search

hercules-ci / arion

Run docker-compose with help from Nix/NixOS
Apache License 2.0
631 stars 47 forks source link

Disable DHCP in full-nixos example #199

Closed 0x450x6c closed 8 months ago

0x450x6c commented 1 year ago

Hello.

In full-nixos example DHCP is not disabled, and it breaks network inside container.

roberth commented 1 year ago

This seems like something we should disable in all cases, as DHCP is not really a container level concern, and as far as I know the container runtime should configure the container network, and not through an indirection like DHCP.

I think we should have a file analogous to service/nixos-init.nix except its configuration is always enabled. service/nixos-defaults.nix? And then a module nixos/defaults.nix that actually does the disabling. Does that make sense?

0x450x6c commented 1 year ago

Yes, that makes sense.

deliciouslytyped commented 10 months ago

I just ran into this, or rather- I had this as a latent issue until I enabled the NET_ADMIN capability on a container which triggered it. DHCP wasn't actually running until then, journalctl shows the "non-failing" containers with this:

systemd[1]: DHCP Client was skipped because of an unmet condition check (ConditionCapability=CAP_NET_ADMIN).

Whereas a failing container ends up with these routes:

# ip route
default dev eth0 scope link src 169.254.45.60 metric 1001002
10.89.1.0/24 dev eth0 proto kernel scope link src 10.89.1.97
169.254.0.0/16 dev eth0 scope link src 169.254.45.60 metric 1002
roberth commented 8 months ago

Thanks!