Dynamic IP addressing for NixOS containers

munnik · March 21, 2025, 12:09am

In this talk Franz Pletz is talking about dynamic IP addressing for NixOS containers. The containers will be available via their name on the host system. I can’t find any further documentation on this, has anybody achieved this or pointers to documentation?

aanderse · March 21, 2025, 2:16am

github.com

NixOS/nixpkgs/blob/b75693fb46bfaf09e662d09ec076c5a162efa9f6/nixos/modules/virtualisation/nixos-containers.nix#L940


      
                  ''}
                  EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
                    optionalString (cfg.extraFlags != [])
                      (" " + concatStringsSep " " cfg.extraFlags)}"
                '';
            }) config.containers;
          
          # Generate /etc/hosts entries for the containers.
          networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null)
            ''
              ${head (splitString "/" cfg.localAddress)} ${name}.containers
            '') config.containers);
          
          networking.dhcpcd.denyInterfaces = [ "ve-*" "vb-*" ];
          
          services.udev.extraRules = optionalString config.networking.networkmanager.enable ''
            # Don't manage interfaces created by nixos-container.
            ENV{INTERFACE}=="v[eb]-*", ENV{NM_UNMANAGED}="1"
          '';
          
          environment.systemPackages = [

use <name>.containers to access a container by name instead of ip address

munnik · March 21, 2025, 11:05pm

Thank you for the reply, that is part of the solution I’m looking for. I’m now trying to assign ip addresses to the containers (with DHCP) but I can’t figure out how to do that. I’ve set up a bridge interface:

{
  networking = {
    useNetworkd = true;
    firewall = { enable = true; };
  };

  systemd.network = {
    enable = true;
    netdevs = {
      "20-br0" = {
        netdevConfig = {
          Kind = "bridge";
          Name = "br0";
        };
      };
    };
    networks = {
      "10-wan" = {
        matchConfig.Name = "enp1s0";
        networkConfig = {
          DHCP = "ipv4";
          IPv6AcceptRA = true;
          Bridge = "br0";
        };
        linkConfig.RequiredForOnline = "routable";
      };
      "40-br0" = {
        matchConfig.Name = "br0";
        networkConfig = { DHCPServer = true; };
        dhcpServerConfig = { ServerAddress = "172.16.0.1/12"; };
        linkConfig = { RequiredForOnline = "routable"; };
      };
      # "40-vb" = {
      #   matchConfig.Name = "vb-*";
      #   networkConfig = {
      #     DHCP = "ipv4";
      #   };
      # };
    };
  };
}

I then get a bridge device on my machine:

2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c6:88:8f:2e:bd:95 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/12 brd 172.31.255.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::c488:8fff:fe2e:bd95/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

Now I have want to have the DHCP server assign IP addresses to my containers. I tried the 40-vb part. But when I activate that, the br0 interface loses its IP address? I also tried to enable DHCP in the container using networking.useDHCP = lib.mkForce true; and again br0 loses its IP address.