public/nixos-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bridge and nat network options added

Browse Source
This commit is contained in:
Birk Bohne 2025-07-14 16:03:37 +02:00
parent 8b02ce9fb3
commit debb28721e
No known key found for this signature in database
10 changed files with 138 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
computer/pc-demo1/default.nix
View File

@ -5,9 +5,9 @@
beancloud = { beancloud = {
software = { software = {
container = true;
desktop = true; desktop = true;
nextcloud.server.enable = true; nextcloud.server.enable = true;
gitlab.enable = true;
}; };
disk.device.name = "vda"; disk.device.name = "vda";
hardware.virtualmachine.type = "kvm"; hardware.virtualmachine.type = "kvm";

1
computer/pc-demo2/default.nix
View File

@ -12,7 +12,6 @@
}; };
imports = [ imports = [
./network.nix
../../users/root/default.nix ../../users/root/default.nix
../../users/demo/default.nix ../../users/demo/default.nix
]; ];

24
computer/pc-demo2/network.nix
View File

@ -1,24 +0,0 @@
{ lib, ... }:
{
systemd.network.netdevs."br10".netdevConfig = {
Name = "br10";
Kind = "bridge";
};
systemd.network.networks = {
"10-lan" = {
enable = lib.mkForce true;
linkConfig.RequiredForOnline = lib.mkForce "enslaved";
networkConfig.Bridge = "br10";
networkConfig.DHCP = lib.mkForce "no";
};
"br10-lan" = {
enable = lib.mkForce true;
matchConfig.Name = [ "br10" ];
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "yes";
networkConfig.IPv6AcceptRA = false;
};
};
}

61
options.nix
View File

@ -2,27 +2,41 @@
{ {
options = { options = {
beancloud.network.address = lib.mkOption { beancloud.network = {
type = lib.types.str; address = lib.mkOption {
example = "192.168.1.10"; type = lib.types.str;
description = "beancloud.network.address to define the ip of the host/vm or a service"; example = "192.168.1.10";
}; description = "beancloud.network.address to define the ip of the host/vm or a service";
beancloud.network.subnet = lib.mkOption { };
type = lib.types.str; subnet = lib.mkOption {
example = "/24"; type = lib.types.str;
description = "beancloud.network.subnet to define the subnet of the host/vm or a service"; example = "/24";
}; description = "beancloud.network.subnet to define the subnet of the host/vm or a service";
beancloud.network.interface.lan = lib.mkOption { };
type = lib.types.str; interface = {
example = "enp1s0"; lan = lib.mkOption {
default = "eth0"; type = lib.types.str;
description = "beancloud.network.interface.lan to define the wired network interface"; example = "enp1s0";
}; default = "eth0";
beancloud.network.interface.wlan = lib.mkOption { description = "beancloud.network.interface.lan to define the wired network interface";
type = lib.types.str; };
example = "enp1s0"; wlan = lib.mkOption {
default = "wlan0"; type = lib.types.str;
description = "beancloud.network.interface.wlan to define the wireless network interface"; example = "enp1s0";
default = "wlan0";
description = "beancloud.network.interface.wlan to define the wireless network interface";
};
};
bridge = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.network.bridge to enable a bridge network";
};
nat = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.network.nat to enable a NAT network";
};
}; };
beancloud.bootloader.type = lib.mkOption { beancloud.bootloader.type = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -109,6 +123,11 @@
description = "beancloud.software.games.stardewvalley to enable game related settings"; description = "beancloud.software.games.stardewvalley to enable game related settings";
}; };
}; };
beancloud.software.gitlab = lib.mkOption {
type = lib.types.bool;
default = false;
description = "beancloud.software.gitlab to activate a Gitlab instance running in a nspawn container";
};
beancloud.software.epson-scan = lib.mkOption { beancloud.software.epson-scan = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;

