dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Tweak networking and prepare for more VMs

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-05-28 15:30:12 +01:00
parent dc69948112
commit 64def7f564
7 changed files with 122 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@@ -94,7 +94,7 @@
# Systems # Systems
nixos/installer.nix nixos/installer.nix
nixos/boxes/colony.nix nixos/boxes/colony
nixos/vms/estuary nixos/vms/estuary
nixos/containers/vaultwarden.nix nixos/containers/vaultwarden.nix

3
home-manager/modules/common.nix
View File

@@ -204,6 +204,9 @@ in
wget wget
hyx hyx
whois whois
ldns
minicom
traceroute
]; ];
sessionVariables = { sessionVariables = {

112
nixos/boxes/colony.nix → nixos/boxes/colony/default.nix
View File

@@ -4,23 +4,28 @@
nixpkgs = "mine"; nixpkgs = "mine";
home-manager = "unstable"; home-manager = "unstable";
assignments.internal = { assignments = {
name = "colony"; internal = {
altNames = [ "vm" ]; altNames = [ "vm" ];
ipv4.address = "10.100.0.2"; ipv4.address = "10.100.0.2";
ipv6.address = "2a0e:97c0:4d1:0::2"; ipv6.address = "2a0e:97c0:4d1:0::2";
};
vms = {
ipv4 = {
address = "10.100.1.1";
gateway = null;
};
ipv6.address = "2a0e:97c0:4d1:1::1";
};
}; };
configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }: configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }:
let let
inherit (lib) mkIf mapAttrs; inherit (lib) mkIf mkMerge mkForce mapAttrs;
inherit (lib.my) networkdAssignment; inherit (lib.my) networkdAssignment;
wanBDF =
if config.my.build.isDevVM then "00:02.0" else "01:00.0";
in in
{ {
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./vms.nix ];
networking.domain = "fra1.int.nul.ie"; networking.domain = "fra1.int.nul.ie";
@@ -60,16 +65,43 @@
linkConfig.Name = "base-ext"; linkConfig.Name = "base-ext";
}; };
}; };
netdevs."25-base".netdevConfig = { netdevs = {
Name = "base"; "25-base".netdevConfig = {
Kind = "bridge"; Name = "base";
Kind = "bridge";
};
"25-vms".netdevConfig = {
Name = "vms";
Kind = "bridge";
};
}; };
networks = { networks = {
"80-base" = networkdAssignment "base" assignments.internal; "80-base" = networkdAssignment "base" assignments.internal;
"80-base-ext" = { "80-base-ext" = {
matchConfig.Name = "base-ext"; matchConfig.Name = "base-ext";
networkConfig.Bridge = "base"; networkConfig.Bridge = "base";
}; };
"80-vms" = mkMerge [
(networkdAssignment "base" assignments.vms)
{
networkConfig = {
IPv6AcceptRA = mkForce false;
IPv6SendRA = true;
};
ipv6SendRAConfig = {
DNS = [ allAssignments.estuary.internal.ipv6.address ];
Domains = [ config.networking.domain ];
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:1::/64";
}
];
}
];
"80-vm-tap" = { "80-vm-tap" = {
matchConfig = { matchConfig = {
# Don't think we have control over the name of the TAP from qemu-bridge-helper (or how to easily pick # Don't think we have control over the name of the TAP from qemu-bridge-helper (or how to easily pick
@@ -85,21 +117,6 @@
}; };
}; };
}; };
services."vm@estuary" = {
# Depend the interface, networkd wait-online would deadlock...
requires = [ "sys-subsystem-net-devices-base.device" ];
preStart = ''
count=0
while ! ${pkgs.iproute2}/bin/ip link show dev base > /dev/null 2>&1; do
count=$((count+1))
if [ $count -ge 5 ]; then
echo "Timed out waiting for bridge interface"
fi
sleep 0.5
done
'';
};
}; };
#environment.etc."udev/udev.conf".text = "udev_log=debug"; #environment.etc."udev/udev.conf".text = "udev_log=debug";
@@ -132,43 +149,6 @@
# networking.bridge = "virtual"; # networking.bridge = "virtual";
# }; # };
#}; #};
vms = {
instances.estuary = {
uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b";
networks.base.mac = "52:54:00:ab:f1:52";
drives = {
installer = {
backend = {
driver = "file";
filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso";
read-only = "on";
};
format.driver = "raw";
frontend = "ide-cd";
frontendOpts = {
bootindex = 1;
};
};
disk = {
backend = {
driver = "host_device";
filename = "/dev/ssds/vm-estuary";
# It appears this needs to be set on the backend _and_ the format
discard = "unmap";
};
format = {
driver = "raw";
discard = "unmap";
};
frontend = "virtio-blk";
frontendOpts = {
bootindex = 0;
};
};
};
hostDevices."${wanBDF}" = { };
};
};
}; };
}; };
}; };

