Initial networking VM

Also general improvements around VMs
2022-05-16 00:05:02 +01:00
parent 5563d1be46
commit 009dec03cf
18 changed files with 487 additions and 111 deletions
--- a/nixos/vms/estuary.nix
+++ b/nixos/vms/estuary.nix
@@ -0,0 +1,101 @@
+{
+  nixos.systems.estuary = {
+    system = "x86_64-linux";
+    nixpkgs = "mine";
+    home-manager = "unstable";
+
+    configuration = { lib, pkgs, modulesPath, config, systems, ... }:
+      let
+        inherit (lib) mkIf mkMerge;
+      in
+      {
+        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
+
+        config = mkMerge [
+          {
+            boot.kernelParams = [ "console=ttyS0,115200n8" ];
+            fileSystems = {
+              "/boot" = {
+                device = "/dev/disk/by-label/ESP";
+                fsType = "vfat";
+              };
+              "/nix" = {
+                device = "/dev/main/nix";
+                fsType = "ext4";
+              };
+              "/persist" = {
+                device = "/dev/main/persist";
+                fsType = "ext4";
+                neededForBoot = true;
+              };
+            };
+            services = {
+              lvm = {
+                dmeventd.enable = true;
+              };
+            };
+
+            systemd.network = {
+              links = {
+                "10-wan" = {
+                  matchConfig.MACAddress = "52:54:00:a1:b2:5f";
+                  linkConfig.Name = "wan";
+                };
+                "10-base" = {
+                  matchConfig.MACAddress = "52:54:00:ab:f1:52";
+                  linkConfig.Name = "base";
+                };
+              };
+
+              networks = {
+                #"80-wan" = {
+                #  matchConfig.Name = "wan";
+                #  address = [
+                #    "1.2.3.4/24"
+                #    "2a00::2/64"
+                #  ];
+                #};
+                "80-wan" = {
+                  matchConfig.Name = "wan";
+                  DHCP = "ipv4";
+                };
+                "80-base" = {
+                  matchConfig.Name = "base";
+                  address = with config.my.network; [ "${ipv4}/24" "${ipv6}/64" ];
+                  networkConfig = {
+                    DHCPServer = true;
+                    IPv6SendRA = true;
+                    IPMasquerade = "both";
+                  };
+                };
+              };
+            };
+
+            my = {
+              server.enable = true;
+
+              network = {
+                ipv6 = "2a0e:97c0:4d1:0::1";
+                ipv4 = "10.110.0.1";
+              };
+              firewall = {
+                trustedInterfaces = [ "base" ];
+                nat = {
+                  enable = true;
+                  externalInterface = "wan";
+                };
+              };
+            };
+          }
+          (mkIf config.my.build.isDevVM {
+            systemd.network = {
+              netdevs."05-dummy-base".netdevConfig = {
+                Name = "base";
+                Kind = "dummy";
+              };
+            };
+          })
+        ];
+      };
+  };
+}