall.enable = false; + }; + }; + }; }; testScript = '' startAll; - $server->waitForUnit("default.target"); - $server->execute("ip link >&2"); + subtest "prepare server", sub { + $server->waitForUnit("default.target"); + $server->succeed("ip link show dev eth1 >&2"); + }; - $server->succeed("ip link show dev eth1 >&2"); + subtest "simple physical interface", sub { + $server->succeed("nixos-container start server"); + $server->waitForUnit("container\@server"); + $server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2"); - $server->succeed("nixos-container start server"); - $server->waitForUnit("container\@server"); - $server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2"); + # The other tests will ping this container on its ip. Here we just check + # that the device is present in the container. + $server->succeed("nixos-container run server -- ip a show dev eth1 >&2"); + }; - $server->succeed("nixos-container run server -- ip a show dev eth1 >&2"); + subtest "physical device in bridge in container", sub { + $bridged->waitForUnit("default.target"); + $bridged->succeed("nixos-container start bridged"); + $bridged->waitForUnit("container\@bridged"); + $bridged->succeed("systemctl -M bridged list-dependencies network-addresses-br0.service >&2"); + $bridged->succeed("systemctl -M bridged status -n 30 -l network-addresses-br0.service"); + $bridged->succeed("nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1"); + }; - $client->waitForUnit("default.target"); - $client->succeed("nixos-container start client"); - $client->waitForUnit("container\@client"); - $client->succeed("systemctl -M client list-dependencies network-addresses-br0.service >&2"); - $client->succeed("systemctl -M client status -n 30 -l network-addresses-br0.service"); - $client->succeed("nixos-container run client -- ping -w 10 -c 1 -n 10.10.0.1"); + subtest "physical device in bond in container", sub { + $bonded->waitForUnit("default.target"); + $bonded->succeed("nixos-container start bonded"); + $bonded->waitForUnit("container\@bonded"); + $bonded->succeed("systemctl -M bonded list-dependencies network-addresses-bond0 >&2"); + $bonded->succeed("systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2"); + $bonded->succeed("nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1"); + }; + + subtest "physical device in bond in bridge in container", sub { + $bridgedbond->waitForUnit("default.target"); + $bridgedbond->succeed("nixos-container start bridgedbond"); + $bridgedbond->waitForUnit("container\@bridgedbond"); + $bridgedbond->succeed("systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2"); + $bridgedbond->succeed("systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service"); + $bridgedbond->succeed("nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1"); + }; ''; })