Macvlan Network Support in Compose File

[Underknowledge]

I am currently using compose2nix lift and shift containers over to NixOS and I have a specific use case where I need support for macvlan networks. The Service relies on using :443 and I quite like my Nginx/smalstep setup. Below is an example of my compose file:

version: '3.7'
services:
  teddycloud:
    container_name: teddycloud
    mac_address: 10:50:02:01:00:02
    dns: 192.168.8.1
    hostname: tc
    image: ghcr.io/toniebox-reverse-engineering/teddycloud:latest
    ports:
     - 80:80
     - 443:443  
    volumes:
      - /opt/tony/certs:/teddycloud/certs
      - /opt/tony/config:/teddycloud/config
      - /opt/tony/content:/teddycloud/data/content
      - /opt/tony/library:/teddycloud/data/library
      - /opt/tony/firmware:/teddycloud/data/firmware
    restart: unless-stopped
    networks:
      homenet:
        ipv4_address: 192.168.8.10

networks:
  homenet:
    driver: macvlan
    driver_opts:
      parent: enp2s0 
    ipam:
      config:
        - subnet: 192.168.8.0/24
          gateway: 192.168.8.1 

Thank you for considering and for your awesome effort in maintaining compose2nix!

[aksiksi]

@Underknowledge Just merged support for your config. Please try it out and let me know if you have any issues.

[Underknowledge]

Firstly, I want to express my massive gratitude for implementing support for this!

I have tested the new feature, and while it's working well for the most part, I've encountered these issues:

1. Networks; Unsupported isolate Option when using Macvlan: podman-network-teddycloud-labnet.service

   Mar 31 13:36:56 NEW podman-network-teddycloud-labnet-start[278743]: Error: network teddycloud-labnet: unable to find network with name or ID teddycloud-labnet: network not found
   Mar 31 13:36:56 NEW podman-network-teddycloud-labnet-start[278775]: Error: unsupported macvlan network option isolate
   Mar 31 13:36:56 NEW systemd[1]: podman-network-teddycloud-labnet.service: Main process exited, code=exited, status=125/n/a
   Mar 31 13:36:56 NEW systemd[1]: podman-network-teddycloud-labnet.service: Failed with result 'exit-code'.
   Mar 31 13:36:56 NEW systemd[1]: Failed to start podman-network-teddycloud-labnet.service.
   warning: error(s) occurred while switching to the new configuration

   It seems that this option is not supported and needs to be disabled or made optional to avoid this error. --opt=isolate=false is not an option to use, so I just removed it.

2. Port Forwarding with Macvlan: While ports can be specified (e.g., 80:80), Podman does indeed happily open these ports on the node, but traffic does not reach the container. In my case I don't even want to have this ports used on the IP of the node, so I just commented this out and I can reach the exposed ports by the defined Macvlan IP address. Its the first time that I had to use Macvlan (the service ran on a PI, just serving this container) so I cant say a lot how this should behave normally. From my feeling (I'm clueless) --port could be just omitted when using Macvlan

[aksiksi]

Of course - thanks for trying it out!

1. I just committed a fix to not set the isolate opt by default (b1817e1adeb9af17f43670cac272935b3fd76181) for any network driver. I am not even sure why I have it as a default for Podman in the first place!
2. Looking at the docs, port forwarding does indeed seem to be redundant with the macvlan driver. But I think it makes more sense to remove the ports setting in your Compose file rather than hardcoding network driver-specific logic in compose2nix.