diff options
author | Laurynas Alekna <laurynas@alekna.org> | 2021-05-07 20:46:21 +0100 |
---|---|---|
committer | Laurynas Alekna <laurynas@alekna.org> | 2021-05-08 18:58:24 +0100 |
commit | 9317570735b68b744004ca6ac9c2fb7b175ff131 (patch) | |
tree | c99c7167da844ee2b1ced35bbcc49d1bd4013fb4 | |
parent | 87f9307b94ac24724f6b4330d7ed570812025c42 (diff) |
nixos/docker: ensure ipv4 forwarding is enabled
Fixes #118656
-rw-r--r-- | nixos/modules/virtualisation/docker.nix | 4 | ||||
-rw-r--r-- | nixos/tests/docker.nix | 3 |
2 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 3eb0de3a85599..954e33ff24a34 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -150,6 +150,10 @@ in config = mkIf cfg.enable (mkMerge [{ boot.kernelModules = [ "bridge" "veth" ]; + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = mkOverride 99 true; + "net.ipv4.conf.default.forwarding" = mkOverride 99 true; + }; environment.systemPackages = [ cfg.package ] ++ optional cfg.enableNvidia pkgs.nvidia-docker; users.groups.docker.gid = config.ids.gids.docker; diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 58e33535ed31e..dee7480eb4a96 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -45,5 +45,8 @@ import ./make-test-python.nix ({ pkgs, ...} : { # Must match version 4 times to ensure client and server git commits and versions are correct docker.succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "4" ]') + docker.succeed("systemctl restart systemd-sysctl") + docker.succeed("grep 1 /proc/sys/net/ipv4/conf/all/forwarding") + docker.succeed("grep 1 /proc/sys/net/ipv4/conf/default/forwarding") ''; }) |