64 lines
1.6 KiB
Nix
64 lines
1.6 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
config = {
|
|
#containers.wan-router = {
|
|
# privateNetwork = true;
|
|
# extraVeths.crwan0 = {
|
|
# hostBridge = "lan0";
|
|
# };
|
|
# extraVeths.crlan0 = {
|
|
# hostBridge = "lan0";
|
|
# localAddress = "172.16.1.111";
|
|
# };
|
|
#};
|
|
systemd.services."container@sec-router".unitConfig = {
|
|
Wants = [ "sys-subsystem-net-devices-wan0.device" ];
|
|
After = [ "sys-subsystem-net-devices-wan0.device" ];
|
|
};
|
|
|
|
#containers.sec-router = {
|
|
# autoStart = false;
|
|
# restartIfChanged = true;
|
|
# ephemeral = true;
|
|
# privateNetwork = true;
|
|
# macvlans = [ "phy4:wan0" ];
|
|
# extraVeths.scrsec0 = {
|
|
# hostBridge = "sec0";
|
|
# localAddress = "10.127.1.254/24";
|
|
# };
|
|
# extraVeths.scrlan0 = {
|
|
# hostBridge = "lan0";
|
|
# localAddress = "172.16.1.254/12";
|
|
# };
|
|
# config = {
|
|
# system.activationScripts."arpFilter" = ''
|
|
# sysctl "net.ipv4.conf.all.arp_filter"=1
|
|
# sysctl "net.ipv4.conf.default.arp_filter"=1
|
|
# '';
|
|
|
|
# networking = {
|
|
# useHostResolvConf = false;
|
|
# useNetworkd = true;
|
|
# useDHCP = false;
|
|
# interfaces."wan0" = {
|
|
# useDHCP = true;
|
|
# macAddress = "a0:ce:c8:c6:d2:5f";
|
|
# };
|
|
# };
|
|
|
|
# system.stateVersion = "24.05";
|
|
# };
|
|
#};
|
|
|
|
services.putex.putexes = {
|
|
sec-router = {
|
|
start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
|
|
stop = ''
|
|
/run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|