cofractal-ams01: set up network bridge
This commit is contained in:
parent
cd2dac2c25
commit
0fd44c31c1
3 changed files with 80 additions and 1 deletions
|
@ -65,6 +65,8 @@ in
|
||||||
../lib/coredns/default.nix
|
../lib/coredns/default.nix
|
||||||
../lib/deluge.nix
|
../lib/deluge.nix
|
||||||
../lib/plex.nix
|
../lib/plex.nix
|
||||||
|
./vm-bridge.nix
|
||||||
|
./vxlan-bridge.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
my.plex.customTLS = {
|
my.plex.customTLS = {
|
||||||
|
@ -219,6 +221,7 @@ in
|
||||||
in [
|
in [
|
||||||
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
|
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
|
||||||
(bindMountSvc "/var/lib/private/factorio" "factorio.service")
|
(bindMountSvc "/var/lib/private/factorio" "factorio.service")
|
||||||
|
(bindMountSvc "/var/lib/libvirt" "libvirt.service")
|
||||||
];
|
];
|
||||||
|
|
||||||
services.lukegbgp = let
|
services.lukegbgp = let
|
||||||
|
@ -274,8 +277,8 @@ in
|
||||||
game-name = "Briefcase Full of Bees";
|
game-name = "Briefcase Full of Bees";
|
||||||
mods = depot.nix.pkgs.factorio-mods._all;
|
mods = depot.nix.pkgs.factorio-mods._all;
|
||||||
mods-dat = ./mod-settings.dat;
|
mods-dat = ./mod-settings.dat;
|
||||||
extraSettings = {
|
|
||||||
admins = ["lukegb"];
|
admins = ["lukegb"];
|
||||||
|
extraSettings = {
|
||||||
auto_pause = true;
|
auto_pause = true;
|
||||||
only_admins_can_pause_the_game = false;
|
only_admins_can_pause_the_game = false;
|
||||||
game_password = depot.ops.secrets.factorioServerPassword;
|
game_password = depot.ops.secrets.factorioServerPassword;
|
||||||
|
|
27
ops/nixos/cofractal-ams01/vm-bridge.nix
Normal file
27
ops/nixos/cofractal-ams01/vm-bridge.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, lib, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
systemd.network.netdevs."40-br-public" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "br-public";
|
||||||
|
Kind = "bridge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.network.networks."40-br-public" = {
|
||||||
|
matchConfig.Name = "br-public";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.netdevs."40-br-mgmt" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "br-mgmt";
|
||||||
|
Kind = "bridge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.network.networks."40-br-mgmt" = {
|
||||||
|
matchConfig.Name = "br-mgmt";
|
||||||
|
};
|
||||||
|
}
|
49
ops/nixos/cofractal-ams01/vxlan-bridge.nix
Normal file
49
ops/nixos/cofractal-ams01/vxlan-bridge.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, lib, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ./vm-bridge.nix ];
|
||||||
|
|
||||||
|
systemd.network.netdevs."40-vx-public" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "vx-public";
|
||||||
|
Kind = "vxlan";
|
||||||
|
};
|
||||||
|
vxlanConfig = {
|
||||||
|
VNI = 100;
|
||||||
|
Remote = "2a09:a441:0:ffff::1";
|
||||||
|
Local = "2a09:a446:1337:ffff::10";
|
||||||
|
DestinationPort = 4789;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.network.networks."40-vx-public" = {
|
||||||
|
matchConfig.Name = "vx-public";
|
||||||
|
networkConfig.Bridge = "br-public";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.netdevs."40-vx-mgmt" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "vx-mgmt";
|
||||||
|
Kind = "vxlan";
|
||||||
|
};
|
||||||
|
vxlanConfig = {
|
||||||
|
VNI = 101;
|
||||||
|
Remote = "2a09:a441:0:ffff::1";
|
||||||
|
Local = "2a09:a446:1337:ffff::10";
|
||||||
|
DestinationPort = 4789;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.network.networks."40-vx-mgmt" = {
|
||||||
|
matchConfig.Name = "vx-mgmt";
|
||||||
|
networkConfig.Bridge = "br-mgmt";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
ip6tables -I nixos-fw -p udp --src 2a09:a441:0:ffff::1 --dst 2a09:a446:1337:ffff::10 --dport 4789 -j ACCEPT
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.network.networks."40-bond0".networkConfig.VXLAN = [ "vx-public" "vx-mgmt" ];
|
||||||
|
}
|
Loading…
Reference in a new issue