Enable libvirtd, configure networking with systemd

2022-09-21 18:36:31 +02:00 · 2022-09-21 18:36:31 +02:00 · 7680059832
commit 7680059832
parent e9a3b15ce4
4 changed files with 111 additions and 44 deletions
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@ -33,6 +33,7 @@ in
    #   inherit (users) users;
    #   enable = true;
    # };
+    libvirtd.enable = true;
    livebook = {
      enable = true;
      dataDir = "/home/erwin/workspace/livebook";
@ -40,10 +41,6 @@ in
    };
    networking = {
      enable = true;
-      dhcpInterfaces = [ "enp4s0" ];
-      hosts = {
-        "10.0.0.252" = [ "pve.datarift.nl" ];
-      };
    };
    nix-common = {
      enable = true;
@ -66,8 +63,37 @@ in
  networking = {
    hostName = "loki";
    useDHCP = false;
+    networkmanager.enable = true;
+    useNetworkd = true;
+
+    hosts = {
+      "10.0.0.252" = [ "pve.datarift.nl" ];
+    };
+
+    firewall = {
+      trustedInterfaces = [ "lo" ];
+      interfaces."enp4s0" = {
+        allowedTCPPorts = [
+          # Horus System V2
+          12345
+          5555
+          5556
+          # Elixir/Phoenix dev environment
+          4000
+        ];
+      };
+    };
  };

+  systemd.network = {
+    enable = true;
+
+    networks = {
+      "40-enp4s0" = {
+        DHCP = "yes";
+      };
+    };
+  };
  # nix = {
  #   package = pkgs.nixUnstable;
  #   extraOptions = ''
@ -77,6 +103,55 @@ in

  services.openssh.enable = true;

+  # TODO: Add to LXD module
+  # virtualisation.lxd = {
+  #   enable = true;
+  #   recommendedSysctlSettings = true;
+  # };
+  # virtualisation.lxc.lxcfs.enable = true;
+
+  # networking.bridges = {
+  #   lxdbr0.interfaces = [ ];
+  # };
+  # networking.localCommands = ''
+  #   ip address add 10.2.0.1/24 dev lxdbr0
+  # '';
+
+  # networking.firewall.extraCommands = ''
+  #   iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy,
+  #   # but just to be explicit I'll add them anyway
+  #   iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+
+  #   iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE
+  # '';
+
+  # boot.kernel.sysctl = {
+  #   "net.ipv4.conf.all.forwarding" = true;
+  #   "net.ipv4.conf.default.forwarding" = true;
+  # };
+
+  # users.users.erwin.extraGroups = [ "lxd" ];
+
+  # End TODO: Add to LXD module
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash)
+    '';
+    lockdPort = 4001;
+    mountdPort = 4002;
+    statdPort = 4000;
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
+    allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
+  };
+
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    ha_now_playing_token = {
--- a/machines/loki/hardware-configuration.nix
+++ b/machines/loki/hardware-configuration.nix
@ -13,7 +13,7 @@

  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ];
+  boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
  boot.extraModulePackages = [ ] ++
    (with config.boot.kernelPackages; [ rtl88x2bu zenpower ]);

--- a/modules/libvirtd/default.nix
+++ b/modules/libvirtd/default.nix
@ -0,0 +1,31 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.eboskma.libvirtd;
+in
+{
+  options.eboskma.libvirtd = { enable = mkEnableOption "libvirtd"; };
+
+  config = mkIf (cfg.enable) {
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+    networking = {
+      interfaces = {
+        br0 = {
+          useDHCP = true;
+          macAddress = "04:d9:f5:f9:c2:c6";
+        };
+      };
+
+      bridges = {
+        "br0" = {
+          interfaces = [ "enp4s0" ];
+          # rstp = true;
+        };
+      };
+    };
+
+    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
+  };
+}
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@ -9,48 +9,9 @@ in
 {
  options.eboskma.networking = {
    enable = mkEnableOption "activate networing settings";
-
-    dhcpInterfaces = mkOption {
-      description = "list of interfaces to enable DHCP on";
-      type = types.listOf types.nonEmptyStr;
-    };
-
-    hosts = mkOption {
-      description = "Additional entries to the hosts file";
-      type = types.attrsOf (types.listOf types.str);
-    };
  };

  config = mkIf cfg.enable {
-    networking = {
-      networkmanager.enable = true;
-      interfaces = listToAttrs (builtins.map
-        (iface: {
-          name = iface;
-          value = { useDHCP = true; };
-        })
-        cfg.dhcpInterfaces);
-      hosts = cfg.hosts;
-
-      firewall = {
-        trustedInterfaces = [ "lo" ];
-        interfaces = listToAttrs (builtins.map
-          (iface: {
-            name = iface;
-            value = {
-              allowedTCPPorts = [
-                # Horus System V2
-                12345
-                5555
-                5556
-                # Elixir/Phoenix dev environment
-                4000
-              ];
-            };
-          })
-          cfg.dhcpInterfaces);
-      };
-    };
    users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];

    environment.systemPackages = with pkgs; [