Basically I want to do something like
{config, ...}: let ip = config.virtualization.oci-containers.containers.some-service.networks.default.IPAddress
in {
services.nginx.virtualHosts."some.domain".locations."/".proxyPass = "http://${ip}:8080"
}
is anything resembling this possible?
Hi!
well the oci-containers are opaque from the point of view of the rest of the configuration - they are just images that are configured to run automatically via either podman or docker runtime.
Something like this should be possible with (nixos-)containers, which use the same configuration and NixOS modules as the host system.
Looking at my older setup - the way to do this is to set i.e. ports = [ "8000:80" ]; and then proxy to 127.0.0.1:8000. Let me know if a full example would help.
The disadvantage of this approach (that, ideally, I’d like to avoid) is that this approach flattens all services on a host into a single network. My usual pattern of configuration involves a lot of network segmentation. You say this could work by utilizing NixOS (nspawn) containers – can you embed an OCI container inside of a Nix container for a similar effect?
For clarity, the effect I’m trying to elicit is something along these lines
internet
|
proxy
|
external network internal network
| |
some-service -------------'------------ database
I think so! You can embed NixOS containers into NixOS containers (ad infinitum) https://github.com/NixOS/nixpkgs/blob/024e4447a42868b4c8f3ac8b3e6a2da83c682de1/nixos/tests/containers-nested.nix and I was running podman inside LXC before, so it might just work (but I haven’t tried). You can try and if it works possibly contribute a similar test to nixpkgs to be sure it won’t ever break.
I’m not sure I understand this correctly…but would that create a separate Podman instance for each service?