diff --git a/flake.nix b/flake.nix index e72fc0c..dd0406a 100644 --- a/flake.nix +++ b/flake.nix @@ -94,7 +94,7 @@ # Systems nixos/installer.nix - nixos/boxes/colony.nix + nixos/boxes/colony nixos/vms/estuary nixos/containers/vaultwarden.nix diff --git a/home-manager/modules/common.nix b/home-manager/modules/common.nix index 2d42fa2..42eb884 100644 --- a/home-manager/modules/common.nix +++ b/home-manager/modules/common.nix @@ -204,6 +204,9 @@ in wget hyx whois + ldns + minicom + traceroute ]; sessionVariables = { diff --git a/nixos/boxes/colony.nix b/nixos/boxes/colony/default.nix similarity index 57% rename from nixos/boxes/colony.nix rename to nixos/boxes/colony/default.nix index 9b56471..2b58327 100644 --- a/nixos/boxes/colony.nix +++ b/nixos/boxes/colony/default.nix @@ -4,23 +4,28 @@ nixpkgs = "mine"; home-manager = "unstable"; - assignments.internal = { - name = "colony"; - altNames = [ "vm" ]; - ipv4.address = "10.100.0.2"; - ipv6.address = "2a0e:97c0:4d1:0::2"; + assignments = { + internal = { + altNames = [ "vm" ]; + ipv4.address = "10.100.0.2"; + ipv6.address = "2a0e:97c0:4d1:0::2"; + }; + vms = { + ipv4 = { + address = "10.100.1.1"; + gateway = null; + }; + ipv6.address = "2a0e:97c0:4d1:1::1"; + }; }; - configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }: + configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }: let - inherit (lib) mkIf mapAttrs; + inherit (lib) mkIf mkMerge mkForce mapAttrs; inherit (lib.my) networkdAssignment; - - wanBDF = - if config.my.build.isDevVM then "00:02.0" else "01:00.0"; in { - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./vms.nix ]; networking.domain = "fra1.int.nul.ie"; @@ -60,16 +65,43 @@ linkConfig.Name = "base-ext"; }; }; - netdevs."25-base".netdevConfig = { - Name = "base"; - Kind = "bridge"; + netdevs = { + "25-base".netdevConfig = { + Name = "base"; + Kind = "bridge"; + }; + "25-vms".netdevConfig = { + Name = "vms"; + Kind = "bridge"; + }; }; + networks = { "80-base" = networkdAssignment "base" assignments.internal; "80-base-ext" = { matchConfig.Name = "base-ext"; networkConfig.Bridge = "base"; }; + + "80-vms" = mkMerge [ + (networkdAssignment "base" assignments.vms) + { + networkConfig = { + IPv6AcceptRA = mkForce false; + IPv6SendRA = true; + }; + ipv6SendRAConfig = { + DNS = [ allAssignments.estuary.internal.ipv6.address ]; + Domains = [ config.networking.domain ]; + }; + ipv6Prefixes = [ + { + ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:1::/64"; + } + ]; + } + ]; + "80-vm-tap" = { matchConfig = { # Don't think we have control over the name of the TAP from qemu-bridge-helper (or how to easily pick @@ -85,21 +117,6 @@ }; }; }; - - services."vm@estuary" = { - # Depend the interface, networkd wait-online would deadlock... - requires = [ "sys-subsystem-net-devices-base.device" ]; - preStart = '' - count=0 - while ! ${pkgs.iproute2}/bin/ip link show dev base > /dev/null 2>&1; do - count=$((count+1)) - if [ $count -ge 5 ]; then - echo "Timed out waiting for bridge interface" - fi - sleep 0.5 - done - ''; - }; }; #environment.etc."udev/udev.conf".text = "udev_log=debug"; @@ -132,43 +149,6 @@ # networking.bridge = "virtual"; # }; #}; - vms = { - instances.estuary = { - uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b"; - networks.base.mac = "52:54:00:ab:f1:52"; - drives = { - installer = { - backend = { - driver = "file"; - filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso"; - read-only = "on"; - }; - format.driver = "raw"; - frontend = "ide-cd"; - frontendOpts = { - bootindex = 1; - }; - }; - disk = { - backend = { - driver = "host_device"; - filename = "/dev/ssds/vm-estuary"; - # It appears this needs to be set on the backend _and_ the format - discard = "unmap"; - }; - format = { - driver = "raw"; - discard = "unmap"; - }; - frontend = "virtio-blk"; - frontendOpts = { - bootindex = 0; - }; - }; - }; - hostDevices."