pyrox.dev
1let
2 # containers IP on VLAN 1
3 containerIp1 = "192.168.1.253";
4 containerIp2 = "192.168.1.254";
5in
6
7import ./make-test-python.nix ({ pkgs, lib, ... }: {
8 name = "containers-macvlans";
9 meta = {
10 maintainers = with lib.maintainers; [ montag451 ];
11 };
12
13 nodes = {
14
15 machine1 =
16 { lib, ... }:
17 {
18 virtualisation.vlans = [ 1 ];
19
20 # To be able to ping containers from the host, it is necessary
21 # to create a macvlan on the host on the VLAN 1 network.
22 networking.macvlans.mv-eth1-host = {
23 interface = "eth1";
24 mode = "bridge";
25 };
26 networking.interfaces.eth1.ipv4.addresses = lib.mkForce [];
27 networking.interfaces.mv-eth1-host = {
28 ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
29 };
30
31 containers.test1 = {
32 autoStart = true;
33 macvlans = [ "eth1" ];
34
35 config = {
36 networking.interfaces.mv-eth1 = {
37 ipv4.addresses = [ { address = containerIp1; prefixLength = 24; } ];
38 };
39 };
40 };
41
42 containers.test2 = {
43 autoStart = true;
44 macvlans = [ "eth1" ];
45
46 config = {
47 networking.interfaces.mv-eth1 = {
48 ipv4.addresses = [ { address = containerIp2; prefixLength = 24; } ];
49 };
50 };
51 };
52 };
53
54 machine2 =
55 { ... }:
56 {
57 virtualisation.vlans = [ 1 ];
58 };
59
60 };
61
62 testScript = ''
63 start_all()
64 machine1.wait_for_unit("default.target")
65 machine2.wait_for_unit("default.target")
66
67 with subtest(
68 "Ping between containers to check that macvlans are created in bridge mode"
69 ):
70 machine1.succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}")
71
72 with subtest("Ping containers from the host (machine1)"):
73 machine1.succeed("ping -n -c 1 ${containerIp1}")
74 machine1.succeed("ping -n -c 1 ${containerIp2}")
75
76 with subtest(
77 "Ping containers from the second machine to check that containers are reachable from the outside"
78 ):
79 machine2.succeed("ping -n -c 1 ${containerIp1}")
80 machine2.succeed("ping -n -c 1 ${containerIp2}")
81 '';
82})