lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions
depot/ops/nixos/cofractal-ams01/vxlan-bridge.nix

49 lines
1.2 KiB
Nix
Raw Blame History

# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
{
imports = [ ./vm-bridge.nix ];
systemd.network.netdevs."40-vx-public" = {
netdevConfig = {
Name = "vx-public";
Kind = "vxlan";
};
vxlanConfig = {
VNI = 100;
Remote = "2a09:a441:0:ffff::1";
Local = "2a09:a446:1337:ffff::10";
DestinationPort = 4789;
};
};
systemd.network.networks."40-vx-public" = {
matchConfig.Name = "vx-public";
networkConfig.Bridge = "br-public";
};
systemd.network.netdevs."40-vx-mgmt" = {
netdevConfig = {
Name = "vx-mgmt";
Kind = "vxlan";
};
vxlanConfig = {
VNI = 101;
Remote = "2a09:a441:0:ffff::1";
Local = "2a09:a446:1337:ffff::10";
DestinationPort = 4789;
};
};
systemd.network.networks."40-vx-mgmt" = {
matchConfig.Name = "vx-mgmt";
networkConfig.Bridge = "br-mgmt";
};
networking.firewall.extraCommands = ''
ip6tables -I nixos-fw -p udp --src 2a09:a441:0:ffff::1 --dst 2a09:a446:1337:ffff::10 --dport 4789 -j ACCEPT
'';
systemd.network.networks."40-bond0".networkConfig.VXLAN = [ "vx-public" "vx-mgmt" ];
}
Reference in a new issue View git blame Copy permalink