add libvirt to nixos-vps

2024-01-12 23:57:57 +03:00 · 2024-01-12 23:57:57 +03:00 · 5ec508f0f4
commit 5ec508f0f4
parent 7c4bb025ea
3 changed files with 30 additions and 4 deletions
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@ -182,7 +182,7 @@
  users.users = {
    ${config.mainuser} = {
      isNormalUser = true;
-      extraGroups = [ "disk" "systemd-journal" "wheel" ];
+      extraGroups = [ "disk" "systemd-journal" "wheel" "qemu-libvirtd" "libvirtd" ];
      uid = 1000;
      hashedPassword =
        "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
@ -231,7 +231,19 @@
        runroot = "/run/containers/storage";
      };
    };
+    libvirtd = {
+      enable = true;
+      qemu = {
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
+        runAsRoot = false;
+      };
+      onBoot = "ignore";
+      onShutdown = "shutdown";
+    };
  };
+  programs.virt-manager.enable = true;
+  networking.firewall.trustedInterfaces = [ "podman+" "vnet+" "virbr+" ];
  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
  security.unprivilegedUsernsClone = true;

--- a/machines/NixOS-VPS/hardware/networks.nix
+++ b/machines/NixOS-VPS/hardware/networks.nix
@ -6,6 +6,7 @@ rec {
      # This is the public-facing interface. Any interface name with a prime
      # symbol means it's a public-facing interface.
      main' = {
+        mac = "72:df:16:d2:1b:d7";
        bridgeName = "br0";
        ifname = "enp0s18";
        IPv4 = {
--- a/machines/NixOS-VPS/network.nix
+++ b/machines/NixOS-VPS/network.nix
@ -33,9 +33,9 @@ in {
        ];
        linkConfig.RequiredForOnline = "routable";
        networkConfig = {
-          DHCP = "no";
+          DHCPServer = true;
          IPForward = true;
-          IPv6PrivacyExtensions = "kernel";
+          # IPv6PrivacyExtensions = "kernel";
          DNS = IPv4.dns ++ IPv6.dns;
        };
        routes = [{
@ -44,6 +44,19 @@ in {
        } {
          routeConfig.Gateway = IPv6.gateway;
          routeConfig.GatewayOnLink = true;
+        } {
+          routeConfig.Destination = "192.168.0.1/24";
+        }];
+        dhcpServerConfig = {
+          ServerAddress = "192.168.0.1/24";
+          PoolOffset = 100;
+          PoolSize = 100;
+        };
+        dhcpServerStaticLeases = [{
+          dhcpServerStaticLeaseConfig = {
+            MACAddress = "52:54:00:5b:49:bf";
+            Address = "192.168.0.11";
+          };
        }];
      };
    };
@ -52,7 +65,7 @@ in {
        netdevConfig = {
          Kind = "bridge";
          Name = bridgeName;
-          MACAddress = "72:df:16:d2:1b:d7";
+          MACAddress = mac;
        };
      };
    };