From 7503f280c83122c93c5d74d561c48fee1e8f8a41 Mon Sep 17 00:00:00 2001 From: volth Date: Thu, 6 Aug 2020 02:12:57 +0000 Subject: [PATCH] nixos/systemd: fix TUN networking in LXC containers (#81481) in LXC container /dev/net/tun is pre-available, "dev-net-tun.device" always fails --- nixos/modules/system/boot/systemd.nix | 4 ++-- nixos/modules/tasks/network-interfaces-scripted.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 86bd81d781a8..a5f368c869a0 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -73,7 +73,7 @@ let "systemd-journald.service" "systemd-journal-flush.service" "systemd-journal-catalog-update.service" - "systemd-journald-audit.socket" + ] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [ "systemd-journald-dev-log.socket" "syslog.socket" @@ -101,7 +101,7 @@ let "dev-hugepages.mount" "dev-mqueue.mount" "sys-fs-fuse-connections.mount" - "sys-kernel-config.mount" + ] ++ (optional (!config.boot.isContainer) "sys-kernel-config.mount") ++ [ "sys-kernel-debug.mount" # Maintaining state across reboots. diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 2e87197176b6..9ba6ccfbe716 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -253,8 +253,8 @@ let createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; - bindsTo = [ "dev-net-tun.device" ]; - after = [ "dev-net-tun.device" "network-pre.target" ]; + bindsTo = optional (!config.boot.isContainer) "dev-net-tun.device"; + after = optional (!config.boot.isContainer) "dev-net-tun.device" ++ [ "network-pre.target" ]; wantedBy = [ "network-setup.service" (subsystemDevice i.name) ]; partOf = [ "network-setup.service" ]; before = [ "network-setup.service" ];