AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add libvirt to nixos-vps

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-01-12 23:57:57 +03:00
parent 7c4bb025ea
commit 5ec508f0f4
3 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
machines/NixOS-VPS/default.nix
View File

@ -182,7 +182,7 @@
users.users = { users.users = {
${config.mainuser} = { ${config.mainuser} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "disk" "systemd-journal" "wheel" ]; extraGroups = [ "disk" "systemd-journal" "wheel" "qemu-libvirtd" "libvirtd" ];
uid = 1000; uid = 1000;
hashedPassword = hashedPassword =
"$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6"; "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
@ -231,7 +231,19 @@
runroot = "/run/containers/storage"; runroot = "/run/containers/storage";
}; };
}; };
libvirtd = {
enable = true;
qemu = {
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
runAsRoot = false;
}; };
onBoot = "ignore";
onShutdown = "shutdown";
};
};
programs.virt-manager.enable = true;
networking.firewall.trustedInterfaces = [ "podman+" "vnet+" "virbr+" ];
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
security.unprivilegedUsernsClone = true; security.unprivilegedUsernsClone = true;

1
machines/NixOS-VPS/hardware/networks.nix
View File

@ -6,6 +6,7 @@ rec {
# This is the public-facing interface. Any interface name with a prime # This is the public-facing interface. Any interface name with a prime
# symbol means it's a public-facing interface. # symbol means it's a public-facing interface.
main' = { main' = {
mac = "72:df:16:d2:1b:d7";
bridgeName = "br0"; bridgeName = "br0";
ifname = "enp0s18"; ifname = "enp0s18";
IPv4 = { IPv4 = {

19
machines/NixOS-VPS/network.nix
View File

@ -33,9 +33,9 @@ in {
]; ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
networkConfig = { networkConfig = {
DHCP = "no"; DHCPServer = true;
IPForward = true; IPForward = true;
IPv6PrivacyExtensions = "kernel"; # IPv6PrivacyExtensions = "kernel";
DNS = IPv4.dns ++ IPv6.dns; DNS = IPv4.dns ++ IPv6.dns;
}; };
routes = [{ routes = [{
@ -44,6 +44,19 @@ in {
} { } {
routeConfig.Gateway = IPv6.gateway; routeConfig.Gateway = IPv6.gateway;
routeConfig.GatewayOnLink = true; routeConfig.GatewayOnLink = true;
} {
routeConfig.Destination = "192.168.0.1/24";
}];
dhcpServerConfig = {
ServerAddress = "192.168.0.1/24";
PoolOffset = 100;
PoolSize = 100;
};
dhcpServerStaticLeases = [{
dhcpServerStaticLeaseConfig = {
MACAddress = "52:54:00:5b:49:bf";
Address = "192.168.0.11";
};
}]; }];
}; };
}; };
@ -52,7 +65,7 @@ in {
netdevConfig = { netdevConfig = {
Kind = "bridge"; Kind = "bridge";
Name = bridgeName; Name = bridgeName;
MACAddress = "72:df:16:d2:1b:d7"; MACAddress = mac;
}; };
}; };
}; };