nixpkgs/nixos/tests/containers-physical_interfaces.nix

import ./make-test.nix ({ pkgs, ...} : {
  name = "containers-physical_interfaces";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ kampfschlaefer ];
  };

  nodes = {
    server = { config, pkgs, ... }:
      {
        virtualisation.memorySize = 256;
        virtualisation.vlans = [ 1 ];

        containers.server = {
          privateNetwork = true;
          interfaces = [ "eth1" ];

          config = {
            networking.interfaces.eth1 = {
              ip4 = [ { address = "10.10.0.1"; prefixLength = 24; } ];
            };
            networking.firewall.enable = false;
          };
        };
      };
    bridged = { config, pkgs, ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bridged = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bridges.br0.interfaces = [ "eth1" ];
          networking.interfaces.br0 = {
            ip4 = [ { address = "10.10.0.2"; prefixLength = 24; } ];
          };
          networking.firewall.enable = false;
        };
      };
    };

    bonded = { config, pkgs, ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bonded = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bonds.bond0 = {
            interfaces = [ "eth1" ];
            mode = "active-backup";
          };
          networking.interfaces.bond0 = {
            ip4 = [ { address = "10.10.0.3"; prefixLength = 24; } ];
          };
          networking.firewall.enable = false;
        };
      };
    };

    bridgedbond = { config, pkgs, ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bridgedbond = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bonds.bond0 = {
            interfaces = [ "eth1" ];
            mode = "active-backup";
          };
          networking.bridges.br0.interfaces = [ "bond0" ];
          networking.interfaces.br0 = {
            ip4 = [ { address = "10.10.0.4"; prefixLength = 24; } ];
          };
          networking.firewall.enable = false;
        };
      };
    };
  };

  testScript = ''
    startAll;

    subtest "prepare server", sub {
      $server->waitForUnit("default.target");
      $server->succeed("ip link show dev eth1 >&2");
    };

    subtest "simple physical interface", sub {
      $server->succeed("nixos-container start server");
      $server->waitForUnit("container\@server");
      $server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2");

      # The other tests will ping this container on its ip. Here we just check
      # that the device is present in the container.
      $server->succeed("nixos-container run server -- ip a show dev eth1 >&2");
    };

    subtest "physical device in bridge in container", sub {
      $bridged->waitForUnit("default.target");
      $bridged->succeed("nixos-container start bridged");
      $bridged->waitForUnit("container\@bridged");
      $bridged->succeed("systemctl -M bridged list-dependencies network-addresses-br0.service >&2");
      $bridged->succeed("systemctl -M bridged status -n 30 -l network-addresses-br0.service");
      $bridged->succeed("nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1");
    };

    subtest "physical device in bond in container", sub {
      $bonded->waitForUnit("default.target");
      $bonded->succeed("nixos-container start bonded");
      $bonded->waitForUnit("container\@bonded");
      $bonded->succeed("systemctl -M bonded list-dependencies network-addresses-bond0 >&2");
      $bonded->succeed("systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2");
      $bonded->succeed("nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1");
    };

    subtest "physical device in bond in bridge in container", sub {
      $bridgedbond->waitForUnit("default.target");
      $bridgedbond->succeed("nixos-container start bridgedbond");
      $bridgedbond->waitForUnit("container\@bridgedbond");
      $bridgedbond->succeed("systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2");
      $bridgedbond->succeed("systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service");
      $bridgedbond->succeed("nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1");
    };
  '';
})