erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Enable libvirtd, configure networking with systemd

Browse source
This commit is contained in:
Erwin Boskma 2022-09-21 18:36:31 +02:00
parent e9a3b15ce4
commit 7680059832
Signed by: erwin
GPG key ID: 270B20D17394F7E5
4 changed files with 111 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
machines/loki/configuration.nix
View file

@ -33,6 +33,7 @@ in
# inherit (users) users; # inherit (users) users;
# enable = true; # enable = true;
# }; # };
libvirtd.enable = true;
livebook = { livebook = {
enable = true; enable = true;
dataDir = "/home/erwin/workspace/livebook"; dataDir = "/home/erwin/workspace/livebook";
@ -40,10 +41,6 @@ in
}; };
networking = { networking = {
enable = true; enable = true;
dhcpInterfaces = [ "enp4s0" ];
hosts = {
"10.0.0.252" = [ "pve.datarift.nl" ];
};
}; };
nix-common = { nix-common = {
enable = true; enable = true;
@ -66,8 +63,37 @@ in
networking = { networking = {
hostName = "loki"; hostName = "loki";
useDHCP = false; useDHCP = false;
networkmanager.enable = true;
useNetworkd = true;
hosts = {
"10.0.0.252" = [ "pve.datarift.nl" ];
}; };
firewall = {
trustedInterfaces = [ "lo" ];
interfaces."enp4s0" = {
allowedTCPPorts = [
# Horus System V2
12345
5555
5556
# Elixir/Phoenix dev environment
4000
];
};
};
};
systemd.network = {
enable = true;
networks = {
"40-enp4s0" = {
DHCP = "yes";
};
};
};
# nix = { # nix = {
# package = pkgs.nixUnstable; # package = pkgs.nixUnstable;
# extraOptions = '' # extraOptions = ''
@ -77,6 +103,55 @@ in
services.openssh.enable = true; services.openssh.enable = true;
# TODO: Add to LXD module
# virtualisation.lxd = {
# enable = true;
# recommendedSysctlSettings = true;
# };
# virtualisation.lxc.lxcfs.enable = true;
# networking.bridges = {
# lxdbr0.interfaces = [ ];
# };
# networking.localCommands = ''
# ip address add 10.2.0.1/24 dev lxdbr0
# '';
# networking.firewall.extraCommands = ''
# iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy,
# # but just to be explicit I'll add them anyway
# iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE
# '';
# boot.kernel.sysctl = {
# "net.ipv4.conf.all.forwarding" = true;
# "net.ipv4.conf.default.forwarding" = true;
# };
# users.users.erwin.extraGroups = [ "lxd" ];
# End TODO: Add to LXD module
services.nfs.server = {
enable = true;
exports = ''
/home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash)
'';
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
};
networking.firewall = {
allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
};
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {
ha_now_playing_token = { ha_now_playing_token = {

2
machines/loki/hardware-configuration.nix
View file

@ -13,7 +13,7 @@
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ]; boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
boot.extraModulePackages = [ ] ++ boot.extraModulePackages = [ ] ++
(with config.boot.kernelPackages; [ rtl88x2bu zenpower ]); (with config.boot.kernelPackages; [ rtl88x2bu zenpower ]);

31
modules/libvirtd/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.eboskma.libvirtd;
in
{
options.eboskma.libvirtd = { enable = mkEnableOption "libvirtd"; };
config = mkIf (cfg.enable) {
virtualisation.libvirtd = {
enable = true;
};
networking = {
interfaces = {
br0 = {
useDHCP = true;
macAddress = "04:d9:f5:f9:c2:c6";
};
};
bridges = {
"br0" = {
interfaces = [ "enp4s0" ];
# rstp = true;
};
};
};
users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
};
}

39
modules/networking/default.nix
View file

@ -9,48 +9,9 @@ in
{ {
options.eboskma.networking = { options.eboskma.networking = {
enable = mkEnableOption "activate networing settings"; enable = mkEnableOption "activate networing settings";
dhcpInterfaces = mkOption {
description = "list of interfaces to enable DHCP on";
type = types.listOf types.nonEmptyStr;
};
hosts = mkOption {
description = "Additional entries to the hosts file";
type = types.attrsOf (types.listOf types.str);
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking = {
networkmanager.enable = true;
interfaces = listToAttrs (builtins.map
(iface: {
name = iface;
value = { useDHCP = true; };
})
cfg.dhcpInterfaces);
hosts = cfg.hosts;
firewall = {
trustedInterfaces = [ "lo" ];
interfaces = listToAttrs (builtins.map
(iface: {
name = iface;
value = {
allowedTCPPorts = [
# Horus System V2
12345
5555
5556
# Elixir/Phoenix dev environment
4000
];
};
})
cfg.dhcpInterfaces);
};
};
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ]; users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [