from:"Ian\-Woo Kim"

Re: [Nix-dev] nixos-container networking

2017-03-13 Thread Ian-Woo Kim

I've recently made nixos-container port forwarding easier (both
imperative and declarative) and it's now merged into master.

https://github.com/NixOS/nixpkgs/pull/20869

Hope that this helps.

Ian

On Sun, Mar 12, 2017 at 7:52 PM, Michael Walker  wrote:
> Tomasz,
>
> I have declarative container networking set up and working on a VPS,
> but I wrote most of the configuration as I was learning things, so it
> may not be the best way.
>
> Here's the configuration.nix for the VPS:
> https://github.com/barrucadu/nixfiles/blob/master/hosts/innsmouth.nix
> Each container has a config file here:
> https://github.com/barrucadu/nixfiles/tree/master/containers
>
> Containers have ports forwarded to them via NAT; each container is
> running a web server on port 80 with the host reverse-proxying via
> nginx; the host also does https and letsencrypt for all the proxied
> containers.
>
> At the top of the innsmouth.nix file, I have a "containerSpecs" record
> which has all the details for each container. The relevant bits of the
> config are:
>
> 1. Set up the networking and NAT:
>
> networking.nat.enable = true;
> networking.nat.internalInterfaces = ["ve-+"];
> networking.nat.externalInterface = "enp0s4";
>
> 2. Forward ports to containers:
>
> networking.nat.forwardPorts = concatMap
> ( {num, ports, ...}:
> map (p: { sourcePort = p; destination =
> "192.168.255.${toString num}:${toString p}"; }) ports
> ) containerSpecs';
>
> 3. Define all the containers:
>
> containers = mapAttrs
> (_: {num, config, ...}:
> { autoStart = true
> ; privateNetwork = true
> ; hostAddress = "192.168.254.${toString num}"
> ; localAddress = "192.168.255.${toString num}"
> ; config = config
> ; }
> ) containerSpecs;
>
> 4. Reverse-proxy HTTPS to HTTP in each container, manage letsencrypt
> certificates, and forward HTTP to HTTPS.
>
> This is a little complex as I have a fairly custom nginx config (see
> the services/nginx.nix file in the repository), but the
> reverse-proxying is fairly straightfoward. Here is the generated
> nginx.conf: https://misc.barrucadu.co.uk/nginx.txt
>
> On 13 March 2017 at 02:12, Tomasz Czyż  wrote:
>> Hey,
>>
>> could anyone using nixos-container (declarative style) share how you setup
>> networking?
>>
>> I'm trying to setup few containers with private network and http proxy at
>> the front. Each container potentially could run application on port 80 and I
>> would like to expose them through proxy.
>>
>> I tried to set this up with
>>
>> privateNetwork=true;
>> hostAddress
>> localAddress
>>
>> and I tried to also run nat on the host with (just to enable outbound
>> traffic)
>> internalInterfaces = ["ve-+"];
>> externalInterfaces = "eth0";
>>
>> but no luck.
>> My next try will be creating bridge on the host and add containers to that
>> bridge. Is that how you do stuff or are better ways of doing container
>> networking?
>>
>> Tom
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
>
>
> --
> Michael Walker (http://www.barrucadu.co.uk)
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-commits] [NixOS/nixpkgs] 349050: nixos-container: support bridge.

2017-02-14 Thread Ian-Woo Kim

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 3490508ed1708a7dad1307a5739665b51df9b34d
  
https://github.com/NixOS/nixpkgs/commit/3490508ed1708a7dad1307a5739665b51df9b34d
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M pkgs/tools/virtualization/nixos-container/nixos-container.pl

  Log Message:
  ---
  nixos-container: support bridge.


  Commit: a238c8a575a0397861e75b9509ded670f9e6381b
  
https://github.com/NixOS/nixpkgs/commit/a238c8a575a0397861e75b9509ded670f9e6381b
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M nixos/modules/virtualisation/containers.nix
M pkgs/tools/virtualization/nixos-container/nixos-container.pl

  Log Message:
  ---
  nixos-container: add --port option for nixos-container (forward network ports 
to systemd-nspawn container)


  Commit: 86842852513a8e0132e5580802b0fa1d90ef5f9b
  
https://github.com/NixOS/nixpkgs/commit/86842852513a8e0132e5580802b0fa1d90ef5f9b
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M nixos/modules/virtualisation/containers.nix

  Log Message:
  ---
  nixos-container: introduce hostPort in declarative container options.


  Commit: 0bfc631de20a351b23af571e80347df1a58a298a
  
https://github.com/NixOS/nixpkgs/commit/0bfc631de20a351b23af571e80347df1a58a298a
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M nixos/modules/virtualisation/containers.nix

  Log Message:
  ---
  nixos-container: support multiple port forwarding. change type of hostPort 
from 'string' to 'listOf str'


  Commit: 4f0b663c2e3939981d2e254a3f1d93ea2901599b
  
https://github.com/NixOS/nixpkgs/commit/4f0b663c2e3939981d2e254a3f1d93ea2901599b
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M nixos/modules/virtualisation/containers.nix

  Log Message:
  ---
  nixos-container: hostPort -> forwardPort and forwardPort is now a list of 
(protocol,hostPort,containerPort).


  Commit: 5ca0f72472a08ee42231410642a4928a3d58c61f
  
https://github.com/NixOS/nixpkgs/commit/5ca0f72472a08ee42231410642a4928a3d58c61f
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
M nixos/modules/virtualisation/containers.nix

  Log Message:
  ---
  nixos-container: break lines in description of forwardPorts.


  Commit: b7a24e0a2b540c0598fc3ff4056feb1208ec89f9
  
https://github.com/NixOS/nixpkgs/commit/b7a24e0a2b540c0598fc3ff4056feb1208ec89f9
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2017-02-15 (Wed, 15 Feb 2017)

  Changed paths:
A nixos/tests/containers-portforward.nix

  Log Message:
  ---
  nixos-container: added test for port forwarding ( 
nixos/tests/containers-portforward.nix )


Compare: https://github.com/NixOS/nixpkgs/compare/44c3bfbc109f...b7a24e0a2b54___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] ff8985: cudnn: add cudatoolkit to propagatedBuildInputs

2016-06-02 Thread Ian-Woo Kim

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: ff8985e7abeffdb2af13b0dc14566fc54c3fd3f1
  
https://github.com/NixOS/nixpkgs/commit/ff8985e7abeffdb2af13b0dc14566fc54c3fd3f1
  Author: Ian-Woo Kim <ianwoo...@gmail.com>
  Date:   2016-06-02 (Thu, 02 Jun 2016)

  Changed paths:
M pkgs/development/libraries/science/math/cudnn/default.nix

  Log Message:
  ---
  cudnn: add cudatoolkit to propagatedBuildInputs


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Re: [Nix-dev] nixos-container networking

[Nix-commits] [NixOS/nixpkgs] 349050: nixos-container: support bridge.

[Nix-commits] [NixOS/nixpkgs] ff8985: cudnn: add cudatoolkit to propagatedBuildInputs

3 matches

Site Navigation

Mail list logo

Footer information