diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-05-02 20:53:42 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-05-02 20:54:15 +0200 |
| commit | 98108bc285592bfe521047b71fa32d04d18b3bd9 (patch) | |
| tree | cc7faf822c532f20522f8c5656b614da3ebce494 /guix-container.sh | |
| parent | 767e3be294ddf018f0aafda3edb1af1b48d1dc56 (diff) | |
| download | koszko-org-server-98108bc285592bfe521047b71fa32d04d18b3bd9.tar.gz koszko-org-server-98108bc285592bfe521047b71fa32d04d18b3bd9.zip | |
allow Guix container to access host's network via NAT
Diffstat (limited to 'guix-container.sh')
| -rwxr-xr-x | guix-container.sh | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/guix-container.sh b/guix-container.sh index 265691c..acfb2cf 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -8,8 +8,8 @@ ### BEGIN INIT INFO # Provides: guix-container -# Required-Start: $local_fs $remote_fs $syslog -# Required-Stop: $local_fs $remote_fs $syslog +# Required-Start: $local_fs $remote_fs $network $syslog +# Required-Stop: $local_fs $remote_fs $network $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start Wojtek's Guix container with various services @@ -53,6 +53,12 @@ is_running() { network_rip() { ip link delete veth-guix-out 2>/dev/null || true + echo 0 > /proc/sys/net/ipv4/ip_forward + for LINKNAME in $(ip route | grep default | awk '{print $5}'); do + iptables -t nat -D POSTROUTING \ + -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE 2>/dev/null \ + || true + done } stop() { @@ -136,9 +142,23 @@ start() { ip link set veth-guix-out up ip addr add 10.207.87.1/24 dev veth-guix-out - nsenter -t "$SHEPHERD_PID" --net ip link set lo up - nsenter -t "$SHEPHERD_PID" --net ip link set veth-guix-in up - nsenter -t "$SHEPHERD_PID" --net ip addr add 10.207.87.2/24 dev veth-guix-in + nsenter --target "$SHEPHERD_PID" --net ip link set lo up + nsenter --target "$SHEPHERD_PID" --net ip link set veth-guix-in up + nsenter --target "$SHEPHERD_PID" --net ip addr add \ + 10.207.87.2/24 dev veth-guix-in + nsenter --target "$SHEPHERD_PID" --net ip route add \ + default via 10.207.87.1 dev veth-guix-in + + for LINKNAME in $(ip route | grep default | awk '{print $5}'); do + iptables -t nat -A POSTROUTING \ + -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE + done + + cat /etc/resolv.conf | + nsenter --target "$SHEPHERD_PID" --all \ + /run/current-system/profile/bin/tee /etc/resolv.conf > /dev/null + + echo 1 > /proc/sys/net/ipv4/ip_forward } trap onexit EXIT |