50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
|
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
|
||
|
#
|
||
|
# SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
{ depot, lib, pkgs, config, ... }:
|
||
|
|
||
|
{
|
||
|
imports = [ ./vm-bridge.nix ];
|
||
|
|
||
|
systemd.network.netdevs."40-vx-public" = {
|
||
|
netdevConfig = {
|
||
|
Name = "vx-public";
|
||
|
Kind = "vxlan";
|
||
|
};
|
||
|
vxlanConfig = {
|
||
|
VNI = 100;
|
||
|
Remote = "2a09:a441:0:ffff::1";
|
||
|
Local = "2a09:a446:1337:ffff::10";
|
||
|
DestinationPort = 4789;
|
||
|
};
|
||
|
};
|
||
|
systemd.network.networks."40-vx-public" = {
|
||
|
matchConfig.Name = "vx-public";
|
||
|
networkConfig.Bridge = "br-public";
|
||
|
};
|
||
|
|
||
|
systemd.network.netdevs."40-vx-mgmt" = {
|
||
|
netdevConfig = {
|
||
|
Name = "vx-mgmt";
|
||
|
Kind = "vxlan";
|
||
|
};
|
||
|
vxlanConfig = {
|
||
|
VNI = 101;
|
||
|
Remote = "2a09:a441:0:ffff::1";
|
||
|
Local = "2a09:a446:1337:ffff::10";
|
||
|
DestinationPort = 4789;
|
||
|
};
|
||
|
};
|
||
|
systemd.network.networks."40-vx-mgmt" = {
|
||
|
matchConfig.Name = "vx-mgmt";
|
||
|
networkConfig.Bridge = "br-mgmt";
|
||
|
};
|
||
|
|
||
|
networking.firewall.extraCommands = ''
|
||
|
ip6tables -I nixos-fw -p udp --src 2a09:a441:0:ffff::1 --dst 2a09:a446:1337:ffff::10 --dport 4789 -j ACCEPT
|
||
|
'';
|
||
|
|
||
|
systemd.network.networks."40-bond0".networkConfig.VXLAN = [ "vx-public" "vx-mgmt" ];
|
||
|
}
|