diff options
-rwxr-xr-x | guix-container.sh | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/guix-container.sh b/guix-container.sh index 265691c..acfb2cf 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -8,8 +8,8 @@ ### BEGIN INIT INFO # Provides: guix-container -# Required-Start: $local_fs $remote_fs $syslog -# Required-Stop: $local_fs $remote_fs $syslog +# Required-Start: $local_fs $remote_fs $network $syslog +# Required-Stop: $local_fs $remote_fs $network $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start Wojtek's Guix container with various services @@ -53,6 +53,12 @@ is_running() { network_rip() { ip link delete veth-guix-out 2>/dev/null || true + echo 0 > /proc/sys/net/ipv4/ip_forward + for LINKNAME in $(ip route | grep default | awk '{print $5}'); do + iptables -t nat -D POSTROUTING \ + -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE 2>/dev/null \ + || true + done } stop() { @@ -136,9 +142,23 @@ start() { ip link set veth-guix-out up ip addr add 10.207.87.1/24 dev veth-guix-out - nsenter -t "$SHEPHERD_PID" --net ip link set lo up - nsenter -t "$SHEPHERD_PID" --net ip link set veth-guix-in up - nsenter -t "$SHEPHERD_PID" --net ip addr add 10.207.87.2/24 dev veth-guix-in + nsenter --target "$SHEPHERD_PID" --net ip link set lo up + nsenter --target "$SHEPHERD_PID" --net ip link set veth-guix-in up + nsenter --target "$SHEPHERD_PID" --net ip addr add \ + 10.207.87.2/24 dev veth-guix-in + nsenter --target "$SHEPHERD_PID" --net ip route add \ + default via 10.207.87.1 dev veth-guix-in + + for LINKNAME in $(ip route | grep default | awk '{print $5}'); do + iptables -t nat -A POSTROUTING \ + -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE + done + + cat /etc/resolv.conf | + nsenter --target "$SHEPHERD_PID" --all \ + /run/current-system/profile/bin/tee /etc/resolv.conf > /dev/null + + echo 1 > /proc/sys/net/ipv4/ip_forward } trap onexit EXIT |