Merge pull request #60029 from Ma27/configure-ipv4-for-imperative-container

nixos-container: allow setting custom local and host address

nixos/doc/manual/administration/imperative-containers.xml

@@ -29,6 +29,13 @@
   <xref linkend="opt-services.openssh.enable"/> = true;
   <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.users.root.openssh.authorizedKeys.keys</link> = ["ssh-dss AAAAB3N…"];
 '
+</screen>
+  By default the next free address in the <literal>10.233.0.0/16</literal> subnet will be chosen
+  as container IP. This behavior can be altered by setting <literal>--host-address</literal> and
+  <literal>--local-address</literal>:
+<screen>
+# nixos-container create test --config-file test-container.nix \
+    --local-address 10.235.1.2 --host-address 10.235.1.1
 </screen>
  </para>
 

pkgs/tools/virtualization/nixos-container/nixos-container.pl

@@ -23,7 +23,7 @@ $ENV{"NIXOS_CONFIG"} = "";
 sub showHelp {
     print <<EOF;
 Usage: nixos-container list
-       nixos-container create <container-name> [--nixos-path <path>] [--system-path <path>] [--config-file <path>] [--config <string>] [--ensure-unique-name] [--auto-start] [--bridge <iface>] [--port <port>]
+       nixos-container create <container-name> [--nixos-path <path>] [--system-path <path>] [--config-file <path>] [--config <string>] [--ensure-unique-name] [--auto-start] [--bridge <iface>] [--port <port>] [--host-address <string>] [--local-address <string>]
        nixos-container destroy <container-name>
        nixos-container start <container-name>
        nixos-container stop <container-name>
@@ -48,6 +48,8 @@ my $port;
 my $extraConfig;
 my $signal;
 my $configFile;
+my $hostAddress;
+my $localAddress;
 
 GetOptions(
     "help" => sub { showHelp() },
@@ -59,9 +61,15 @@ GetOptions(
     "signal=s" => \$signal,
     "nixos-path=s" => \$nixosPath,
     "config=s" => \$extraConfig,
-    "config-file=s" => \$configFile
+    "config-file=s" => \$configFile,
+    "host-address=s" => \$hostAddress,
+    "local-address=s" => \$localAddress,
     ) or exit 1;
 
+if (defined $hostAddress and !defined $localAddress or defined $localAddress and !defined $hostAddress) {
+    die "With --host-address set, --local-address is required as well!";
+}
+
 my $action = $ARGV[0] or die "$0: no action specified\n";
 
 if (defined $configFile and defined $extraConfig) {
@@ -149,16 +157,18 @@ if ($action eq "create") {
         $usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m;
     }
 
-    my ($ipPrefix, $hostAddress, $localAddress);
+    unless (defined $hostAddress) {
-    for (my $nr = 1; $nr < 255; $nr++) {
+        my $ipPrefix;
-        $ipPrefix = "10.233.$nr";
+        for (my $nr = 1; $nr < 255; $nr++) {
-        $hostAddress = "$ipPrefix.1";
+            $ipPrefix = "10.233.$nr";
-        $localAddress = "$ipPrefix.2";
+            $hostAddress = "$ipPrefix.1";
-        last unless $usedIPs{$hostAddress} || $usedIPs{$localAddress};
+            $localAddress = "$ipPrefix.2";
-        $ipPrefix = undef;
+            last unless $usedIPs{$hostAddress} || $usedIPs{$localAddress};
-    }
+            $ipPrefix = undef;
+        }
 
-    die "$0: out of IP addresses\n" unless defined $ipPrefix;
+        die "$0: out of IP addresses\n" unless defined $ipPrefix;
+    }
 
     my @conf;
     push @conf, "PRIVATE_NETWORK=1\n";