dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Reworked network assignments

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-05-17 23:27:14 +01:00
parent 009dec03cf
commit 498888aad0
5 changed files with 72 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
nixos/vms/estuary.nix
View File

@@ -4,9 +4,20 @@
nixpkgs = "mine";
home-manager = "unstable";
configuration = { lib, pkgs, modulesPath, config, systems, ... }:
assignments.internal = {
name = "estuary.vm";
altNames = [ "fw" ];
ipv4 = {
address = "10.100.0.1";
gateway = null;
};
ipv6.address = "2a0e:97c0:4d1:0::1";
};
configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }:
let
inherit (lib) mkIf mkMerge;
inherit (lib.my) networkdAssignment;
in
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
@@ -59,14 +70,18 @@
matchConfig.Name = "wan";
DHCP = "ipv4";
};
"80-base" = {
matchConfig.Name = "base";
address = with config.my.network; [ "${ipv4}/24" "${ipv6}/64" ];
"80-base" = (networkdAssignment "base" assignments.internal) // {
networkConfig = {
DHCPServer = true;
IPv6AcceptRA = false;
IPv6SendRA = true;
IPMasquerade = "both";
};
ipv6SendRAConfig.DNS = [ assignments.internal.ipv6.address ];
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64";
}
];
};
};
};
@@ -74,10 +89,6 @@
my = {
server.enable = true;
network = {
ipv6 = "2a0e:97c0:4d1:0::1";
ipv4 = "10.110.0.1";
};
firewall = {
trustedInterfaces = [ "base" ];
nat = {