NixOS Container Bridge Networking
112 views
Skip to first unread message
Mark Gardner
Feb 24, 2018, 6:04:54 PM2/24/18
to nix-...@googlegroups.com
I am trying to use a nixos container to contain the unifi controller. I was able to create the container imperatively via:
nixos-container create unifi --config "
nixpkgs.config.allowUnfree = true;
services.unifi = {
enable = true;
};
"
nixos-container create unifi --config "
nixpkgs.config.allowUnfree = true;
services.unifi = {
enable = true;
};
"
But the networking is private. Ports have to be made available so the Unifi AP can talk to the controller. I used NAT as outlined in section 28.3 of the NixOS manual and it works for this case. But this isn't completely satisfactory as I may wish to have multiple containers that listen on the same port (:80 for instance). So what I would rather have is the containers use a bridge for networking so they have their own IP addresses and hence can listen on the same port.
How would I do that?
Note: I saw several PRs related to the issue (#5857 and #14018 for instance) but I can't see how to bridging work.
Mark
-- Mark Gardner
--
--
Arnold Krille
Feb 25, 2018, 6:32:32 AM2/25/18
to nix-...@googlegroups.com
Hi,
On Sat, 24 Feb 2018 18:04:04 -0500 Mark Gardner <m...@vt.edu> wrote:
> I am trying to use a nixos container to contain the unifi controller.
> I was able to create the container imperatively via:
>
> nixos-container create unifi --config "
> nixpkgs.config.allowUnfree = true;
> services.unifi = {
> enable = true;
> };
> "
>
> But the networking is private. Ports have to be made available so the
> Unifi AP can talk to the controller. I used NAT as outlined in
> section 28.3 of the NixOS manual and it works for this case. But this
> isn't completely satisfactory as I may wish to have multiple
> containers that listen on the same port (:80 for instance). So what I
> would rather have is the containers use a bridge for networking so
> they have their own IP addresses and hence can listen on the same
> port.
>
> How would I do that?
Did you take a look at the tests for containers and networking,
including containers and bridges?
https://github.com/NixOS/nixpkgs/blob/release-17.09/nixos/tests/containers-bridge.nix
Might help to see how it works / is supposed to work. And its a working
example as the channel shouldn't update if that is broken…
- Arnold
On Sat, 24 Feb 2018 18:04:04 -0500 Mark Gardner <m...@vt.edu> wrote:
> I am trying to use a nixos container to contain the unifi controller.
> I was able to create the container imperatively via:
>
> nixos-container create unifi --config "
> nixpkgs.config.allowUnfree = true;
> services.unifi = {
> enable = true;
> };
> "
>
> But the networking is private. Ports have to be made available so the
> Unifi AP can talk to the controller. I used NAT as outlined in
> section 28.3 of the NixOS manual and it works for this case. But this
> isn't completely satisfactory as I may wish to have multiple
> containers that listen on the same port (:80 for instance). So what I
> would rather have is the containers use a bridge for networking so
> they have their own IP addresses and hence can listen on the same
> port.
>
> How would I do that?
including containers and bridges?
https://github.com/NixOS/nixpkgs/blob/release-17.09/nixos/tests/containers-bridge.nix
Might help to see how it works / is supposed to work. And its a working
example as the channel shouldn't update if that is broken…
- Arnold
Peter Hoeg
Feb 26, 2018, 4:13:30 AM2/26/18
to Mark Gardner, nix-...@googlegroups.com
Hi Mark,
> I am trying to use a nixos container to contain the unifi controller. I
> ...
--
Regards,
Peter
> I am trying to use a nixos container to contain the unifi controller. I
> But the networking is private. Ports have to be made available so the
> Unifi AP can talk to the controller. I used NAT as outlined in section
We're running a bunch of unifi instances in declarative containers without any special networking configuration. The only thing to keep in mind is that the ports have to be opened on the host.
> Unifi AP can talk to the controller. I used NAT as outlined in section
--
Regards,
Peter
Mark Gardner
Feb 26, 2018, 8:29:45 AM2/26/18
to Peter Hoeg, nix-...@googlegroups.com
Hi Peter,
Are you using NAT or bridging? I got NAT to work but I have other services that I would like to run that use some of the same ports as the Unifi controller. With bridging, each container could have its own address hence two containers running on the same port (:8080 for instance) would not conflict with each other.
Mark
Mark Gardner
--
--
David Costa
Mar 5, 2018, 3:28:49 PM3/5/18
to nix-...@googlegroups.com
On Mon, 26 Feb 2018 08:28:57 -0500
Mark Gardner <m...@vt.edu> wrote:
> Are you using NAT or bridging? With bridging, each container could
(L3 and up) as an independent machine on the network.
This is the skeleton of the configuration
https://gist.github.com/zarelit/bcccf1af1094bf200f218d7f2ae5dbde
Hope this helps
Mark Gardner <m...@vt.edu> wrote:
> Are you using NAT or bridging? With bridging, each container could
> have its own address hence two containers running on the same port
> (:8080 for instance) would not conflict with each other.
I'm using declarative containers in bridge, each of them appears as
> (:8080 for instance) would not conflict with each other.
(L3 and up) as an independent machine on the network.
This is the skeleton of the configuration
https://gist.github.com/zarelit/bcccf1af1094bf200f218d7f2ae5dbde
Hope this helps
Reply all
Reply to author
Forward
0 new messages