add vm working with dhcp+dns
This commit is contained in:
parent
532d76c049
commit
63688f3068
6 changed files with 77 additions and 17 deletions
|
@ -91,6 +91,8 @@
|
|||
lsof
|
||||
parted
|
||||
radvd
|
||||
minicom
|
||||
socat
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -28,12 +28,12 @@
|
|||
let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
|
||||
{
|
||||
lab = {
|
||||
networking = {
|
||||
# TODO: Ideally, we don't have to set this here.
|
||||
staticDMZIPv4Address = "${dmzServicesIPv4}/24";
|
||||
staticDMZIPv6Address = "${dmzServicesIPv6}/64";
|
||||
dmzServices.enable = true;
|
||||
};
|
||||
# networking = {
|
||||
# # TODO: Ideally, we don't have to set this here.
|
||||
# staticDMZIPv4Address = "${dmzServicesIPv4}/24";
|
||||
# staticDMZIPv6Address = "${dmzServicesIPv6}/64";
|
||||
# dmzServices.enable = true;
|
||||
# };
|
||||
|
||||
storage = {
|
||||
osDisk = "/dev/sda";
|
||||
|
@ -82,4 +82,16 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
hermes = {
|
||||
type = "virtual";
|
||||
hypervisorName = "lewis";
|
||||
nixosModule = {
|
||||
lab = {
|
||||
vmMacAddress = "BA:DB:EE:F0:00:07";
|
||||
vmIsDHCPServer = true;
|
||||
networking.dmzServices.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -90,11 +90,11 @@ in {
|
|||
config = {
|
||||
networking = {
|
||||
domain = if machine.type == "physical" then "hyp" else "dmz";
|
||||
nftables.enable = true;
|
||||
useDHCP = machine.type == "virtual";
|
||||
nftables.enable = false;
|
||||
useDHCP = false;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
checkReversePath = false;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -23,7 +23,8 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
lab.networking.allowDMZConnectivity = true;
|
||||
|
||||
networking.firewall.interfaces.${config.lab.networking.dmzBridgeName} = {
|
||||
# TODO: listen only on dmz interface, make this portable between physical and VM.
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 53 5353 ];
|
||||
allowedUDPPorts = [ 53 67 5353 ];
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, ... }: {
|
||||
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
microvm.nixosModules.host
|
||||
|
@ -64,7 +64,7 @@
|
|||
(name: vm:
|
||||
{
|
||||
# TODO Simplify?
|
||||
specialArgs = { inherit agenix disko pkgs lib microvm; machine = vm; hypervisorConfig = config; };
|
||||
specialArgs = { inherit agenix disko pkgs lib microvm dns; machine = vm; hypervisorConfig = config; };
|
||||
config.imports = [
|
||||
./.
|
||||
{ networking.hostName = name; }
|
||||
|
|
|
@ -1,11 +1,22 @@
|
|||
{ lib, config, hypervisorConfig, ... }: {
|
||||
options.lab.vmMacAddress = lib.mkOption {
|
||||
options.lab = {
|
||||
vmMacAddress = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The MAC address of the VM's main NIC.
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: remove this ugly option
|
||||
vmIsDHCPServer = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether this VM is the DHCP server.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
system.stateVersion = hypervisorConfig.system.stateVersion;
|
||||
|
||||
|
@ -23,5 +34,39 @@
|
|||
mac = config.lab.vmMacAddress;
|
||||
}];
|
||||
};
|
||||
|
||||
networking.useDHCP = lib.mkForce false;
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
|
||||
networks = {
|
||||
"30-main-nic" = {
|
||||
matchConfig.Name = "en*";
|
||||
|
||||
networkConfig = {
|
||||
IPv6AcceptRA = ! config.lab.vmIsDHCPServer;
|
||||
DHCP = lib.mkIf (! config.lab.vmIsDHCPServer) "yes";
|
||||
Address = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.7/24" "2a0d:6e00:1a77:30::7/64" ];
|
||||
DNS = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.1" "fe80::4262:31ff:fe02:c55f" ];
|
||||
};
|
||||
|
||||
routes = lib.mkIf config.lab.vmIsDHCPServer [
|
||||
{
|
||||
routeConfig = {
|
||||
Gateway = "192.168.30.1";
|
||||
Destination = "0.0.0.0/0";
|
||||
};
|
||||
}
|
||||
{
|
||||
routeConfig = {
|
||||
Gateway = "fe80::4262:31ff:fe02:c55f";
|
||||
Destination = "::/0";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue