christoph/flake-nixinator
1
Fork 0
Code Activity

Modules/Docker: Fix invalid systemd services generation for docker networks

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-10 02:11:26 +02:00
parent e4ab000f30
commit 5d61740724
5 changed files with 46 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
system/default.nix
View File

@ -1,6 +1,3 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
inputs, inputs,
hostname, hostname,

48
system/modules/docker/default.nix
View File

@ -70,11 +70,11 @@ in {
then "${config.virtualisation.podman.package}/bin/podman" then "${config.virtualisation.podman.package}/bin/podman"
else "${config.virtualisation.docker.package}/bin/docker"; else "${config.virtualisation.docker.package}/bin/docker";
mkDockerNetwork = name: options: mkDockerNetwork = options:
builtins.concatStringsSep "\n" [ builtins.concatStringsSep "\n" [
# Make sure to return true on fail to not crash # Make sure to return true on fail to not crash
'' ''
check=$(${cli} network inspect ${name} || true) check=$(${cli} network inspect ${options.name} || true)
if [ -z "$check" ]; then if [ -z "$check" ]; then
'' ''
@ -82,55 +82,57 @@ in {
"${cli} network create" "${cli} network create"
# Disable masquerading # Disable masquerading
(lib.mkIf (lib.optionalString
options.disable_masquerade options.disable_masquerade
''-o "com.docker.network.bridge.enable_ip_masquerade"="false"'') ''-o "com.docker.network.bridge.enable_ip_masquerade"="false"'')
# Enable ipv6 # Enable ipv6
(lib.mkIf (lib.optionalString
options.ipv6.enable options.ipv6.enable
"--ipv6") "--ipv6")
(lib.mkIf (lib.optionalString
(builtins.hasAttr "gateway" options.ipv6) (!(builtins.isNull options.ipv6.gateway))
''--gateway="${options.ipv6.gateway}"'') ''--gateway="${options.ipv6.gateway}"'')
(lib.mkIf (lib.optionalString
(builtins.hasAttrs "subnet" options.ipv6) (!(builtins.isNull options.ipv6.subnet))
''--subnet="${options.ipv6.subnet}"'') ''--subnet="${options.ipv6.subnet}"'')
"${name}" "${options.name}"
]) ])
'' ''
else else
echo "${name} already exists!" echo "Network ${options.name} already exists!"
fi fi
'' ''
]; ];
mkPodmanNetwork = name: options: mkPodmanNetwork = options:
builtins.concatStringsSep "\n" [ builtins.concatStringsSep "\n" [
'' ''
ehco "Can't create Podman networks (yet)!" ehco "Can't create Podman networks (yet)!"
'' ''
]; ];
mkSystemdNetworkService = name: options: let mkSystemdNetworkService = options: let
toolName = toolName =
if docker.podman if docker.podman
then "Podman" then "podman"
else "Docker"; else "docker";
in { in {
description = "Creates the ${toolName} network \"${name}\""; "${toolName}-create-${options.name}-network" = {
after = ["network.target"]; description = "Creates the ${toolName} network \"${options.name}\"";
wantedBy = ["multi-user.target"]; after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = script =
if docker.podman if docker.podman
then (mkPodmanNetwork name options) then (mkPodmanNetwork options)
else (mkDockerNetwork name options); else (mkDockerNetwork options);
};
}; };
in in
lib.mkMerge (builtins.mapAttrs mkSystemdNetworkService docker.networks); lib.mkMerge (builtins.map mkSystemdNetworkService docker.networks);
}; };
} }

8
system/modules/docker/options.nix
View File

@ -9,12 +9,18 @@
docker.rootless = lib.mkEnableOption "Use rootless docker (no effect if podman is used)"; docker.rootless = lib.mkEnableOption "Use rootless docker (no effect if podman is used)";
networks = lib.mkOption { networks = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({ type = lib.types.listOf (lib.types.submodule ({
lib, lib,
mylib, mylib,
... ...
}: { }: {
options = { options = {
name = lib.mkOption {
type = lib.types.str;
description = "The name of the docker/podman network";
example = "behind-nginx";
};
disable_masquerade = lib.mkEnableOption "Disable IP masquerading for this network"; disable_masquerade = lib.mkEnableOption "Disable IP masquerading for this network";
ipv6 = { ipv6 = {

11
system/servenix/default.nix
View File

@ -36,10 +36,13 @@
]; ];
modules = { modules = {
docker.networks."behind-nginx" = { docker.networks = [
disable_masquerade = false; {
ipv6.enable = false; name = "behind-nginx";
}; disable_masquerade = false;
ipv6.enable = false;
}
];
network = { network = {
useNetworkManager = false; useNetworkManager = false;

11
system/thinknix/default.nix
View File

@ -25,10 +25,13 @@
]; ];
modules = { modules = {
docker.networks."behind-nginx" = { docker.networks = [
disable_masquerade = false; {
ipv6.enable = false; name = "behind-nginx";
}; disable_masquerade = false;
ipv6.enable = false;
}
];
network = { network = {
useNetworkManager = false; useNetworkManager = false;