diff options
| author | Jasper Ras <jras@hostnet.nl> | 2025-03-29 11:32:44 +0100 |
|---|---|---|
| committer | Jasper Ras <jras@hostnet.nl> | 2025-03-29 11:32:44 +0100 |
| commit | 3f69286ef4b15161febb4a4bae085fb4c2c83bbf (patch) | |
| tree | 10679f5b5e712242939a1eba233241fabfec1927 /NixOS - Container networking.md | |
| parent | fe63b70cae6e68adea7b25ad2f04ffc834b4e75f (diff) | |
vault backup: 2025-03-29 11:32:44
Diffstat (limited to 'NixOS - Container networking.md')
| -rw-r--r-- | NixOS - Container networking.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/NixOS - Container networking.md b/NixOS - Container networking.md new file mode 100644 index 0000000..f70c1d1 --- /dev/null +++ b/NixOS - Container networking.md @@ -0,0 +1,20 @@ +Networking is implemented as a pair of Veth interfaces. `eth0` inside of the container, `ve-containername` on the host. A container has its own networking namespace so it can configure the network without affecting the host's network. + +To allow containers to talk to the outside network we'll need to set-up NAT on the host. +``` +{ + networking.nat.enable = true; + networking.nat.internalInterfaces = [ "ve-+" ]; + networking.nat.externalInterface = "eth0"; +} +``` + +NetworkManager has to be stopped from trying to manage container interfaces: +``` +{ + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; +} +``` + +--- +[[NixOS - Containers]]
\ No newline at end of file |