SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 18:41:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Isolate the container networking from the host

Browse source
This commit is contained in:
SebastianStork 2024-08-31 16:45:11 +02:00
parent 5fb08b9c85
commit 65bd45bfac
1 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hosts/stratus/containers/nextcloud/default.nix
View file

@ -11,9 +11,19 @@
"d /data/nextcloud - - -" "d /data/nextcloud - - -"
]; ];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."40-eno1" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
containers.nextcloud = { containers.nextcloud = {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
macvlans = [ "eno1" ];
bindMounts = { bindMounts = {
"/run/secrets/nextcloud".isReadOnly = false; "/run/secrets/nextcloud".isReadOnly = false;
"/run/secrets/tailscale-auth-key" = { }; "/run/secrets/tailscale-auth-key" = { };
@ -31,8 +41,20 @@
{ domain, ... }: { domain, ... }:
{ {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
networking = { networking = {
inherit domain; inherit domain;
useNetworkd = true;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."40-mv-eno1" = {
matchConfig.Name = "mv-eno1";
address = [ "192.168.2.254/24" ];
networkConfig.DHCP = "yes";
dhcpV4Config.ClientIdentifier = "mac";
};
}; };
imports = [ imports = [