2
os/default.nix
View File

@ -9,7 +9,7 @@
./hardware ./hardware
./swap.nix ./swap.nix
./locale.nix ./locale.nix
./network.nix ./network
./update.nix ./update.nix
./virtualization.nix ./virtualization.nix
]; ];

26
os/network/bridge.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.beancloud.network.bridge) {
systemd.network.netdevs."br10".netdevConfig = {
Name = "br10";
Kind = "bridge";
};
systemd.network.networks = {
"10-lan" = {
enable = lib.mkForce true;
linkConfig.RequiredForOnline = lib.mkForce "enslaved";
networkConfig.Bridge = "br10";
networkConfig.DHCP = lib.mkForce "no";
};
"br10-lan" = {
enable = lib.mkForce true;
matchConfig.Name = [ "br10" ];
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "yes";
networkConfig.IPv6AcceptRA = false;
};
};
};
}

40
os/network/default.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, ... }:
{
imports = [
./bridge.nix
./nat.nix
./dns.nix
./firewall.nix
];
networking = {
domain = "local";
enableIPv6 = false;
useDHCP = false;
wireless.enable = false;
usePredictableInterfaceNames = lib.mkIf (config.beancloud.network.interface.lan == "eth0") false;
};
networking.networkmanager = {
enable = true;
wifi.powersave = lib.mkIf config.beancloud.hardware.steamdeck true;
};
systemd.network = {
enable = true;
config.networkConfig = {
UseDomains = true;
SpeedMeter = true;
};
networks."10-lan" = {
enable = lib.mkDefault true;
matchConfig.Name = [ "${config.beancloud.network.interface.lan}" ];
linkConfig.RequiredForOnline = lib.mkDefault "routable";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = false;
};
};
};
beancloud.network.interface.lan = lib.mkIf config.beancloud.hardware.steamdeck "eth0";
}

17
os/network/dns.nix Normal file
View File

@ -0,0 +1,17 @@
{ ... }:
{
networking.hosts = {
};
# (m)DNS
services.resolved = {
enable = true;
fallbackDns = [
"9.9.9.9" # https://www.quad9.net/service/service-addresses-and-features
"2620:fe::fe" # https://www.quad9.net/service/service-addresses-and-features
];
dnssec = "false";
dnsovertls = "opportunistic";
};
}

46
os/network.nix → os/network/firewall.nix
View File

@ -1,48 +1,6 @@
{ config, lib, ... }: { ... }:
{ {
networking = {
domain = "local";
enableIPv6 = false;
useDHCP = false;
wireless.enable = false;
usePredictableInterfaceNames = lib.mkIf (config.beancloud.network.interface.lan == "eth0") false;
};
networking.networkmanager = {
enable = true;
wifi.powersave = lib.mkIf config.beancloud.hardware.steamdeck true;
};
systemd.network = {
enable = true;
config.networkConfig = {
UseDomains = true;
SpeedMeter = true;
};
networks."10-lan" = {
enable = lib.mkDefault true;
matchConfig.Name = [ "${config.beancloud.network.interface.lan}" ];
linkConfig.RequiredForOnline = lib.mkDefault "routable";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = false;
};
};
};
networking.hosts = {
};
# (m)DNS
services.resolved = {
enable = true;
fallbackDns = [
"9.9.9.9" # https://www.quad9.net/service/service-addresses-and-features
"2620:fe::fe" # https://www.quad9.net/service/service-addresses-and-features
];
dnssec = "false";
dnsovertls = "opportunistic";
};
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.nftables.enable = false; networking.nftables.enable = false;
@ -87,6 +45,4 @@
family = "inet"; family = "inet";
}; };
}; };
beancloud.network.interface.lan = lib.mkIf config.beancloud.hardware.steamdeck "eth0";
} }

12
os/network/nat.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.beancloud.network.nat) {
networking.nat = {
enable = config.beancloud.software.gitlab;
internalInterfaces = [ "ve-+" ];
externalInterface = "${config.beancloud.network.interface.lan}";
enableIPv6 = false;
};
};
}