router is now a full virtual host

This commit is contained in:
James Andariese 2024-07-25 12:33:44 -05:00
parent a08f6e85bb
commit e8b4512af3
5 changed files with 87 additions and 70 deletions

View File

@ -108,11 +108,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1719708727, "lastModified": 1721523216,
"narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", "narHash": "sha256-/NjnIKkBoqKdvOS8unooDg0HqMaRUwYLbyn0ntjEckQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", "rev": "31a99025ce3784c20dd11dafa5260e80e314f59e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -129,11 +129,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720859326, "lastModified": 1721869487,
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", "narHash": "sha256-zcusn81g+0gO+tSMhfs4W+wAP9As/MWNTBCbS+Ggp7A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", "rev": "c12f9a969c8cdf14618774515c7c6c96aef753c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -175,11 +175,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1721686456, "lastModified": 1721821769,
"narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=", "narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "575f3027caa1e291d24f1e9fb0e3a19c2f26d96b", "rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -225,11 +225,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1721622955, "lastModified": 1721931394,
"narHash": "sha256-p151jyfsLa+hCsinD6RY0XIlcag1+8ftLBvmXwQIVzI=", "narHash": "sha256-LetDlT8SYpcDZURvkHW7OsVzE0QvmVWv+HIbwYsA0Ac=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f35ee655ea65eda94729cfd182713d9ae0d04ab8", "rev": "16f8054106f73b8cf21ded014ffa42fb4fe47947",
"revCount": 22, "revCount": 24,
"type": "git", "type": "git",
"url": "https://git.strudelline.net/cascade/numbers" "url": "https://git.strudelline.net/cascade/numbers"
}, },
@ -244,11 +244,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1721862828, "lastModified": 1721923974,
"narHash": "sha256-QU3C+8DY9w+q+kmoAmRWMw96pRwrjywh/ru0n/eKs04=", "narHash": "sha256-yz3VioYJXUTdl4TU1RZnGbRMj3ng3OTtVDEbGPFXGLE=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "31277b2e35bf4329164a927ff612198523a5c2ac", "rev": "eed14b5adada7325e916dfc3a89cbd4beef806a8",
"revCount": 6, "revCount": 7,
"type": "git", "type": "git",
"url": "https://git.strudelline.net/james/putex" "url": "https://git.strudelline.net/james/putex"
}, },

View File

@ -0,0 +1,31 @@
{ config, pkgs, lib, ... }:
{
config = {
systemd.services."cascade-router".unitConfig = {
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
After = [ "sys-subsystem-net-devices-wan0.device" ];
};
services.putex.putexes = {
sec-router = {
start = "/run/current-system/sw/bin/systemctl --no-block start cascade-router.service";
stop = ''
/run/current-system/sw/bin/systemctl stop -f -s 9 cascade-router.service
'';
healthcheck = ''
set -e
cd /sys/class/net
# cat all carrier values we care about,
# filter out the ones that are 1
# if there's anything left, exit 1.
if (for f in wan0 sec0 lan0;do echo "$f $(cat "$f"/carrier)"; done|grep -v 1|grep -q .) ;then
exit 1
fi
exit 0
'';
};
};
};
}

View File

@ -2,62 +2,31 @@
{ {
config = { config = {
#containers.wan-router = { #system.activationScripts."arpFilter" = ''
# privateNetwork = true; #PATH=${pkgs.procps}/bin:${pkgs.iptables}/bin:$PATH
# extraVeths.crwan0 = { # sysctl net.ipv4.conf.all.arp_filter=1
# hostBridge = "lan0"; # sysctl net.ipv4.conf.default.arp_filter=1
# }; #'';
# extraVeths.crlan0 = {
# hostBridge = "lan0";
# localAddress = "172.16.1.111";
# };
#};
systemd.services."container@sec-router".unitConfig = {
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
After = [ "sys-subsystem-net-devices-wan0.device" ];
};
#containers.sec-router = { environment.systemPackages = with pkgs; [
# autoStart = false; tcpdump
# restartIfChanged = true; ];
# ephemeral = true;
# privateNetwork = true;
# macvlans = [ "phy4:wan0" ];
# extraVeths.scrsec0 = {
# hostBridge = "sec0";
# localAddress = "10.127.1.254/24";
# };
# extraVeths.scrlan0 = {
# hostBridge = "lan0";
# localAddress = "172.16.1.254/12";
# };
# config = {
# system.activationScripts."arpFilter" = ''
# sysctl "net.ipv4.conf.all.arp_filter"=1
# sysctl "net.ipv4.conf.default.arp_filter"=1
# '';
# networking = { networking = {
# useHostResolvConf = false; nat = {
# useNetworkd = true; enable = true;
# useDHCP = false; externalInterface = "wan0";
# interfaces."wan0" = { internalInterfaces = [ "lan0" "sec0" ];
# useDHCP = true; };
# macAddress = "a0:ce:c8:c6:d2:5f"; useHostResolvConf = false;
# }; useNetworkd = true;
# }; useDHCP = false;
interfaces."wan0" = {
# system.stateVersion = "24.05"; useDHCP = true;
# }; #macAddress = "a0:ce:c8:c6:d2:5f";
#};
services.putex.putexes = {
sec-router = {
start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
stop = ''
/run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
'';
}; };
}; };
system.stateVersion = "24.05";
}; };
} }

4
modules/stateless-vm.nix Normal file
View File

@ -0,0 +1,4 @@
{
imports = [ ./vm.nix ];
config.virtualisation.diskImage = null;
}

13
modules/vm.nix Normal file
View File

@ -0,0 +1,13 @@
{ lib, modulesPath, ... }:
with lib;
{
imports = [
"${modulesPath}/virtualisation/qemu-vm.nix"
./server.nix
];
config = {
virtualisation.graphics = false;
};
}