router is now a full virtual host
This commit is contained in:
parent
a08f6e85bb
commit
e8b4512af3
34
flake.lock
34
flake.lock
|
|
@ -108,11 +108,11 @@
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719708727,
|
"lastModified": 1721523216,
|
||||||
"narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
|
"narHash": "sha256-/NjnIKkBoqKdvOS8unooDg0HqMaRUwYLbyn0ntjEckQ=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
|
"rev": "31a99025ce3784c20dd11dafa5260e80e314f59e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -129,11 +129,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720859326,
|
"lastModified": 1721869487,
|
||||||
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
|
"narHash": "sha256-zcusn81g+0gO+tSMhfs4W+wAP9As/MWNTBCbS+Ggp7A=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
|
"rev": "c12f9a969c8cdf14618774515c7c6c96aef753c7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -175,11 +175,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721686456,
|
"lastModified": 1721821769,
|
||||||
"narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=",
|
"narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "575f3027caa1e291d24f1e9fb0e3a19c2f26d96b",
|
"rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -225,11 +225,11 @@
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721622955,
|
"lastModified": 1721931394,
|
||||||
"narHash": "sha256-p151jyfsLa+hCsinD6RY0XIlcag1+8ftLBvmXwQIVzI=",
|
"narHash": "sha256-LetDlT8SYpcDZURvkHW7OsVzE0QvmVWv+HIbwYsA0Ac=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "f35ee655ea65eda94729cfd182713d9ae0d04ab8",
|
"rev": "16f8054106f73b8cf21ded014ffa42fb4fe47947",
|
||||||
"revCount": 22,
|
"revCount": 24,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.strudelline.net/cascade/numbers"
|
"url": "https://git.strudelline.net/cascade/numbers"
|
||||||
},
|
},
|
||||||
|
|
@ -244,11 +244,11 @@
|
||||||
"nixpkgs": "nixpkgs_5"
|
"nixpkgs": "nixpkgs_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721862828,
|
"lastModified": 1721923974,
|
||||||
"narHash": "sha256-QU3C+8DY9w+q+kmoAmRWMw96pRwrjywh/ru0n/eKs04=",
|
"narHash": "sha256-yz3VioYJXUTdl4TU1RZnGbRMj3ng3OTtVDEbGPFXGLE=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "31277b2e35bf4329164a927ff612198523a5c2ac",
|
"rev": "eed14b5adada7325e916dfc3a89cbd4beef806a8",
|
||||||
"revCount": 6,
|
"revCount": 7,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.strudelline.net/james/putex"
|
"url": "https://git.strudelline.net/james/putex"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
31
modules/cascade-router-host.nix
Normal file
31
modules/cascade-router-host.nix
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
systemd.services."cascade-router".unitConfig = {
|
||||||
|
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||||
|
After = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.putex.putexes = {
|
||||||
|
sec-router = {
|
||||||
|
start = "/run/current-system/sw/bin/systemctl --no-block start cascade-router.service";
|
||||||
|
stop = ''
|
||||||
|
/run/current-system/sw/bin/systemctl stop -f -s 9 cascade-router.service
|
||||||
|
'';
|
||||||
|
healthcheck = ''
|
||||||
|
set -e
|
||||||
|
cd /sys/class/net
|
||||||
|
|
||||||
|
# cat all carrier values we care about,
|
||||||
|
# filter out the ones that are 1
|
||||||
|
# if there's anything left, exit 1.
|
||||||
|
if (for f in wan0 sec0 lan0;do echo "$f $(cat "$f"/carrier)"; done|grep -v 1|grep -q .) ;then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,62 +2,31 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
config = {
|
config = {
|
||||||
#containers.wan-router = {
|
#system.activationScripts."arpFilter" = ''
|
||||||
# privateNetwork = true;
|
#PATH=${pkgs.procps}/bin:${pkgs.iptables}/bin:$PATH
|
||||||
# extraVeths.crwan0 = {
|
# sysctl net.ipv4.conf.all.arp_filter=1
|
||||||
# hostBridge = "lan0";
|
# sysctl net.ipv4.conf.default.arp_filter=1
|
||||||
# };
|
#'';
|
||||||
# extraVeths.crlan0 = {
|
|
||||||
# hostBridge = "lan0";
|
environment.systemPackages = with pkgs; [
|
||||||
# localAddress = "172.16.1.111";
|
tcpdump
|
||||||
# };
|
];
|
||||||
#};
|
|
||||||
systemd.services."container@sec-router".unitConfig = {
|
networking = {
|
||||||
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
|
nat = {
|
||||||
After = [ "sys-subsystem-net-devices-wan0.device" ];
|
enable = true;
|
||||||
|
externalInterface = "wan0";
|
||||||
|
internalInterfaces = [ "lan0" "sec0" ];
|
||||||
};
|
};
|
||||||
|
useHostResolvConf = false;
|
||||||
#containers.sec-router = {
|
useNetworkd = true;
|
||||||
# autoStart = false;
|
useDHCP = false;
|
||||||
# restartIfChanged = true;
|
interfaces."wan0" = {
|
||||||
# ephemeral = true;
|
useDHCP = true;
|
||||||
# privateNetwork = true;
|
#macAddress = "a0:ce:c8:c6:d2:5f";
|
||||||
# macvlans = [ "phy4:wan0" ];
|
|
||||||
# extraVeths.scrsec0 = {
|
|
||||||
# hostBridge = "sec0";
|
|
||||||
# localAddress = "10.127.1.254/24";
|
|
||||||
# };
|
|
||||||
# extraVeths.scrlan0 = {
|
|
||||||
# hostBridge = "lan0";
|
|
||||||
# localAddress = "172.16.1.254/12";
|
|
||||||
# };
|
|
||||||
# config = {
|
|
||||||
# system.activationScripts."arpFilter" = ''
|
|
||||||
# sysctl "net.ipv4.conf.all.arp_filter"=1
|
|
||||||
# sysctl "net.ipv4.conf.default.arp_filter"=1
|
|
||||||
# '';
|
|
||||||
|
|
||||||
# networking = {
|
|
||||||
# useHostResolvConf = false;
|
|
||||||
# useNetworkd = true;
|
|
||||||
# useDHCP = false;
|
|
||||||
# interfaces."wan0" = {
|
|
||||||
# useDHCP = true;
|
|
||||||
# macAddress = "a0:ce:c8:c6:d2:5f";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# system.stateVersion = "24.05";
|
|
||||||
# };
|
|
||||||
#};
|
|
||||||
|
|
||||||
services.putex.putexes = {
|
|
||||||
sec-router = {
|
|
||||||
start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
|
|
||||||
stop = ''
|
|
||||||
/run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
4
modules/stateless-vm.nix
Normal file
4
modules/stateless-vm.nix
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
imports = [ ./vm.nix ];
|
||||||
|
config.virtualisation.diskImage = null;
|
||||||
|
}
|
||||||
13
modules/vm.nix
Normal file
13
modules/vm.nix
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
"${modulesPath}/virtualisation/qemu-vm.nix"
|
||||||
|
./server.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
virtualisation.graphics = false;
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user