home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

add vm working with dhcp+dns

Browse source
This commit is contained in:
Pim Kunis 2024-01-29 22:21:15 +01:00
parent 532d76c049
commit 63688f3068
6 changed files with 77 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/default.nix
View file

@ -91,6 +91,8 @@
lsof
parted
radvd
minicom
socat
];
};
}

24
nixos/machines/default.nix
View file

@ -28,12 +28,12 @@
let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
{
lab = {
networking = {
# TODO: Ideally, we don't have to set this here.
staticDMZIPv4Address = "${dmzServicesIPv4}/24";
staticDMZIPv6Address = "${dmzServicesIPv6}/64";
dmzServices.enable = true;
};
# networking = {
# # TODO: Ideally, we don't have to set this here.
# staticDMZIPv4Address = "${dmzServicesIPv4}/24";
# staticDMZIPv6Address = "${dmzServicesIPv6}/64";
# dmzServices.enable = true;
# };
storage = {
osDisk = "/dev/sda";
@ -82,4 +82,16 @@
'';
};
};
hermes = {
type = "virtual";
hypervisorName = "lewis";
nixosModule = {
lab = {
vmMacAddress = "BA:DB:EE:F0:00:07";
vmIsDHCPServer = true;
networking.dmzServices.enable = true;
};
};
};
}

6
nixos/modules/networking/default.nix
View file

@ -90,11 +90,11 @@ in {
config = {
networking = {
domain = if machine.type == "physical" then "hyp" else "dmz";
nftables.enable = true;
useDHCP = machine.type == "virtual";
nftables.enable = false;
useDHCP = false;
firewall = {
enable = true;
enable = false;
checkReversePath = false;
};
};

3
nixos/modules/networking/dmz/default.nix
View file

@ -23,7 +23,8 @@ in
config = lib.mkIf cfg.enable {
lab.networking.allowDMZConnectivity = true;
networking.firewall.interfaces.${config.lab.networking.dmzBridgeName} = {
# TODO: listen only on dmz interface, make this portable between physical and VM.
networking.firewall = {
allowedTCPPorts = [ 53 5353 ];
allowedUDPPorts = [ 53 67 5353 ];
};

4
nixos/physical.nix
View file

@ -1,4 +1,4 @@
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, ... }: {
{ pkgs, config, lib, modulesPath, microvm, disko, agenix, machines, dns, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
microvm.nixosModules.host
@ -64,7 +64,7 @@
(name: vm:
{
# TODO Simplify?
specialArgs = { inherit agenix disko pkgs lib microvm; machine = vm; hypervisorConfig = config; };
specialArgs = { inherit agenix disko pkgs lib microvm dns; machine = vm; hypervisorConfig = config; };
config.imports = [
./.
{ networking.hostName = name; }

55
nixos/virtual.nix
View file

@ -1,9 +1,20 @@
{ lib, config, hypervisorConfig, ... }: {
options.lab.vmMacAddress = lib.mkOption {
type = lib.types.str;
description = ''
The MAC address of the VM's main NIC.
'';
options.lab = {
vmMacAddress = lib.mkOption {
type = lib.types.str;
description = ''
The MAC address of the VM's main NIC.
'';
};
# TODO: remove this ugly option
vmIsDHCPServer = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether this VM is the DHCP server.
'';
};
};
config = {
@ -23,5 +34,39 @@
mac = config.lab.vmMacAddress;
}];
};
networking.useDHCP = lib.mkForce false;
systemd.network = {
enable = true;
networks = {
"30-main-nic" = {
matchConfig.Name = "en*";
networkConfig = {
IPv6AcceptRA = ! config.lab.vmIsDHCPServer;
DHCP = lib.mkIf (! config.lab.vmIsDHCPServer) "yes";
Address = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.7/24" "2a0d:6e00:1a77:30::7/64" ];
DNS = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.1" "fe80::4262:31ff:fe02:c55f" ];
};
routes = lib.mkIf config.lab.vmIsDHCPServer [
{
routeConfig = {
Gateway = "192.168.30.1";
Destination = "0.0.0.0/0";
};
}
{
routeConfig = {
Gateway = "fe80::4262:31ff:fe02:c55f";
Destination = "::/0";
};
}
];
};
};
};
};
}