Containers: Support setting up macvlan interfaces

By setting a line like

  MACVLANS="eno1"

in /etc/containers/<name>.conf, the container will get an Ethernet
interface named mv-eno1, which represents an additional MAC address on
the physical eno1 interface. Thus the container has direct access to
the physical network. You can specify multiple interfaces in MACVLANS.

Unfortunately, you can't do this with wireless interfaces.

Note that dhcpcd is disabled in containers by default, so you'll
probably want to set

  networking.useDHCP = true;

in the container, or configure a static IP address.

To do: add a containers.* option for this, and a flag for
"nixos-container create".

1 files changed, 5 insertions, 1 deletions

diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 08c234b94133..a0238277f5d0 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -189,9 +189,13 @@ in
               "/nix/var/nix/gcroots/per-container/$INSTANCE"
 
             if [ "$PRIVATE_NETWORK" = 1 ]; then
-              extraFlags="--network-veth"
+              extraFlags+=" --network-veth"
             fi
 
+            for iface in $MACVLANS; do
+              extraFlags+=" --network-macvlan=$iface"
+            done
+
             # If the host is 64-bit and the container is 32-bit, add a
             # --personality flag.
             ${optionalString (config.nixpkgs.system == "x86_64-linux") ''