add possibility of DMZ connectivity on hypervisor
This commit is contained in:
parent
0518fb5949
commit
d9f697d171
3 changed files with 59 additions and 44 deletions
|
@ -39,6 +39,7 @@
|
|||
nixosModule.lab = {
|
||||
disko.osDiskDevice = "/dev/sda";
|
||||
backups.enable = true;
|
||||
networking.allowDMZConnectivity = true;
|
||||
|
||||
dataDisk = {
|
||||
enable = true;
|
||||
|
|
|
@ -6,5 +6,6 @@
|
|||
./k3s
|
||||
./disko.nix
|
||||
./backups.nix
|
||||
./networking.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,15 @@
|
|||
{
|
||||
{ lib, config, ... }:
|
||||
let cfg = config.lab.networking;
|
||||
in {
|
||||
options.lab.networking.allowDMZConnectivity = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether to create a networking interface on the DMZ bridge.
|
||||
'';
|
||||
};
|
||||
|
||||
config = {
|
||||
networking = {
|
||||
domain = "hyp";
|
||||
firewall.enable = true;
|
||||
|
@ -54,6 +65,8 @@
|
|||
networkConfig = {
|
||||
IPv6AcceptRA = false;
|
||||
LinkLocalAddressing = "no";
|
||||
DHCP = lib.mkIf cfg.allowDMZConnectivity "yes";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue