single ip per container

Author: Plopmenz

nix/container-module.nix

@@ -17,37 +17,6 @@ in
           Folder with configuration files.
         '';
       };
-
-      local-resolve = {
-        enable = lib.mkOption {
-          type = lib.types.bool;
-          default = true;
-          example = false;
-          description = ''
-            Use container hosted resolver instead of sharing host.
-          '';
-        };
-      };
-
-      mDNS = {
-        resolve = lib.mkOption {
-          type = lib.types.bool;
-          default = true;
-          example = false;
-          description = ''
-            Resolve mDNS (using avahi).
-          '';
-        };
-
-        publish = lib.mkOption {
-          type = lib.types.bool;
-          default = true;
-          example = false;
-          description = ''
-            Publish mDNS (using avahi).
-          '';
-        };
-      };
     };
   };
 
@@ -57,16 +26,19 @@ in
         { isNspawnContainer = true; }
       else
         { isContainer = true; };
+
     nixpkgs.hostPlatform =
       if (builtins.pathExists "${cfg.xnode-config}/host-platform") then
         builtins.readFile "${cfg.xnode-config}/host-platform"
       else
         "x86_64-linux";
+
     system.stateVersion =
       if (builtins.pathExists "${cfg.xnode-config}/state-version") then
         builtins.readFile "${cfg.xnode-config}/state-version"
       else
         config.system.nixos.release;
+
     systemd.services.pin-state-version = {
       wantedBy = [ "multi-user.target" ];
       description = "Pin state version to first booted NixOS version.";
@@ -79,6 +51,7 @@ in
         fi
       '';
     };
+
     networking.hostName = lib.mkIf (builtins.pathExists "${cfg.xnode-config}/hostname") (
       builtins.readFile "${cfg.xnode-config}/hostname"
     );
@@ -105,26 +78,7 @@ in
       };
     };
 
-    networking.useHostResolvConf = lib.mkIf cfg.local-resolve.enable false;
-    services.resolved = lib.mkIf cfg.local-resolve.enable {
-      enable = true;
-      llmnr = "false";
-      extraConfig = ''
-        MulticastDNS=no
-      ''; # Avahi handles mDNS
-    };
-    systemd.services.systemd-resolved.serviceConfig.ProtectHome = lib.mkIf cfg.local-resolve.enable (
-      lib.mkForce false
-    );
-
-    services.avahi = {
-      enable = lib.mkIf (cfg.mDNS.resolve || cfg.mDNS.publish) true;
-      nssmdns4 = lib.mkIf cfg.mDNS.resolve true;
-      publish = lib.mkIf cfg.mDNS.publish {
-        enable = true;
-        addresses = true;
-      };
-      openFirewall = lib.mkIf cfg.mDNS.publish true;
-    };
+    networking.useHostResolvConf = false;
+    services.resolved.enable = true;
   };
 }

nix/dns-module.nix

@@ -216,34 +216,22 @@ in
       };
 
       systemd.network.networks = {
-        "80-container-vz" = {
+        "80-container-ve" = {
           matchConfig = {
-            Kind = "bridge";
-            Name = "vz-*";
+            Kind = "veth";
+            Name = "ve-*";
           };
           networkConfig = {
-            Address = "0.0.0.0/22"; # Cannot have more than 1024 interfaces linked to bridge (linux kernel limitation), so larger subnet mask doesn't make sense
+            Address = "0.0.0.0/32"; # Single ip address
             LinkLocalAddressing = "no";
             DHCPServer = "yes";
-            IPMasquerade = "both";
+            IPMasquerade = "yes";
             LLDP = "no";
             EmitLLDP = "no";
             IPv6AcceptRA = "no";
             IPv6SendRA = "yes";
           };
         };
-        "80-container-vb" = {
-          matchConfig = {
-            Kind = "veth";
-            Name = "vb-*";
-          };
-          networkConfig = {
-            "KeepMaster" = "yes";
-            "LinkLocalAddressing" = "no";
-            "LLDP" = "no";
-            "EmitLLDP" = "no";
-          };
-        };
       };
     };
 }

nix/os/boot.nix

@@ -98,6 +98,7 @@ in
               # Emulate UEFI on BIOS to allow UKI booting
               # https://github.com/NixOS/nixpkgs/issues/124132
               # https://wiki.archlinux.org/title/Clover#chainload_systemd-boot
+              # https://github.com/acidanthera/OpenCorePkg/blob/master/Utilities/LegacyBoot/BootInstallBase.sh
               (lib.optionalString (boot == "BIOS") ''
                 oc=${
                   let
@@ -141,8 +142,7 @@ in
                 done
 
                 cp $boot2 "$esp/boot"
-                mkdir -p "$esp/EFI"
-                cp -a "$oc/${arch}/EFI/OC" "$esp/EFI/OC"
+                mkdir -p "$esp/EFI/OC"
                 mv "$tmp/uki.efi" "$esp/EFI/OC/OpenCore.efi"
               '')