erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Configure network for libvirtd with systemd

Browse source
This commit is contained in:
Erwin Boskma 2022-09-21 22:52:10 +02:00
parent 346d4d8b18
commit 3d3653efeb
Signed by: erwin
GPG key ID: 270B20D17394F7E5
1 changed files with 46 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
modules/libvirtd/default.nix
View file

@ -9,23 +9,60 @@ in
config = mkIf (cfg.enable) { config = mkIf (cfg.enable) {
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
allowedBridges = [ "br0" ];
}; };
networking = {
interfaces = { systemd.network = {
br0 = { netdevs = {
useDHCP = true; "40-br0" = {
macAddress = "04:d9:f5:f9:c2:c6"; enable = true;
netdevConfig = {
Kind = "bridge";
Name = "br0";
};
extraConfig = ''
[Bridge]
STP=yes
'';
}; };
}; };
bridges = { networks = {
"br0" = { "40-br0" = {
interfaces = [ "enp4s0" ]; enable = true;
# rstp = true; matchConfig = {
Name = "br0";
};
linkConfig = {
MACAddress = "04:d9:f5:f9:c2:c6";
};
networkConfig = {
DHCP = "yes";
IPv6PrivacyExtensions = "kernel";
};
};
"40-enp4s0" = {
enable = true;
bridge = [ "br0" ];
matchConfig = {
Name = "enp4s0";
};
networkConfig = {
DHCP = mkForce "no";
IPv6PrivacyExtensions = "kernel";
};
}; };
}; };
}; };
systemd.services.docker = {
serviceConfig = {
ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT";
};
};
users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ]; users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [ virt-manager ];
}; };
} }