router is now a full virtual host
This commit is contained in:
parent
a08f6e85bb
commit
e8b4512af3
34
flake.lock
34
flake.lock
|
@ -108,11 +108,11 @@
|
|||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1719708727,
|
||||
"narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
|
||||
"lastModified": 1721523216,
|
||||
"narHash": "sha256-/NjnIKkBoqKdvOS8unooDg0HqMaRUwYLbyn0ntjEckQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
|
||||
"rev": "31a99025ce3784c20dd11dafa5260e80e314f59e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -129,11 +129,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720859326,
|
||||
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
|
||||
"lastModified": 1721869487,
|
||||
"narHash": "sha256-zcusn81g+0gO+tSMhfs4W+wAP9As/MWNTBCbS+Ggp7A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
|
||||
"rev": "c12f9a969c8cdf14618774515c7c6c96aef753c7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -175,11 +175,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1721686456,
|
||||
"narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=",
|
||||
"lastModified": 1721821769,
|
||||
"narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "575f3027caa1e291d24f1e9fb0e3a19c2f26d96b",
|
||||
"rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -225,11 +225,11 @@
|
|||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721622955,
|
||||
"narHash": "sha256-p151jyfsLa+hCsinD6RY0XIlcag1+8ftLBvmXwQIVzI=",
|
||||
"lastModified": 1721931394,
|
||||
"narHash": "sha256-LetDlT8SYpcDZURvkHW7OsVzE0QvmVWv+HIbwYsA0Ac=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "f35ee655ea65eda94729cfd182713d9ae0d04ab8",
|
||||
"revCount": 22,
|
||||
"rev": "16f8054106f73b8cf21ded014ffa42fb4fe47947",
|
||||
"revCount": 24,
|
||||
"type": "git",
|
||||
"url": "https://git.strudelline.net/cascade/numbers"
|
||||
},
|
||||
|
@ -244,11 +244,11 @@
|
|||
"nixpkgs": "nixpkgs_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721862828,
|
||||
"narHash": "sha256-QU3C+8DY9w+q+kmoAmRWMw96pRwrjywh/ru0n/eKs04=",
|
||||
"lastModified": 1721923974,
|
||||
"narHash": "sha256-yz3VioYJXUTdl4TU1RZnGbRMj3ng3OTtVDEbGPFXGLE=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "31277b2e35bf4329164a927ff612198523a5c2ac",
|
||||
"revCount": 6,
|
||||
"rev": "eed14b5adada7325e916dfc3a89cbd4beef806a8",
|
||||
"revCount": 7,
|
||||
"type": "git",
|
||||
"url": "https://git.strudelline.net/james/putex"
|
||||
},
|
||||
|
|
31
modules/cascade-router-host.nix
Normal file
31
modules/cascade-router-host.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
config = {
|
||||
systemd.services."cascade-router".unitConfig = {
|
||||
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||
After = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||
};
|
||||
|
||||
services.putex.putexes = {
|
||||
sec-router = {
|
||||
start = "/run/current-system/sw/bin/systemctl --no-block start cascade-router.service";
|
||||
stop = ''
|
||||
/run/current-system/sw/bin/systemctl stop -f -s 9 cascade-router.service
|
||||
'';
|
||||
healthcheck = ''
|
||||
set -e
|
||||
cd /sys/class/net
|
||||
|
||||
# cat all carrier values we care about,
|
||||
# filter out the ones that are 1
|
||||
# if there's anything left, exit 1.
|
||||
if (for f in wan0 sec0 lan0;do echo "$f $(cat "$f"/carrier)"; done|grep -v 1|grep -q .) ;then
|
||||
exit 1
|
||||
fi
|
||||
exit 0
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -2,62 +2,31 @@
|
|||
|
||||
{
|
||||
config = {
|
||||
#containers.wan-router = {
|
||||
# privateNetwork = true;
|
||||
# extraVeths.crwan0 = {
|
||||
# hostBridge = "lan0";
|
||||
# };
|
||||
# extraVeths.crlan0 = {
|
||||
# hostBridge = "lan0";
|
||||
# localAddress = "172.16.1.111";
|
||||
# };
|
||||
#};
|
||||
systemd.services."container@sec-router".unitConfig = {
|
||||
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||
After = [ "sys-subsystem-net-devices-wan0.device" ];
|
||||
#system.activationScripts."arpFilter" = ''
|
||||
#PATH=${pkgs.procps}/bin:${pkgs.iptables}/bin:$PATH
|
||||
# sysctl net.ipv4.conf.all.arp_filter=1
|
||||
# sysctl net.ipv4.conf.default.arp_filter=1
|
||||
#'';
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
tcpdump
|
||||
];
|
||||
|
||||
networking = {
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "wan0";
|
||||
internalInterfaces = [ "lan0" "sec0" ];
|
||||
};
|
||||
|
||||
#containers.sec-router = {
|
||||
# autoStart = false;
|
||||
# restartIfChanged = true;
|
||||
# ephemeral = true;
|
||||
# privateNetwork = true;
|
||||
# macvlans = [ "phy4:wan0" ];
|
||||
# extraVeths.scrsec0 = {
|
||||
# hostBridge = "sec0";
|
||||
# localAddress = "10.127.1.254/24";
|
||||
# };
|
||||
# extraVeths.scrlan0 = {
|
||||
# hostBridge = "lan0";
|
||||
# localAddress = "172.16.1.254/12";
|
||||
# };
|
||||
# config = {
|
||||
# system.activationScripts."arpFilter" = ''
|
||||
# sysctl "net.ipv4.conf.all.arp_filter"=1
|
||||
# sysctl "net.ipv4.conf.default.arp_filter"=1
|
||||
# '';
|
||||
|
||||
# networking = {
|
||||
# useHostResolvConf = false;
|
||||
# useNetworkd = true;
|
||||
# useDHCP = false;
|
||||
# interfaces."wan0" = {
|
||||
# useDHCP = true;
|
||||
# macAddress = "a0:ce:c8:c6:d2:5f";
|
||||
# };
|
||||
# };
|
||||
|
||||
# system.stateVersion = "24.05";
|
||||
# };
|
||||
#};
|
||||
|
||||
services.putex.putexes = {
|
||||
sec-router = {
|
||||
start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
|
||||
stop = ''
|
||||
/run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
|
||||
'';
|
||||
useHostResolvConf = false;
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
interfaces."wan0" = {
|
||||
useDHCP = true;
|
||||
#macAddress = "a0:ce:c8:c6:d2:5f";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
};
|
||||
}
|
||||
|
|
4
modules/stateless-vm.nix
Normal file
4
modules/stateless-vm.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
imports = [ ./vm.nix ];
|
||||
config.virtualisation.diskImage = null;
|
||||
}
|
13
modules/vm.nix
Normal file
13
modules/vm.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ lib, modulesPath, ... }:
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
"${modulesPath}/virtualisation/qemu-vm.nix"
|
||||
./server.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
virtualisation.graphics = false;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user