Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change networking of server interface

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-01 20:55:28 +01:00
parent 26beae17a9
commit 5ce972a635
3 changed files with 58 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw.cloonar.com/modules/firewall.nix
View File

@@ -23,9 +23,7 @@
iptables -A FORWARD -i wg_cloonar -d 10.42.0.0/16 -j ACCEPT iptables -A FORWARD -i wg_cloonar -d 10.42.0.0/16 -j ACCEPT
iptables -A FORWARD -i lan -o wan -j ACCEPT iptables -A FORWARD -i lan -o wan -j ACCEPT
iptables -A FORWARD -i server -o wan -j ACCEPT
iptables -A FORWARD -i podman0 -o wan -j ACCEPT iptables -A FORWARD -i podman0 -o wan -j ACCEPT
iptables -A FORWARD -i server-shim -o wan -j ACCEPT
iptables -A FORWARD -i multimedia -o wan -j ACCEPT iptables -A FORWARD -i multimedia -o wan -j ACCEPT
iptables -A FORWARD -i smart -o wan -j ACCEPT iptables -A FORWARD -i smart -o wan -j ACCEPT
iptables -A FORWARD -i wg_cloonar -o wan -j ACCEPT iptables -A FORWARD -i wg_cloonar -o wan -j ACCEPT

24
hosts/fw.cloonar.com/modules/networking.nix
View File

@@ -17,9 +17,9 @@
matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c2"; matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c2";
linkConfig.Name = "lan"; linkConfig.Name = "lan";
}; };
"30-server" = { "30-multimedia" = {
matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c3"; matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c3";
linkConfig.Name = "server"; linkConfig.Name = "multimedia";
}; };
}; };
}; };
@@ -30,10 +30,10 @@
nameservers = [ "9.9.9.9" "149.112.112.112" ]; nameservers = [ "9.9.9.9" "149.112.112.112" ];
# Define VLANS # Define VLANS
vlans = { vlans = {
multimedia = { # multimedia = {
id = 3; # id = 3;
interface = "enp5s0"; # interface = "enp5s0";
}; # };
smart = { smart = {
id = 4094; id = 4094;
interface = "enp5s0"; interface = "enp5s0";
@@ -58,12 +58,12 @@
prefixLength = 24; prefixLength = 24;
}]; }];
}; };
server = { # server = {
ipv4.addresses = [{ # ipv4.addresses = [{
address = "10.42.97.1"; # address = "10.42.97.1";
prefixLength = 24; # prefixLength = 24;
}]; # }];
}; # };
multimedia = { multimedia = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "10.42.99.1"; address = "10.42.99.1";

89
hosts/fw.cloonar.com/modules/podman.nix
View File

@@ -6,7 +6,10 @@ in {
podman = { podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings = {
# dns_enabled = true;
subnets = [{ gateway = "10.42.97.1"; subnet = "10.42.97.0/24"; }];
};
# defaultNetwork.settings = { # defaultNetwork.settings = {
# driver = "macvlan"; # driver = "macvlan";
# network_interface = "server"; # network_interface = "server";
@@ -25,47 +28,47 @@ in {
}; };
}; };
networking = { # networking = {
macvlans = { # macvlans = {
"server-shim" = { # "server-shim" = {
interface = "server"; # interface = "server";
mode = "bridge"; # mode = "bridge";
}; # };
}; # };
interfaces = { # interfaces = {
"server-shim" = { # "server-shim" = {
ipv4.addresses = [{ # ipv4.addresses = [{
address = "10.42.97.223"; # address = "10.42.97.223";
prefixLength = 24; # prefixLength = 24;
}]; # }];
ipv4.routes = [{ # ipv4.routes = [{
address = "10.42.97.192"; # address = "10.42.97.192";
prefixLength = 27; # prefixLength = 27;
}]; # }];
}; # };
}; # };
}; # };
systemd.sockets."netavark-dhcp-proxy" = { # systemd.sockets."netavark-dhcp-proxy" = {
description = "Netavark DHCP proxy socket"; # description = "Netavark DHCP proxy socket";
socketConfig = { # socketConfig = {
ListenStream = "%t/podman/nv-proxy.sock"; # ListenStream = "%t/podman/nv-proxy.sock";
SocketMode = 0660; # SocketMode = 0660;
}; # };
wantedBy = [ "sockets.target" ]; # wantedBy = [ "sockets.target" ];
}; # };
#
systemd.services."netavark-dhcp-proxy" = { # systemd.services."netavark-dhcp-proxy" = {
description = "Netavark DHCP proxy service"; # description = "Netavark DHCP proxy service";
after = [ "netavark-dhcp-proxy.socket" ]; # after = [ "netavark-dhcp-proxy.socket" ];
requires = [ "netavark-dhcp-proxy.socket" ]; # requires = [ "netavark-dhcp-proxy.socket" ];
wantedBy = [ "multi-user.target" "netavark-dhcp-proxy.socket" ]; # wantedBy = [ "multi-user.target" "netavark-dhcp-proxy.socket" ];
path = [ pkgs.netavark ]; # path = [ pkgs.netavark ];
startLimitIntervalSec = 0; # startLimitIntervalSec = 0;
#
serviceConfig = { # serviceConfig = {
Type = "exec"; # Type = "exec";
ExecStart= "${pkgs.netavark}/bin/netavark dhcp-proxy -a 30"; # ExecStart= "${pkgs.netavark}/bin/netavark dhcp-proxy -a 30";
}; # };
}; # };
} }