Struct NetworkBuilder 

pub struct NetworkBuilder { /* private fields */ }

Fluent builder for NetworkConfig.

Implementations

impl NetworkBuilder

pub fn new() -> Self

Start building a network configuration with defaults.

pub fn from_config(config: NetworkConfig) -> Self

Start building from an existing network configuration.

pub fn enabled(self, enabled: bool) -> Self

Enable or disable networking.

pub fn port(self, host_port: u16, guest_port: u16) -> Self

Publish a TCP port: host_port on the host maps to guest_port in the guest.

pub fn port_udp(self, host_port: u16, guest_port: u16) -> Self

Publish a UDP port.

pub fn port_bind( self, host_bind: IpAddr, host_port: u16, guest_port: u16, ) -> Self

Publish a TCP port on a specific host bind address.

pub fn port_udp_bind( self, host_bind: IpAddr, host_port: u16, guest_port: u16, ) -> Self

Publish a UDP port on a specific host bind address.

pub fn policy(self, policy: NetworkPolicy) -> Self

Set the network policy.

pub fn dns(self, f: impl FnOnce(DnsBuilder) -> DnsBuilder) -> Self

Configure DNS interception via a closure.

.dns(|d| d
    .nameservers(["1.1.1.1".parse::<Nameserver>()?])
    .rebind_protection(false)
)

pub fn tls(self, f: impl FnOnce(TlsBuilder) -> TlsBuilder) -> Self

Configure TLS interception via a closure.

pub fn secret(self, f: impl FnOnce(SecretBuilder) -> SecretBuilder) -> Self

Add a secret via a closure builder.

.secret(|s| s
    .env("OPENAI_API_KEY")
    .value(api_key)
    .allow_host("api.openai.com")
)

pub fn secret_entry(self, entry: SecretEntry) -> Self

Add a materialized secret entry.

pub fn secret_env( self, env_var: impl Into<String>, value: impl Into<String>, placeholder: impl Into<String>, allowed_host: impl Into<String>, ) -> Self

Shorthand: add a secret with env var, value, placeholder, and allowed host.

pub fn on_secret_violation( self, f: impl FnOnce(ViolationActionBuilder) -> ViolationActionBuilder, ) -> Self

Set the violation action for secrets.

pub fn max_connections(self, max: usize) -> Self

Set the maximum number of concurrent connections.

pub fn interface(self, overrides: InterfaceOverrides) -> Self

Set guest interface overrides.

pub fn ipv4_pool(self, pool: Ipv4Network) -> Self

Set the IPv4 pool used to derive per-sandbox /30 guest subnets.

The default is 172.16.0.0/12. Pools must be at least /30.

pub fn ipv6_pool(self, pool: Ipv6Network) -> Self

Set the IPv6 pool used to derive per-sandbox /64 guest prefixes.

The default is fd42:6d73:62::/48. Pools must be at least /64.

pub fn trust_host_cas(self, enabled: bool) -> Self

Whether to ship the host’s trusted root CAs into the guest at boot. Default: false. Opt in when running behind a corporate TLS-inspecting proxy (Cloudflare Warp Zero Trust, Zscaler, Netskope, …) whose gateway CA is trusted on the host but unknown to the guest’s stock Mozilla bundle.

pub fn build(self) -> Result<NetworkConfig, BuildError>

Consume the builder and return the configuration.

Surfaces the first BuildError accumulated by any nested builder (currently DnsBuilder). Errors stored on the network builder itself flow through here too.

Trait Implementations

impl Clone for NetworkBuilder

fn clone(&self) -> NetworkBuilder

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for NetworkBuilder

fn default() -> Self

Returns the “default value” for a type.