From 46f3f4bc5b179d77560f63c6aa761731eee41e6d Mon Sep 17 00:00:00 2001
From: Max Audron <audron@cocaine.farm>
Date: Wed, 7 Feb 2024 14:45:08 +0000
Subject: add netns template services

---
 modules/common/networking.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'modules/common/networking.nix')

diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 0f9aaca..5281403 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -12,4 +12,24 @@
       nohook resolv.conf
     '';
   };
+
+  systemd.services = {
+    "netns@" = {
+      description = "%I network namespace";
+      # Delay network.target until this unit has finished starting up.
+      before = [ "network.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        PrivateNetwork = true;
+        ExecStart = "${pkgs.writers.writeDash "netns-up" ''
+          ${pkgs.iproute}/bin/ip netns add $1
+          ${pkgs.utillinux}/bin/umount /var/run/netns/$1
+          ${pkgs.utillinux}/bin/mount --bind /proc/self/ns/net /var/run/netns/$1
+        ''} %I";
+        ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+        PrivateMounts = false;
+      };
+    };
+  };
 }
-- 
cgit v1.2.3