cofractal-ams01: set up network bridge

This commit is contained in:
Luke Granger-Brown 2024-03-24 23:25:15 +00:00
parent cd2dac2c25
commit 0fd44c31c1
3 changed files with 80 additions and 1 deletions

View file

@ -65,6 +65,8 @@ in
../lib/coredns/default.nix ../lib/coredns/default.nix
../lib/deluge.nix ../lib/deluge.nix
../lib/plex.nix ../lib/plex.nix
./vm-bridge.nix
./vxlan-bridge.nix
]; ];
my.plex.customTLS = { my.plex.customTLS = {
@ -219,6 +221,7 @@ in
in [ in [
(bindMountSvc "/var/lib/tailscale" "tailscaled.service") (bindMountSvc "/var/lib/tailscale" "tailscaled.service")
(bindMountSvc "/var/lib/private/factorio" "factorio.service") (bindMountSvc "/var/lib/private/factorio" "factorio.service")
(bindMountSvc "/var/lib/libvirt" "libvirt.service")
]; ];
services.lukegbgp = let services.lukegbgp = let
@ -274,8 +277,8 @@ in
game-name = "Briefcase Full of Bees"; game-name = "Briefcase Full of Bees";
mods = depot.nix.pkgs.factorio-mods._all; mods = depot.nix.pkgs.factorio-mods._all;
mods-dat = ./mod-settings.dat; mods-dat = ./mod-settings.dat;
admins = ["lukegb"];
extraSettings = { extraSettings = {
admins = ["lukegb"];
auto_pause = true; auto_pause = true;
only_admins_can_pause_the_game = false; only_admins_can_pause_the_game = false;
game_password = depot.ops.secrets.factorioServerPassword; game_password = depot.ops.secrets.factorioServerPassword;

View file

@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
{
systemd.network.netdevs."40-br-public" = {
netdevConfig = {
Name = "br-public";
Kind = "bridge";
};
};
systemd.network.networks."40-br-public" = {
matchConfig.Name = "br-public";
};
systemd.network.netdevs."40-br-mgmt" = {
netdevConfig = {
Name = "br-mgmt";
Kind = "bridge";
};
};
systemd.network.networks."40-br-mgmt" = {
matchConfig.Name = "br-mgmt";
};
}

View file

@ -0,0 +1,49 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
{
imports = [ ./vm-bridge.nix ];
systemd.network.netdevs."40-vx-public" = {
netdevConfig = {
Name = "vx-public";
Kind = "vxlan";
};
vxlanConfig = {
VNI = 100;
Remote = "2a09:a441:0:ffff::1";
Local = "2a09:a446:1337:ffff::10";
DestinationPort = 4789;
};
};
systemd.network.networks."40-vx-public" = {
matchConfig.Name = "vx-public";
networkConfig.Bridge = "br-public";
};
systemd.network.netdevs."40-vx-mgmt" = {
netdevConfig = {
Name = "vx-mgmt";
Kind = "vxlan";
};
vxlanConfig = {
VNI = 101;
Remote = "2a09:a441:0:ffff::1";
Local = "2a09:a446:1337:ffff::10";
DestinationPort = 4789;
};
};
systemd.network.networks."40-vx-mgmt" = {
matchConfig.Name = "vx-mgmt";
networkConfig.Bridge = "br-mgmt";
};
networking.firewall.extraCommands = ''
ip6tables -I nixos-fw -p udp --src 2a09:a441:0:ffff::1 --dst 2a09:a446:1337:ffff::10 --dport 4789 -j ACCEPT
'';
systemd.network.networks."40-bond0".networkConfig.VXLAN = [ "vx-public" "vx-mgmt" ];
}