From 63688f3068af9bd23cb9ee4d48288ddd8eb1849d Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 29 Jan 2024 22:21:15 +0100
Subject: [PATCH] add vm working with dhcp+dns

---
 nixos/default.nix                        |  2 +
 nixos/machines/default.nix               | 24 ++++++++---
 nixos/modules/networking/default.nix     |  6 +--
 nixos/modules/networking/dmz/default.nix |  3 +-
 nixos/physical.nix                       |  4 +-
 nixos/virtual.nix                        | 55 +++++++++++++++++++++---
 6 files changed, 77 insertions(+), 17 deletions(-)

diff --git a/nixos/default.nix b/nixos/default.nix
index 4b145e3..9574fe1 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -91,6 +91,8 @@
       lsof
       parted
       radvd
+      minicom
+      socat
     ];
   };
 }
diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index 5a690e4..45754c7 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -28,12 +28,12 @@
       let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
       {
         lab = {
-          networking = {
-            # TODO: Ideally, we don't have to set this here.
-            staticDMZIPv4Address = "${dmzServicesIPv4}/24";
-            staticDMZIPv6Address = "${dmzServicesIPv6}/64";
-            dmzServices.enable = true;
-          };
+          # networking = {
+          #   # TODO: Ideally, we don't have to set this here.
+          #   staticDMZIPv4Address = "${dmzServicesIPv4}/24";
+          #   staticDMZIPv6Address = "${dmzServicesIPv6}/64";
+          #   dmzServices.enable = true;
+          # };
 
           storage = {
             osDisk = "/dev/sda";
@@ -82,4 +82,16 @@
       '';
     };
   };
+
+  hermes = {
+    type = "virtual";
+    hypervisorName = "lewis";
+    nixosModule = {
+      lab = {
+        vmMacAddress = "BA:DB:EE:F0:00:07";
+        vmIsDHCPServer = true;
+        networking.dmzServices.enable = true;
+      };
+    };
+  };
 }
diff --git a/nixos/modules/networking/default.nix b/nixos/modules/networking/default.nix
index 5e7fa18..f5e72a8 100644
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@@ -90,11 +90,11 @@ in {
   config = {
     networking = {
       domain = if machine.type == "physical" then "hyp" else "dmz";
-      nftables.enable = true;
-      useDHCP = machine.type == "virtual";
+      nftables.enable = false;
+      useDHCP = false;
 
       firewall = {
-        enable = true;
+        enable = false;
         checkReversePath = false;
       };
     };
diff --git a/nixos/modules/networking/dmz/default.nix b/nixos/modules/networking/dmz/default.nix
index ac2784d..59fe536 100644
--- a/nixos/modules/networking/dmz/default.nix
+++ b/nixos/modules/networking/dmz/default.nix
@@ -23,7 +23,8 @@ in
   config = lib.mkIf cfg.enable {
     lab.networking.allowDMZConnectivity = true;
 
-    networking.firewall.interfaces.${config.lab.networking.dmzBridgeName} = {
+    # TODO: listen only on dmz interface, make this portable between physical and VM.
+    networking.firewall = {
       allowedTCPPorts = [ 53 5353 ];
       allowedUDPPorts = [ 53 67 5353 ];
     };
diff --git a/nixos/physical.nix b/nixos/physical.nix
index 129c201..540a6b4 100644
--- a/nixos/physical.nix
+++ b/nixos/physical.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, ... }: {
+{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, ... }: {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     microvm.nixosModules.host
@@ -64,7 +64,7 @@
         (name: vm:
           {
             # TODO Simplify?
-            specialArgs = { inherit agenix disko pkgs lib microvm; machine = vm; hypervisorConfig = config; };
+            specialArgs = { inherit agenix disko pkgs lib microvm dns; machine = vm; hypervisorConfig = config; };
             config.imports = [
               ./.
               { networking.hostName = name; }
diff --git a/nixos/virtual.nix b/nixos/virtual.nix
index e206587..56473a7 100644
--- a/nixos/virtual.nix
+++ b/nixos/virtual.nix
@@ -1,9 +1,20 @@
 { lib, config, hypervisorConfig, ... }: {
-  options.lab.vmMacAddress = lib.mkOption {
-    type = lib.types.str;
-    description = ''
-      The MAC address of the VM's main NIC.
-    '';
+  options.lab = {
+    vmMacAddress = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        The MAC address of the VM's main NIC.
+      '';
+    };
+
+    # TODO: remove this ugly option
+    vmIsDHCPServer = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = ''
+        Whether this VM is the DHCP server.
+      '';
+    };
   };
 
   config = {
@@ -23,5 +34,39 @@
         mac = config.lab.vmMacAddress;
       }];
     };
+
+    networking.useDHCP = lib.mkForce false;
+
+    systemd.network = {
+      enable = true;
+
+      networks = {
+        "30-main-nic" = {
+          matchConfig.Name = "en*";
+
+          networkConfig = {
+            IPv6AcceptRA = ! config.lab.vmIsDHCPServer;
+            DHCP = lib.mkIf (! config.lab.vmIsDHCPServer) "yes";
+            Address = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.7/24" "2a0d:6e00:1a77:30::7/64" ];
+            DNS = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.1" "fe80::4262:31ff:fe02:c55f" ];
+          };
+
+          routes = lib.mkIf config.lab.vmIsDHCPServer [
+            {
+              routeConfig = {
+                Gateway = "192.168.30.1";
+                Destination = "0.0.0.0/0";
+              };
+            }
+            {
+              routeConfig = {
+                Gateway = "fe80::4262:31ff:fe02:c55f";
+                Destination = "::/0";
+              };
+            }
+          ];
+        };
+      };
+    };
   };
 }