Implement NixOS container networking with networkd #69414
Description
We are in the process to moving to networkd based networking for 20.03.
nixos-container module neither uses scripted networking nor systemd-based networking,
but its own set of scripts. We should move nixos-container to use networkd for setting up the network.
Currently if you enable networking.useNetworkd = true; , nixos-container will stop working because the default rules that networkd ships sets up DHCP on the ve-* and vz-* interfaces as it assumes these are created by systemd-nspawn and that's the documented behaviour for the tool (See https://github.com/NixOS/systemd/tree/nixos-v243/network)
the matches look like this:
# 80-container-ve.network
[Match]
Name=ve-*
Driver=veth
[Network]
# Default to using a /24 prefix, giving up to 253 addresses per virtual network.
Address=0.0.0.0/24
LinkLocalAddressing=yes
DHCPServer=yes
IPMasquerade=yes
LLDP=yes
EmitLLDP=customer-bridge
# 80-container-vz.network
[Match]
Name=vz-*
Driver=bridge
[Network]
# Default to using a /28 prefix, giving up to 13 addresses per container.
Address=0.0.0.0/28
LinkLocalAddressing=yes
DHCPServer=yes
IPMasquerade=yes
LLDP=yes
EmitLLDP=customer-bridge
We should come up with our own systemd.network files that implement all the features that nixos-container supports.
However, I would also like to have vanilla systemd-nspawn work as documented in the systemd manpages.
This means that the .network rules that nixos-container should generate should be:
- more specific: e.g.
Match=ve-mycontainervsMatch=ve-* - have a lower number than
80-such that they're executed before the ones shipped withsystemd
Implementing this is a blocker for switching to useNetworkd=true by default.
Maintainer information:
# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: