New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Declarative containers ignore networking.nameservers, even with privateNetwork=true #162686
Comments
@Ma27 does your rewrite of the containers have this same behaviour? |
You can use the The whole point of the change is to support as much of the usptream features as possible. Btw, I know that the PR requires a bit of work, I'll be on vacation now, after that I'll hope that I'll get to work on that :) |
@Ma27 Can you please give a more concrete example. I'm not yet able to configure nameservers of the NixOS container :( |
i think the culprit is the following:
|
Perhaps a better default is to use |
I might be wrong here, but doesn't
mean that setting |
Bug is still present in NixOS 23.11. I described a workaround here on the wiki page https://nixos.wiki/wiki/NixOS_Containers |
Completed how, any comment? |
I think I’m hitting this issue on 23.11, is it fixed on master? |
#307173 Sigh |
Bug is still present on master |
Describe the bug
NixOS declarative containers have a "feature" that overwrites the container's
/etc/resolv.conf
at startup with the one from the host. I have doubts about that implementation in the general case, but in the case of a container configured withprivateNetwork = true;
it is beyond broken. Not only does it copy aresolv.conf
that will in all likelihood not work (because we're in a private network namespace, with different interfaces / addressing), but it also somehow confusesresolvconf
and makesnetworking.nameservers
not do anything by default.There is a workaround:
environment.etc."resolv.conf".text = "...";
but that's very counter-intuitive to find, and we shouldn't require that for basic networking configuration.I'm not entirely sure how to fix this, it seems like there are two issues compounded with each other here. First, I think copying
resolv.conf
withprivateNetwork = true
just shouldn't happen, if it ever does something useful I suspect that's accidental. Second,resolvconf
should be overwriting that hostresolv.conf
file with what has been configured innetworking.nameservers
, but it doesn't do it, and I don't yet understand why. It just decides to not touch the file and copy it verbatim.Steps To Reproduce
Expected behavior
A declarative container can define its own DNS configuration without getting trampled over by a bash script.
Screenshots
n/a
Additional context
The original implementation of the
resolv.conf
copying dates back to 2014: e620be9Notify maintainers
Tagging @abbradar because I suspect from git history they might know about
resolvconf
, but that's a shot in the dark :-)Metadata
"x86_64-linux"
Linux 5.15.16-hardened1, NixOS, 22.05 (Quokka)
yes
yes
nix-env (Nix) 2.7.0pre20220221_caf5172
""
/etc/nixpkgs
The text was updated successfully, but these errors were encountered: