pyrox.dev
1let
2 # containers IP on VLAN 1
3 containerIp1 = "192.168.1.253";
4 containerIp2 = "192.168.1.254";
5in
6
7{ pkgs, lib, ... }:
8{
9 name = "containers-macvlans";
10 meta = {
11 maintainers = with lib.maintainers; [ montag451 ];
12 };
13
14 nodes = {
15
16 machine1 =
17 { lib, ... }:
18 {
19 virtualisation.vlans = [ 1 ];
20
21 # To be able to ping containers from the host, it is necessary
22 # to create a macvlan on the host on the VLAN 1 network.
23 networking.macvlans.mv-eth1-host = {
24 interface = "eth1";
25 mode = "bridge";
26 };
27 networking.interfaces.eth1.ipv4.addresses = lib.mkForce [ ];
28 networking.interfaces.mv-eth1-host = {
29 ipv4.addresses = [
30 {
31 address = "192.168.1.1";
32 prefixLength = 24;
33 }
34 ];
35 };
36
37 containers.test1 = {
38 autoStart = true;
39 macvlans = [ "eth1" ];
40
41 config = {
42 networking.interfaces.mv-eth1 = {
43 ipv4.addresses = [
44 {
45 address = containerIp1;
46 prefixLength = 24;
47 }
48 ];
49 };
50 };
51 };
52
53 containers.test2 = {
54 autoStart = true;
55 macvlans = [ "eth1" ];
56
57 config = {
58 networking.interfaces.mv-eth1 = {
59 ipv4.addresses = [
60 {
61 address = containerIp2;
62 prefixLength = 24;
63 }
64 ];
65 };
66 };
67 };
68 };
69
70 machine2 =
71 { ... }:
72 {
73 virtualisation.vlans = [ 1 ];
74 };
75
76 };
77
78 testScript = ''
79 start_all()
80 machine1.wait_for_unit("default.target")
81 machine2.wait_for_unit("default.target")
82
83 with subtest(
84 "Ping between containers to check that macvlans are created in bridge mode"
85 ):
86 machine1.succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}")
87
88 with subtest("Ping containers from the host (machine1)"):
89 machine1.succeed("ping -n -c 1 ${containerIp1}")
90 machine1.succeed("ping -n -c 1 ${containerIp2}")
91
92 with subtest(
93 "Ping containers from the second machine to check that containers are reachable from the outside"
94 ):
95 machine2.succeed("ping -n -c 1 ${containerIp1}")
96 machine2.succeed("ping -n -c 1 ${containerIp2}")
97 '';
98}