add netns template services

author: Max Audron <audron@cocaine.farm> 2024-02-07 14:45:08 +0000
committer: Max Audron <audron@cocaine.farm> 2024-02-07 17:27:37 +0000
commit: 46f3f4bc5b179d77560f63c6aa761731eee41e6d (patch)
tree: a9ccfd2273e0a577ebf7ab7a7ce696014efcdcdd /modules/common/networking.nix
parent: set oci container runtime in common module (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 0f9aaca..5281403 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -12,4 +12,24 @@
       nohook resolv.conf
     '';
   };
+
+  systemd.services = {
+    "netns@" = {
+      description = "%I network namespace";
+      # Delay network.target until this unit has finished starting up.
+      before = [ "network.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        PrivateNetwork = true;
+        ExecStart = "${pkgs.writers.writeDash "netns-up" ''
+          ${pkgs.iproute}/bin/ip netns add $1
+          ${pkgs.utillinux}/bin/umount /var/run/netns/$1
+          ${pkgs.utillinux}/bin/mount --bind /proc/self/ns/net /var/run/netns/$1
+        ''} %I";
+        ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+        PrivateMounts = false;
+      };
+    };
+  };
 }
author	Max Audron <audron@cocaine.farm>	2024-02-07 14:45:08 +0000
committer	Max Audron <audron@cocaine.farm>	2024-02-07 17:27:37 +0000
commit	46f3f4bc5b179d77560f63c6aa761731eee41e6d (patch)
tree	a9ccfd2273e0a577ebf7ab7a7ce696014efcdcdd /modules/common/networking.nix
parent	set oci container runtime in common module (diff)