${wanBDF}" = { }; - }; - }; }; }; }; diff --git a/nixos/boxes/colony/vms.nix b/nixos/boxes/colony/vms.nix new file mode 100644 index 0000000..c452f52 --- /dev/null +++ b/nixos/boxes/colony/vms.nix @@ -0,0 +1,63 @@ +{ lib, pkgs, config, systems, ... }: +let + wanBDF = + if config.my.build.isDevVM then "00:02.0" else "01:00.0"; +in +{ + systemd = { + services."vm@estuary" = { + # Depend the interface, networkd wait-online would deadlock... + requires = [ "sys-subsystem-net-devices-base.device" ]; + preStart = '' + count=0 + while ! ${pkgs.iproute2}/bin/ip link show dev base > /dev/null 2>&1; do + count=$((count+1)) + if [ $count -ge 5 ]; then + echo "Timed out waiting for bridge interface" + fi + sleep 0.5 + done + ''; + }; + }; + + my = { + vms = { + instances.estuary = { + uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b"; + networks.base.mac = "52:54:00:ab:f1:52"; + drives = { + installer = { + backend = { + driver = "file"; + filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso"; + read-only = "on"; + }; + format.driver = "raw"; + frontend = "ide-cd"; + frontendOpts = { + bootindex = 1; + }; + }; + disk = { + backend = { + driver = "host_device"; + filename = "/dev/ssds/vm-estuary"; + # It appears this needs to be set on the backend _and_ the format + discard = "unmap"; + }; + format = { + driver = "raw"; + discard = "unmap"; + }; + frontend = "virtio-blk"; + frontendOpts = { + bootindex = 0; + }; + }; + }; + hostDevices."${wanBDF}" = { }; + }; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix index 6b5a31b..766e76e 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,7 +1,7 @@ { lib, pkgsFlakes, hmFlakes, inputs, pkgs', config, ... }: let inherit (builtins) attrValues mapAttrs; - inherit (lib) substring flatten optional optionals mkDefault mkOption mkOptionType; + inherit (lib) substring flatten optional optionals mkDefault mkForce mkOption mkOptionType; inherit (lib.my) naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule'; cfg = config.nixos; @@ -126,7 +126,7 @@ let docCustom = mkBoolOpt' false "Whether to document nixfiles' custom NixOS modules."; assignments = mkOpt' (attrsOf (submoduleWith { - modules = [ assignmentOpts { _module.args.name = name; } ]; + modules = [ assignmentOpts { _module.args.name = mkForce name; } ]; })) { } "Network assignments."; configuration = mkOption { diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index c09b2f5..db89692 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -103,8 +103,6 @@ in environment.systemPackages = with pkgs; [ bash-completion vim - ldns - minicom ]; programs = { diff --git a/nixos/vms/estuary/default.nix b/nixos/vms/estuary/default.nix index 413d05c..52294dd 100644 --- a/nixos/vms/estuary/default.nix +++ b/nixos/vms/estuary/default.nix @@ -85,7 +85,6 @@ networkConfig = { IPv6AcceptRA = mkForce false; IPv6SendRA = true; - IPMasquerade = "both"; }; ipv6SendRAConfig = { DNS = [ assignments.internal.ipv6.address ]; @@ -110,6 +109,13 @@ enable = true; externalInterface = "wan"; }; + extraRules = '' + table nat { + chain postrouting { + ip saddr 10.100.0.0/16 masquerade + } + } + ''; }; }; }