nixpkgs/nixos/modules/services
Eelco Dolstra 895bcdd1cb Add support for running a container with a private network interface
For example, the following sets up a container named ‘foo’.  The
container will have a single network interface eth0, with IP address
10.231.136.2.  The host will have an interface c-foo with IP address
10.231.136.1.

  systemd.containers.foo =
    { privateNetwork = true;
      hostAddress = "10.231.136.1";
      localAddress = "10.231.136.2";
      config =
        { services.openssh.enable = true; };
    };

With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules.  This is secure because it cannot touch the
interfaces of the host.

The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
..
amqp
audio
backup nixos: tarsnap module documentation updates 2014-03-08 08:00:56 -06:00
continuous-integration/jenkins remove users.jenkins config start on slave config. 2014-03-13 13:01:50 -07:00
databases Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs 2014-03-15 13:29:52 -04:00
games
hardware
logging nixos: add uid for logcheck and only create a user for the default user 2014-02-11 14:19:06 +01:00
mail opensmtpd: Add sendmail to systemPackages 2014-02-20 06:17:15 -05:00
misc Revert "nixos-manual: show manual on tty8 by default" 2014-03-17 12:45:57 +01:00
monitoring apcupsd: Description -> description 2014-03-12 18:52:10 +01:00
network-filesystems
networking Add support for running a container with a private network interface 2014-03-18 10:49:25 +01:00
printing Add some packages needed by some generic HP PCL drivers 2014-02-11 01:34:19 +04:00
scheduling
search New NixOS module: services.solr, for running a solr server 2014-03-13 00:32:59 +01:00
security
system
torrent
ttys autovt@.service really has to be a symlink 2014-03-13 00:19:10 +01:00
web-servers httpd: Don't require keys.target 2014-03-17 15:01:10 +01:00
x11 move windowManager.xbmc to desktopManager.xbmc 2014-03-12 09:20:59 +01:00