Configure network for libvirtd with systemd

2022-09-21 22:52:10 +02:00 · 2022-09-21 22:52:10 +02:00 · 3d3653efeb
commit 3d3653efeb
parent 346d4d8b18
1 changed files with 46 additions and 9 deletions
--- a/modules/libvirtd/default.nix
+++ b/modules/libvirtd/default.nix
@ -9,23 +9,60 @@ in
  config = mkIf (cfg.enable) {
    virtualisation.libvirtd = {
      enable = true;
+      allowedBridges = [ "br0" ];
    };
-    networking = {
-      interfaces = {
-        br0 = {
-          useDHCP = true;
-          macAddress = "04:d9:f5:f9:c2:c6";
+
+    systemd.network = {
+      netdevs = {
+        "40-br0" = {
+          enable = true;
+          netdevConfig = {
+            Kind = "bridge";
+            Name = "br0";
+          };
+          extraConfig = ''
+            [Bridge]
+            STP=yes
+          '';
        };
      };

-      bridges = {
-        "br0" = {
-          interfaces = [ "enp4s0" ];
-          # rstp = true;
+      networks = {
+        "40-br0" = {
+          enable = true;
+          matchConfig = {
+            Name = "br0";
+          };
+          linkConfig = {
+            MACAddress = "04:d9:f5:f9:c2:c6";
+          };
+          networkConfig = {
+            DHCP = "yes";
+            IPv6PrivacyExtensions = "kernel";
+          };
+        };
+
+        "40-enp4s0" = {
+          enable = true;
+          bridge = [ "br0" ];
+          matchConfig = {
+            Name = "enp4s0";
+          };
+          networkConfig = {
+            DHCP = mkForce "no";
+            IPv6PrivacyExtensions = "kernel";
+          };
        };
      };
    };

+    systemd.services.docker = {
+      serviceConfig = {
+        ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT";
+      };
+    };
    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
+
+    environment.systemPackages = with pkgs; [ virt-manager ];
  };
 }