From 9342cee52c63d50234db346ca0909caba0f94475 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Jun 2022 10:50:52 +0200
Subject: sif: network for libvirtd

---
 hosts/sif/default.nix | 64 ++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 61 insertions(+), 3 deletions(-)

(limited to 'hosts/sif/default.nix')

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index c3f4bd41..d82222d0 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -56,6 +56,11 @@ in {
       kernelModules = ["v4l2loopback"];
 
       tmpOnTmpfs = true;
+
+      kernel.sysctl = {
+        "net.ipv4.ip_forward" = true;
+        "net.ipv6.conf.all.forwarding" = true;
+      };
     };
 
     networking = {
@@ -106,9 +111,10 @@ in {
       # };
     };
 
-    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+    environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
       text = ''
-        server=/sif.libvirt/192.168.122.1
+        except-interface=virbr0
+        server=/libvirt/192.168.122.1@virbr0
       '';
     };
     environment.etc."NetworkManager/dnsmasq.d/wgrz.conf" = {
@@ -153,6 +159,13 @@ in {
             }
           ];
         };
+        virbr0 = {
+          netdevConfig = {
+            Name = "virbr0";
+            Kind = "bridge";
+            MACAddress = "52:54:00:18:85:5b";
+          };
+        };
       };
       networks = {
         wgrz = {
@@ -201,6 +214,16 @@ in {
             DNS = ["10.153.88.9" "129.187.111.202" "10.156.33.53"];
           };
         };
+        virbr0 = {
+          name = "virbr0";
+          matchConfig = {
+            Name = "virbr0";
+          };
+          address = ["192.168.122.1/24" "fd45:febc:b028::/48"];
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
       };
     };
     sops.secrets.wgrz = {
@@ -210,7 +233,42 @@ in {
       owner = "root";
       group = "systemd-network";
     };
-    networking.networkmanager.unmanaged = ["wgrz"];
+    networking.networkmanager.unmanaged = ["wgrz" "virbr0"];
+
+    services.dnsmasq = {
+      enable = true;
+      resolveLocalQueries = false;
+      servers = [];
+      extraConfig = ''
+        enable-ra
+        local=/libvirt/
+        domain-needed
+        expand-hosts
+        bogus-priv
+        no-hosts
+        listen-address=192.168.122.1
+        listen-address=fd45:febc:b028::
+        interface=virbr0
+        except-interface=lo
+        bind-interfaces
+        domain=libvirt,192.168.122.0/24
+        dhcp-range=192.168.122.128,192.168.122.254,1h
+        dhcp-range=fd45:febc:b028::1,fd45:febc:b028:0:ffff:ffff:ffff:ffff,ra-names,1h
+        dhcp-host=52:54:00:18:85:5b,sif,192.168.122.1
+        dhcp-authoritative
+        dhcp-rapid-commit
+        dhcp-option=option6:dns-server,[fd45:febc:b028::]
+      '';
+    };
+    systemd.services.dnsmasq = {
+      bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
+      after = ["sys-subsystem-net-devices-virbr0.device"];
+    };
+    systemd.services.libvirtd = {
+      wants = ["dnsmasq.service"];
+      bindsTo = ["sys-subsystem-net-devices-virbr0.device"];
+      after = ["dnsmasq.service" "sys-subsystem-net-devices-virbr0.device"];
+    };
 
     services.openssh.enable = true;
 
-- 
cgit v1.2.3