cascade/nixos
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

router is now a full virtual host

Browse Source
This commit is contained in:
James Andariese 2024-07-25 12:33:44 -05:00
parent a08f6e85bb
commit e8b4512af3
5 changed files with 87 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock
View File

@ -108,11 +108,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1719708727,
"narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
"lastModified": 1721523216,
"narHash": "sha256-/NjnIKkBoqKdvOS8unooDg0HqMaRUwYLbyn0ntjEckQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
"rev": "31a99025ce3784c20dd11dafa5260e80e314f59e",
"type": "github"
},
"original": {
@ -129,11 +129,11 @@
]
},
"locked": {
"lastModified": 1720859326,
"narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
"lastModified": 1721869487,
"narHash": "sha256-zcusn81g+0gO+tSMhfs4W+wAP9As/MWNTBCbS+Ggp7A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
"rev": "c12f9a969c8cdf14618774515c7c6c96aef753c7",
"type": "github"
},
"original": {
@ -175,11 +175,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1721686456,
"narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=",
"lastModified": 1721821769,
"narHash": "sha256-PhmkdTJs2SfqKzSyDB74rDKp1MH4mGk0pG/+WqrnGEw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "575f3027caa1e291d24f1e9fb0e3a19c2f26d96b",
"rev": "d0907b75146a0ccc1ec0d6c3db287ec287588ef6",
"type": "github"
},
"original": {
@ -225,11 +225,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1721622955,
"narHash": "sha256-p151jyfsLa+hCsinD6RY0XIlcag1+8ftLBvmXwQIVzI=",
"lastModified": 1721931394,
"narHash": "sha256-LetDlT8SYpcDZURvkHW7OsVzE0QvmVWv+HIbwYsA0Ac=",
"ref": "refs/heads/main",
"rev": "f35ee655ea65eda94729cfd182713d9ae0d04ab8",
"revCount": 22,
"rev": "16f8054106f73b8cf21ded014ffa42fb4fe47947",
"revCount": 24,
"type": "git",
"url": "https://git.strudelline.net/cascade/numbers"
},
@ -244,11 +244,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1721862828,
"narHash": "sha256-QU3C+8DY9w+q+kmoAmRWMw96pRwrjywh/ru0n/eKs04=",
"lastModified": 1721923974,
"narHash": "sha256-yz3VioYJXUTdl4TU1RZnGbRMj3ng3OTtVDEbGPFXGLE=",
"ref": "refs/heads/main",
"rev": "31277b2e35bf4329164a927ff612198523a5c2ac",
"revCount": 6,
"rev": "eed14b5adada7325e916dfc3a89cbd4beef806a8",
"revCount": 7,
"type": "git",
"url": "https://git.strudelline.net/james/putex"
},

31
modules/cascade-router-host.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, pkgs, lib, ... }:
{
config = {
systemd.services."cascade-router".unitConfig = {
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
After = [ "sys-subsystem-net-devices-wan0.device" ];
};
services.putex.putexes = {
sec-router = {
start = "/run/current-system/sw/bin/systemctl --no-block start cascade-router.service";
stop = ''
/run/current-system/sw/bin/systemctl stop -f -s 9 cascade-router.service
'';
healthcheck = ''
set -e
cd /sys/class/net
# cat all carrier values we care about,
# filter out the ones that are 1
# if there's anything left, exit 1.
if (for f in wan0 sec0 lan0;do echo "$f $(cat "$f"/carrier)"; done|grep -v 1|grep -q .) ;then
exit 1
fi
exit 0
'';
};
};
};
}

77
modules/cascade-router.nix
View File

@ -2,62 +2,31 @@
{
config = {
#containers.wan-router = {
# privateNetwork = true;
# extraVeths.crwan0 = {
# hostBridge = "lan0";
# };
# extraVeths.crlan0 = {
# hostBridge = "lan0";
# localAddress = "172.16.1.111";
# };
#};
systemd.services."container@sec-router".unitConfig = {
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
After = [ "sys-subsystem-net-devices-wan0.device" ];
#system.activationScripts."arpFilter" = ''
#PATH=${pkgs.procps}/bin:${pkgs.iptables}/bin:$PATH
# sysctl net.ipv4.conf.all.arp_filter=1
# sysctl net.ipv4.conf.default.arp_filter=1
#'';
environment.systemPackages = with pkgs; [
tcpdump
];
networking = {
nat = {
enable = true;
externalInterface = "wan0";
internalInterfaces = [ "lan0" "sec0" ];
};
#containers.sec-router = {
# autoStart = false;
# restartIfChanged = true;
# ephemeral = true;
# privateNetwork = true;
# macvlans = [ "phy4:wan0" ];
# extraVeths.scrsec0 = {
# hostBridge = "sec0";
# localAddress = "10.127.1.254/24";
# };
# extraVeths.scrlan0 = {
# hostBridge = "lan0";
# localAddress = "172.16.1.254/12";
# };
# config = {
# system.activationScripts."arpFilter" = ''
# sysctl "net.ipv4.conf.all.arp_filter"=1
# sysctl "net.ipv4.conf.default.arp_filter"=1
# '';
# networking = {
# useHostResolvConf = false;
# useNetworkd = true;
# useDHCP = false;
# interfaces."wan0" = {
# useDHCP = true;
# macAddress = "a0:ce:c8:c6:d2:5f";
# };
# };
# system.stateVersion = "24.05";
# };
#};
services.putex.putexes = {
sec-router = {
start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
stop = ''
/run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
'';
useHostResolvConf = false;
useNetworkd = true;
useDHCP = false;
interfaces."wan0" = {
useDHCP = true;
#macAddress = "a0:ce:c8:c6:d2:5f";
};
};
system.stateVersion = "24.05";
};
}

4
modules/stateless-vm.nix Normal file
View File

@ -0,0 +1,4 @@
{
imports = [ ./vm.nix ];
config.virtualisation.diskImage = null;
}

13
modules/vm.nix Normal file
View File

@ -0,0 +1,13 @@
{ lib, modulesPath, ... }:
with lib;
{
imports = [
"${modulesPath}/virtualisation/qemu-vm.nix"
./server.nix
];
config = {
virtualisation.graphics = false;
};
}