63
nixos/boxes/colony/vms.nix Normal file
View File

@@ -0,0 +1,63 @@
{ lib, pkgs, config, systems, ... }:
let
wanBDF =
if config.my.build.isDevVM then "00:02.0" else "01:00.0";
in
{
systemd = {
services."vm@estuary" = {
# Depend the interface, networkd wait-online would deadlock...
requires = [ "sys-subsystem-net-devices-base.device" ];
preStart = ''
count=0
while ! ${pkgs.iproute2}/bin/ip link show dev base > /dev/null 2>&1; do
count=$((count+1))
if [ $count -ge 5 ]; then
echo "Timed out waiting for bridge interface"
fi
sleep 0.5
done
'';
};
};
my = {
vms = {
instances.estuary = {
uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b";
networks.base.mac = "52:54:00:ab:f1:52";
drives = {
installer = {
backend = {
driver = "file";
filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso";
read-only = "on";
};
format.driver = "raw";
frontend = "ide-cd";
frontendOpts = {
bootindex = 1;
};
};
disk = {
backend = {
driver = "host_device";
filename = "/dev/ssds/vm-estuary";
# It appears this needs to be set on the backend _and_ the format
discard = "unmap";
};
format = {
driver = "raw";
discard = "unmap";
};
frontend = "virtio-blk";
frontendOpts = {
bootindex = 0;
};
};
};
hostDevices."${wanBDF}" = { };
};
};
};
}

4
nixos/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgsFlakes, hmFlakes, inputs, pkgs', config, ... }: { lib, pkgsFlakes, hmFlakes, inputs, pkgs', config, ... }:
let let
inherit (builtins) attrValues mapAttrs; inherit (builtins) attrValues mapAttrs;
inherit (lib) substring flatten optional optionals mkDefault mkOption mkOptionType; inherit (lib) substring flatten optional optionals mkDefault mkForce mkOption mkOptionType;
inherit (lib.my) naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule'; inherit (lib.my) naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule';
cfg = config.nixos; cfg = config.nixos;
@@ -126,7 +126,7 @@ let
docCustom = mkBoolOpt' false "Whether to document nixfiles' custom NixOS modules."; docCustom = mkBoolOpt' false "Whether to document nixfiles' custom NixOS modules.";
assignments = mkOpt' (attrsOf (submoduleWith { assignments = mkOpt' (attrsOf (submoduleWith {
modules = [ assignmentOpts { _module.args.name = name; } ]; modules = [ assignmentOpts { _module.args.name = mkForce name; } ];
})) { } "Network assignments."; })) { } "Network assignments.";
configuration = mkOption { configuration = mkOption {

2
nixos/modules/common.nix
View File

@@ -103,8 +103,6 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bash-completion bash-completion
vim vim
ldns
minicom
]; ];
programs = { programs = {

8
nixos/vms/estuary/default.nix
View File

@@ -85,7 +85,6 @@
networkConfig = { networkConfig = {
IPv6AcceptRA = mkForce false; IPv6AcceptRA = mkForce false;
IPv6SendRA = true; IPv6SendRA = true;
IPMasquerade = "both";
}; };
ipv6SendRAConfig = { ipv6SendRAConfig = {
DNS = [ assignments.internal.ipv6.address ]; DNS = [ assignments.internal.ipv6.address ];
@@ -110,6 +109,13 @@
enable = true; enable = true;
externalInterface = "wan"; externalInterface = "wan";
}; };
extraRules = ''
table nat {
chain postrouting {
ip saddr 10.100.0.0/16 masquerade
}
}
'';
}; };
}; };
} }