{config, ...}: let ip = config.virtualization.oci-containers.containers.some-service.networks.default.IPAddress
in {
services.nginx.virtualHosts."some.domain".locations."/".proxyPass = "http://${ip}:8080"
}
well the oci-containers are opaque from the point of view of the rest of the configuration - they are just images that are configured to run automatically via either podman or docker runtime.
Something like this should be possible with (nixos-)containers, which use the same configuration and NixOS modules as the host system.
Looking at my older setup - the way to do this is to set i.e. ports = [ "8000:80" ]; and then proxy to 127.0.0.1:8000. Let me know if a full example would help.
The disadvantage of this approach (that, ideally, I’d like to avoid) is that this approach flattens all services on a host into a single network. My usual pattern of configuration involves a lot of network segmentation. You say this could work by utilizing NixOS (nspawn) containers – can you embed an OCI container inside of a Nix container for a similar effect?
For clarity, the effect I’m trying to elicit is something along these lines
Yes, the mechanism used by Docker, Podman, LXC or NixOS containers is pretty much the same - Linux namespaces and you can nest these, so if you run two NixOS containers, each can have a separate Podman instance (or Docker daemon) and even a private network.