summaryrefslogtreecommitdiff
path: root/hosts/sif/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-06-22 10:50:52 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-06-22 10:50:52 +0200
commit9342cee52c63d50234db346ca0909caba0f94475 (patch)
tree52f86459557914b1bdd4ca52285d7fd8cd6ef554 /hosts/sif/default.nix
parent5d640c6dbb9708296b761c8de89565043962c0a7 (diff)
downloadnixos-9342cee52c63d50234db346ca0909caba0f94475.tar
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.gz
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.bz2
nixos-9342cee52c63d50234db346ca0909caba0f94475.tar.xz
nixos-9342cee52c63d50234db346ca0909caba0f94475.zip
sif: network for libvirtd
Diffstat (limited to 'hosts/sif/default.nix')
-rw-r--r--hosts/sif/default.nix64
1 files changed, 61 insertions, 3 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index c3f4bd41..d82222d0 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -56,6 +56,11 @@ in {
56 kernelModules = ["v4l2loopback"]; 56 kernelModules = ["v4l2loopback"];
57 57
58 tmpOnTmpfs = true; 58 tmpOnTmpfs = true;
59
60 kernel.sysctl = {
61 "net.ipv4.ip_forward" = true;
62 "net.ipv6.conf.all.forwarding" = true;
63 };
59 }; 64 };
60 65
61 networking = { 66 networking = {
@@ -106,9 +111,10 @@ in {
106 # }; 111 # };
107 }; 112 };
108 113
109 environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = { 114 environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
110 text = '' 115 text = ''
111 server=/sif.libvirt/192.168.122.1 116 except-interface=virbr0
117 server=/libvirt/192.168.122.1@virbr0
112 ''; 118 '';
113 }; 119 };
114 environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = { 120 environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = {
@@ -153,6 +159,13 @@ in {
153 } 159 }
154 ]; 160 ];
155 }; 161 };
162 virbr0 = {
163 netdevConfig = {
164 Name = "virbr0";
165 Kind = "bridge";
166 MACAddress = "52:54:00:18:85:5b";
167 };
168 };
156 }; 169 };
157 networks = { 170 networks = {
158 wgrz = { 171 wgrz = {
@@ -201,6 +214,16 @@ in {
201 DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"]; 214 DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"];
202 }; 215 };
203 }; 216 };
217 virbr0 = {
218 name = "virbr0";
219 matchConfig = {
220 Name = "virbr0";
221 };
222 address = ["192.168.122.1/24" "fd45:febc:b028::/48"];
223 networkConfig = {
224 ConfigureWithoutCarrier = true;
225 };
226 };
204 }; 227 };
205 }; 228 };
206 sops.secrets.wgrz = { 229 sops.secrets.wgrz = {
@@ -210,7 +233,42 @@ in {
210 owner = "root"; 233 owner = "root";
211 group = "systemd-network"; 234 group = "systemd-network";
212 }; 235 };
213 networking.networkmanager.unmanaged = ["wgrz"]; 236 networking.networkmanager.unmanaged = ["wgrz" "virbr0"];
237
238 services.dnsmasq = {
239 enable = true;
240 resolveLocalQueries = false;
241 servers = [];
242 extraConfig = ''
243 enable-ra
244 local=/libvirt/
245 domain-needed
246 expand-hosts
247 bogus-priv
248 no-hosts
249 listen-address=192.168.122.1
250 listen-address=fd45:febc:b028::
251 interface=virbr0
252 except-interface=lo
253 bind-interfaces
254 domain=libvirt,192.168.122.0/24
255 dhcp-range=192.168.122.128,192.168.122.254,1h
256 dhcp-range=fd45:febc:b028::1,fd45:febc:b028:0:ffff:ffff:ffff:ffff,ra-names,1h
257 dhcp-host=52:54:00:18:85:5b,sif,192.168.122.1
258 dhcp-authoritative
259 dhcp-rapid-commit
260 dhcp-option=option6:dns-server,[fd45:febc:b028::]
261 '';
262 };
263 systemd.services.dnsmasq = {
264 bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
265 after = ["sys-subsystem-net-devices-virbr0.device"];
266 };
267 systemd.services.libvirtd = {
268 wants = ["dnsmasq.service"];
269 bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
270 after = ["dnsmasq.service" "sys-subsystem-net-devices-virbr0.device"];
271 };
214 272
215 services.openssh.enable = true; 273 services.openssh.enable = true;
216 274