···271271 DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices;
272272 };
273273274274-275274 system = config.nixpkgs.localSystem.system;
275275+ kernelVersion = config.boot.kernelPackages.kernel.version;
276276277277 bindMountOpts = { name, ... }: {
278278···320320 };
321321 };
322322 };
323323-324323325324 mkBindFlag = d:
326325 let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
···482481 networking.useDHCP = false;
483482 assertions = [
484483 {
485485- assertion = config.privateNetwork -> stringLength name < 12;
484484+ assertion =
485485+ (builtins.compareVersions kernelVersion "5.8" <= 0)
486486+ -> config.privateNetwork
487487+ -> stringLength name <= 11;
486488 message = ''
487489 Container name `${name}` is too long: When `privateNetwork` is enabled, container names can
488490 not be longer than 11 characters, because the container's interface name is derived from it.
489489- This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509
491491+ You should either make the container name shorter or upgrade to a more recent kernel that
492492+ supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509
493493+ for details).
490494 '';
491495 }
492496 ];