depot/third_party/nixpkgs/nixos/tests/networking/router.nix

113 lines
3 KiB
Nix

{ networkd }:
{ config, pkgs, ... }:
let
inherit (pkgs) lib;
qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
vlanIfs = lib.range 1 (lib.length config.virtualisation.vlans);
in
{
environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
virtualisation.vlans = [
1
2
3
];
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
networking = {
useDHCP = false;
useNetworkd = networkd;
firewall.checkReversePath = true;
firewall.allowedUDPPorts = [ 547 ];
interfaces = lib.mkOverride 0 (
lib.listToAttrs (
lib.forEach vlanIfs (
n:
lib.nameValuePair "eth${toString n}" {
ipv4.addresses = [
{
address = "192.168.${toString n}.1";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fd00:1234:5678:${toString n}::1";
prefixLength = 64;
}
];
}
)
)
);
};
services.kea = {
dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = map (n: "eth${toString n}") vlanIfs;
dhcp-socket-type = "raw";
service-sockets-require-all = true;
service-sockets-max-retries = 5;
service-sockets-retry-wait-time = 2500;
};
subnet4 = map (n: {
id = n;
subnet = "192.168.${toString n}.0/24";
pools = [ { pool = "192.168.${toString n}.3 - 192.168.${toString n}.254"; } ];
option-data = [
{
data = "192.168.${toString n}.1";
name = "routers";
}
{
data = "192.168.${toString n}.1";
name = "domain-name-servers";
}
];
reservations = [
{
hw-address = qemu-common.qemuNicMac n 1;
hostname = "client${toString n}";
ip-address = "192.168.${toString n}.2";
}
];
}) vlanIfs;
};
};
dhcp6 = {
enable = true;
settings = {
interfaces-config = {
interfaces = map (n: "eth${toString n}") vlanIfs;
service-sockets-require-all = true;
service-sockets-max-retries = 5;
service-sockets-retry-wait-time = 2500;
};
subnet6 = map (n: {
id = n;
subnet = "fd00:1234:5678:${toString n}::/64";
interface = "eth${toString n}";
pools = [ { pool = "fd00:1234:5678:${toString n}::2-fd00:1234:5678:${toString n}::2"; } ];
}) vlanIfs;
};
};
};
services.radvd = {
enable = true;
config = lib.flip lib.concatMapStrings vlanIfs (n: ''
interface eth${toString n} {
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
RDNSS 2001:db8::1 {};
prefix fd00:1234:5678:${toString n}::/64 {
AdvAutonomous off;
};
};
'');
};
}