# netnsd

A declarative manager for Linux network namespaces.

## Features

- Fully declarative configuration
- Standalone binary with no runtime dependencies
- Hot reloading of configuration
- Port forwarding into or out of the namespace
- Moving network devices to the namespace
- Setting up routing inside the namespace

## Usage

### Daemon

```shell
netnsd daemon [--config <config.toml>]
```

Start the `netnsd` daemon, applying the configured namespace configuration and
running any proxies.

See the [systemd service example](./netnsd.service) for an example of how to run
the daemon with systemd.

You can tell the daemon to reload the configuration with `pkill -sighup netnsd`.

Note that, to minimize interruption of anything using the namespaces, stopping
the daemon will not remove the created namespaces.

### Up

```shell
netnsd up [--config <config.toml>]
```

Applying the configured namespace and exit.

### Down

```shell
netnsd down
```

Remove all namespaces created by `netnsd` and exit.

## Configuration

By default `netnsd` will look for it's configuration in `/etc/netnsd/netnsd`.
You can specify a different configuration path with the `--config` option.

```toml
# You can define any number of namespaces to create
[[namespace]]
# name of the namespace to create
name = "test"
# move existing devices into the namespace
devices = ["somelink"]

# create a route inside the namespace
[[namespace.route]]
destination = "default" # either "default" or an ip range in CIDR notation
device = "somelink"

# You can define any number of port forwards to setup into the namespace
[[namespace.forward]]
# port, address or socket outside the namespace to listen on
# when only a port is specified it will listen on 0.0.0.0
source = 8091
# port or address inside the namespace to forward to
# when only a port is specified it will forward to 127.0.0.1
target = 80

[[namespace.forward]]
# listening on a unix socket instead of a tcp port
source = "/run/test/https"
# forward to a specific address instead of 127.0.0.1
target = "127.0.0.2:443"

# Another namespace
[[namespace]]
name = "test2"

[[namespace.forward]]
# listening on a specific address instead of 0.0.0.0
source = "127.0.0.1:9091"
target = 80

[[namespace.forward]]
# forward from inside the namespace to outside instead
reverse = true
source = 80
target = 80
```