68 lines
1.5 KiB
Nix
68 lines
1.5 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.eboskma.libvirtd;
|
|
in
|
|
{
|
|
options.eboskma.libvirtd = { enable = mkEnableOption "libvirtd"; };
|
|
|
|
config = mkIf cfg.enable {
|
|
virtualisation.libvirtd = {
|
|
enable = true;
|
|
allowedBridges = [ "br0" ];
|
|
};
|
|
|
|
systemd.network = {
|
|
netdevs = {
|
|
"40-br0" = {
|
|
enable = true;
|
|
netdevConfig = {
|
|
Kind = "bridge";
|
|
Name = "br0";
|
|
};
|
|
extraConfig = ''
|
|
[Bridge]
|
|
STP=yes
|
|
'';
|
|
};
|
|
};
|
|
|
|
networks = {
|
|
"40-br0" = {
|
|
enable = true;
|
|
matchConfig = {
|
|
Name = "br0";
|
|
};
|
|
linkConfig = {
|
|
MACAddress = "04:d9:f5:f9:c2:c6";
|
|
};
|
|
networkConfig = {
|
|
DHCP = "yes";
|
|
IPv6PrivacyExtensions = "kernel";
|
|
};
|
|
};
|
|
|
|
"40-enp4s0" = {
|
|
enable = true;
|
|
bridge = [ "br0" ];
|
|
matchConfig = {
|
|
Name = "enp4s0";
|
|
};
|
|
networkConfig = {
|
|
DHCP = mkForce "no";
|
|
IPv6PrivacyExtensions = "kernel";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.docker = {
|
|
serviceConfig = {
|
|
ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT";
|
|
};
|
|
};
|
|
users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
|
|
|
|
environment.systemPackages = with pkgs; [ virt-manager ];
|
|
};
|
|
}
|