IfState: Difference between revisions

Line 33:

}</syntaxhighlight>

=== Network Namespaces (netns) ===

==== Network Namespaces (netns) ====

Network namespaces are a powerful feature in Linux that allow you to create isolated network environments. Each namespace has its own network interfaces, IP addresses, routing tables, and firewall rules. This isolation is particularly useful for scenarios like running systemd services or NixOS containers in separate network environments, enabling better control and security.

==== to isolate services / nixos-containers ====

===== to isolate services / nixos-containers =====

You can bind specific systemd services to a network namespace, ensuring they operate in a controlled network environment without affecting the host or other services.<syntaxhighlight lang="nixos">

{

Line 85:

Line 86:

}</syntaxhighlight>

==== to separate provider network from GRT ====

===== to separate provider network from GRT =====

Another practical application could involve setting up a VPN gateway on a virtual server hosted by a provider. Imagine you’re using a WireGuard tunnel (<code>wg0</code>) to connect to a network that provides internet access, alongside a client peer WireGuard endpoint (<code>wg1</code>) that allows your personal devices to connect.

@@ Line 33: / Line 33: @@
 }</syntaxhighlight>
-=== Network Namespaces (netns) ===
+==== Network Namespaces (netns) ====
 Network namespaces are a powerful feature in Linux that allow you to create isolated network environments. Each namespace has its own network interfaces, IP addresses, routing tables, and firewall rules. This isolation is particularly useful for scenarios like running systemd services or NixOS containers in separate network environments, enabling better control and security.
-==== to isolate services / nixos-containers ====
+===== to isolate services / nixos-containers =====
 You can bind specific systemd services to a network namespace, ensuring they operate in a controlled network environment without affecting the host or other services.<syntaxhighlight lang="nixos">
 {
@@ Line 85: / Line 86: @@
 }</syntaxhighlight>
-==== to separate provider network from GRT ====
+===== to separate provider network from GRT =====
 Another practical application could involve setting up a VPN gateway on a virtual server hosted by a provider. Imagine you’re using a WireGuard tunnel (<code>wg0</code>) to connect to a network that provides internet access, alongside a client peer WireGuard endpoint (<code>wg1</code>) that allows your personal devices to connect.