sif: network for libvirtd

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-06-22 10:50:52 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-06-22 10:50:52 +0200
commit: 9342cee52c63d50234db346ca0909caba0f94475 (patch)
tree: 52f86459557914b1bdd4ca52285d7fd8cd6ef554 /hosts/sif/default.nix
parent: 5d640c6dbb9708296b761c8de89565043962c0a7 (diff)
download: nixos-9342cee52c63d50234db346ca0909caba0f94475.tar
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.gz
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.bz2
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.xz
nixos-9342cee52c63d50234db346ca0909caba0f94475.zip
1 files changed, 61 insertions, 3 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index c3f4bd41..d82222d0 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -56,6 +56,11 @@ in {
      kernelModules = ["v4l2loopback"];
      tmpOnTmpfs = true;
+      kernel.sysctl = {
+        "net.ipv4.ip_forward" = true;
+        "net.ipv6.conf.all.forwarding" = true;
+      };
    };
    networking = {
@@ -106,9 +111,10 @@ in {
      # };
    };
-    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+    environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
      text = ''
-        server=/sif.libvirt/192.168.122.1
+        except-interface=virbr0
+        server=/libvirt/192.168.122.1@virbr0
      '';
    };
    environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = {
@@ -153,6 +159,13 @@ in {
            }
          ];
        };
+        virbr0 = {
+          netdevConfig = {
+            Name = "virbr0";
+            Kind = "bridge";
+            MACAddress = "52:54:00:18:85:5b";
+          };
+        };
      };
      networks = {
        wgrz = {
@@ -201,6 +214,16 @@ in {
            DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"];
          };
        };
+        virbr0 = {
+          name = "virbr0";
+          matchConfig = {
+            Name = "virbr0";
+          };
+          address = ["192.168.122.1/24" "fd45:febc:b028::/48"];
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
      };
    };
    sops.secrets.wgrz = {
@@ -210,7 +233,42 @@ in {
      owner = "root";
      group = "systemd-network";
    };
-    networking.networkmanager.unmanaged = ["wgrz"];
+    networking.networkmanager.unmanaged = ["wgrz" "virbr0"];
+    services.dnsmasq = {
+      enable = true;
+      resolveLocalQueries = false;
+      servers = [];
+      extraConfig = ''
+        enable-ra
+        local=/libvirt/
+        domain-needed
+        expand-hosts
+        bogus-priv
+        no-hosts
+        listen-address=192.168.122.1
+        listen-address=fd45:febc:b028::
+        interface=virbr0
+        except-interface=lo
+        bind-interfaces
+        domain=libvirt,192.168.122.0/24
+        dhcp-range=192.168.122.128,192.168.122.254,1h
+        dhcp-range=fd45:febc:b028::1,fd45:febc:b028:0:ffff:ffff:ffff:ffff,ra-names,1h
+        dhcp-host=52:54:00:18:85:5b,sif,192.168.122.1
+        dhcp-authoritative
+        dhcp-rapid-commit
+        dhcp-option=option6:dns-server,[fd45:febc:b028::]
+      '';
+    };
+    systemd.services.dnsmasq = {
+      bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
+      after = ["sys-subsystem-net-devices-virbr0.device"];
+    };
+    systemd.services.libvirtd = {
+      wants = ["dnsmasq.service"];
+      bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
+      after = ["dnsmasq.service" "sys-subsystem-net-devices-virbr0.device"];
+    };
    services.openssh.enable = true;
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-06-22 10:50:52 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-06-22 10:50:52 +0200
commit	9342cee52c63d50234db346ca0909caba0f94475 (patch)
tree	52f86459557914b1bdd4ca52285d7fd8cd6ef554 /hosts/sif/default.nix
parent	5d640c6dbb9708296b761c8de89565043962c0a7 (diff)
download	nixos-9342cee52c63d50234db346ca0909caba0f94475.tar nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.gz nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.bz2 nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.xz nixos-9342cee52c63d50234db346ca0909caba0f94475.zip

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index c3f4bd41..d82222d0 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix
@@ -56,6 +56,11 @@ in {
56	kernelModules = ["v4l2loopback"];	56	kernelModules = ["v4l2loopback"];
57		57
58	tmpOnTmpfs = true;	58	tmpOnTmpfs = true;
		59
		60	kernel.sysctl = {
		61	"net.ipv4.ip_forward" = true;
		62	"net.ipv6.conf.all.forwarding" = true;
		63	};
59	};	64	};
60		65
61	networking = {	66	networking = {
@@ -106,9 +111,10 @@ in {
106	# };	111	# };
107	};	112	};
108		113
109	environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {	114	environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
110	text = ''	115	text = ''
111	server=/sif.libvirt/192.168.122.1	116	except-interface=virbr0
		117	server=/libvirt/192.168.122.1@virbr0
112	'';	118	'';
113	};	119	};
114	environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = {	120	environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = {
@@ -153,6 +159,13 @@ in {
153	}	159	}
154	];	160	];
155	};	161	};
		162	virbr0 = {
		163	netdevConfig = {
		164	Name = "virbr0";
		165	Kind = "bridge";
		166	MACAddress = "52:54:00:18:85:5b";
		167	};
		168	};
156	};	169	};
157	networks = {	170	networks = {
158	wgrz = {	171	wgrz = {
@@ -201,6 +214,16 @@ in {
201	DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"];	214	DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"];
202	};	215	};
203	};	216	};
		217	virbr0 = {
		218	name = "virbr0";
		219	matchConfig = {
		220	Name = "virbr0";
		221	};
		222	address = ["192.168.122.1/24" "fd45:febc:b028::/48"];
		223	networkConfig = {
		224	ConfigureWithoutCarrier = true;
		225	};
		226	};
204	};	227	};
205	};	228	};
206	sops.secrets.wgrz = {	229	sops.secrets.wgrz = {
@@ -210,7 +233,42 @@ in {
210	owner = "root";	233	owner = "root";
211	group = "systemd-network";	234	group = "systemd-network";
212	};	235	};
213	networking.networkmanager.unmanaged = ["wgrz"];	236	networking.networkmanager.unmanaged = ["wgrz" "virbr0"];
		237
		238	services.dnsmasq = {
		239	enable = true;
		240	resolveLocalQueries = false;
		241	servers = [];
		242	extraConfig = ''
		243	enable-ra
		244	local=/libvirt/
		245	domain-needed
		246	expand-hosts
		247	bogus-priv
		248	no-hosts
		249	listen-address=192.168.122.1
		250	listen-address=fd45:febc:b028::
		251	interface=virbr0
		252	except-interface=lo
		253	bind-interfaces
		254	domain=libvirt,192.168.122.0/24
		255	dhcp-range=192.168.122.128,192.168.122.254,1h
		256	dhcp-range=fd45:febc:b028::1,fd45:febc:b028:0:ffff:ffff:ffff:ffff,ra-names,1h
		257	dhcp-host=52:54:00:18:85:5b,sif,192.168.122.1
		258	dhcp-authoritative
		259	dhcp-rapid-commit
		260	dhcp-option=option6:dns-server,[fd45:febc:b028::]
		261	'';
		262	};
		263	systemd.services.dnsmasq = {
		264	bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
		265	after = ["sys-subsystem-net-devices-virbr0.device"];
		266	};
		267	systemd.services.libvirtd = {
		268	wants = ["dnsmasq.service"];
		269	bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
		270	after = ["dnsmasq.service" "sys-subsystem-net-devices-virbr0.device"];
		271	};
214		272
215	services.openssh.enable = true;	273	services.openssh.enable = true;
216		274