diff --git a/devshell/default.nix b/devshell/default.nix index 4d5883c..f572474 100644 --- a/devshell/default.nix +++ b/devshell/default.nix @@ -12,6 +12,7 @@ in NIX_USER_CONF_FILES = toString (pkgs.writeText "nix.conf" '' experimental-features = nix-command flakes ca-derivations + http-connections = 4 ''); INSTALLER_SSH_OPTS = "-i .keys/deploy.key"; diff --git a/flake.lock b/flake.lock index 20ff226..9616862 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1651945192, - "narHash": "sha256-3pnzK9RpuWzqnqd1U7zt/z3gvn/UNY41CJuS6Ow/Vwo=", + "lastModified": 1652907688, + "narHash": "sha256-esMEnvt45KUlT27Qqouwe5Yp5kCmMq1HBmp65zpwBF4=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "95bce541ae41d144b8edb6c47b3b7987295b006f", + "rev": "0231cfd37dd08514d4d49f2b5b0fa6451dacb6f4", "type": "github" }, "original": { diff --git a/lib.nix b/lib.nix index d6b07fe..d6b4057 100644 --- a/lib.nix +++ b/lib.nix @@ -91,7 +91,12 @@ rec { gateway = (optional (a.ipv4.gateway != null) a.ipv4.gateway) ++ (optional (a.ipv6.gateway != null) a.ipv6.gateway); - networkConfig.IPv6AcceptRA = a.ipv6.gateway == null; + networkConfig = { + IPv6AcceptRA = a.ipv6.gateway == null; + # NOTE: LLDP emission / reception is ignored on bridge interfaces + LLDP = true; + EmitLLDP = "customer-bridge"; + }; }; deploy-rs = diff --git a/nixos/boxes/colony.nix b/nixos/boxes/colony.nix index 3df2648..2b5dcb8 100644 --- a/nixos/boxes/colony.nix +++ b/nixos/boxes/colony.nix @@ -62,7 +62,22 @@ Name = "base"; Kind = "bridge"; }; - networks."80-base" = networkdAssignment "base" assignments.internal; + networks = { + "80-base" = networkdAssignment "base" assignments.internal; + "80-vm-tap" = { + matchConfig = { + # Don't think we have control over the name of the TAP from qemu-bridge-helper (or how to easily pick + # which interface is which) + Name = "tap*"; + Driver = "tun"; + }; + networkConfig = { + KeepMaster = true; + LLDP = true; + EmitLLDP = "customer-bridge"; + }; + }; + }; }; services."vm@estuary" = { diff --git a/nixos/modules/server.nix b/nixos/modules/server.nix index 8ddf16f..c3f4a50 100644 --- a/nixos/modules/server.nix +++ b/nixos/modules/server.nix @@ -12,6 +12,7 @@ in services = { getty.autologinUser = mkDefault uname; kmscon.autologinUser = mkDefault uname; + resolved.llmnr = mkDefault "false"; }; my.user.homeConfig = { diff --git a/nixos/vms/estuary.nix b/nixos/vms/estuary.nix index df5c11a..3cc88d5 100644 --- a/nixos/vms/estuary.nix +++ b/nixos/vms/estuary.nix @@ -16,7 +16,7 @@ configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }: let - inherit (lib) mkIf mkMerge; + inherit (lib) mkIf mkMerge mkForce; inherit (lib.my) networkdAssignment; in { @@ -70,19 +70,22 @@ matchConfig.Name = "wan"; DHCP = "ipv4"; }; - "80-base" = (networkdAssignment "base" assignments.internal) // { - networkConfig = { - IPv6AcceptRA = false; - IPv6SendRA = true; - IPMasquerade = "both"; - }; - ipv6SendRAConfig.DNS = [ assignments.internal.ipv6.address ]; - ipv6Prefixes = [ - { - ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64"; - } - ]; - }; + "80-base" = mkMerge [ + (networkdAssignment "base" assignments.internal) + { + networkConfig = { + IPv6AcceptRA = mkForce false; + IPv6SendRA = true; + IPMasquerade = "both"; + }; + ipv6SendRAConfig.DNS = [ assignments.internal.ipv6.address ]; + ipv6Prefixes = [ + { + ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64"; + } + ]; + } + ]; }; };