2024-12-14 21:45:46 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
stateVersion,
|
2024-12-21 14:06:00 +01:00
|
|
|
globals,
|
2024-12-14 21:45:46 +01:00
|
|
|
inputs,
|
|
|
|
|
lib,
|
|
|
|
|
minimal,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-12-23 12:42:21 +01:00
|
|
|
let
|
|
|
|
|
inherit (lib)
|
|
|
|
|
listToAttrs
|
|
|
|
|
flip
|
|
|
|
|
nameValuePair
|
|
|
|
|
;
|
|
|
|
|
in
|
2024-12-14 21:45:46 +01:00
|
|
|
{
|
|
|
|
|
guests =
|
|
|
|
|
let
|
2024-12-21 14:06:00 +01:00
|
|
|
mkGuest =
|
|
|
|
|
guestName:
|
|
|
|
|
{
|
|
|
|
|
vlans ? [ "services" ],
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
{
|
|
|
|
|
autostart = true;
|
|
|
|
|
zfs."/state" = {
|
|
|
|
|
pool = "rpool";
|
|
|
|
|
dataset = "local/guests/${guestName}";
|
|
|
|
|
};
|
|
|
|
|
zfs."/persist" = {
|
|
|
|
|
pool = "rpool";
|
|
|
|
|
dataset = "safe/guests/${guestName}";
|
|
|
|
|
};
|
|
|
|
|
modules = [
|
|
|
|
|
../../config/basic
|
|
|
|
|
../../config/services/${guestName}.nix
|
|
|
|
|
{
|
|
|
|
|
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
2025-01-07 21:23:06 +01:00
|
|
|
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
|
2024-12-21 14:06:00 +01:00
|
|
|
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
|
|
|
|
lib.listToAttrs (
|
|
|
|
|
lib.flip map vlans (
|
|
|
|
|
name:
|
2024-12-24 14:54:17 +01:00
|
|
|
lib.nameValuePair "10-mv-${name}" {
|
2024-12-21 14:06:00 +01:00
|
|
|
matchConfig.Name = "mv-${name}";
|
2024-12-24 14:54:17 +01:00
|
|
|
DHCP = lib.mkForce "no";
|
2024-12-21 14:06:00 +01:00
|
|
|
address = [
|
|
|
|
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
2024-12-21 23:32:42 +01:00
|
|
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
|
|
|
|
];
|
2025-01-07 21:23:06 +01:00
|
|
|
gateway = lib.optionals globals.net.vlans.${name}.internet [
|
2024-12-22 19:00:21 +01:00
|
|
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
|
|
|
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
2024-12-21 14:06:00 +01:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-12-14 21:45:46 +01:00
|
|
|
};
|
|
|
|
|
|
2024-12-23 12:42:21 +01:00
|
|
|
mkMicrovm =
|
|
|
|
|
guestName:
|
|
|
|
|
{
|
|
|
|
|
vlans ? [ "services" ],
|
|
|
|
|
...
|
|
|
|
|
}@cfg:
|
|
|
|
|
{
|
|
|
|
|
${guestName} = mkGuest guestName cfg // {
|
|
|
|
|
backend = "microvm";
|
|
|
|
|
microvm = {
|
|
|
|
|
system = "x86_64-linux";
|
2025-01-03 00:31:36 +01:00
|
|
|
interfaces = listToAttrs (flip map vlans (x: (nameValuePair "mv-${x}" { hostLink = "lan-${x}"; })));
|
2024-12-23 12:42:21 +01:00
|
|
|
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
|
|
|
|
};
|
|
|
|
|
extraSpecialArgs = {
|
|
|
|
|
inherit (inputs.self) nodes globals;
|
|
|
|
|
inherit (inputs.self.pkgs.x86_64-linux) lib;
|
|
|
|
|
inherit inputs minimal stateVersion;
|
|
|
|
|
};
|
2024-12-14 21:45:46 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-20 11:07:22 +01:00
|
|
|
mkContainer =
|
|
|
|
|
guestName:
|
|
|
|
|
{
|
2024-12-21 14:06:00 +01:00
|
|
|
vlans ? [ "services" ],
|
2024-12-20 11:07:22 +01:00
|
|
|
...
|
|
|
|
|
}@cfg:
|
|
|
|
|
{
|
2024-12-21 14:06:00 +01:00
|
|
|
${guestName} = lib.mkMerge [
|
|
|
|
|
(mkGuest guestName cfg)
|
|
|
|
|
{
|
|
|
|
|
backend = "container";
|
|
|
|
|
container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}");
|
|
|
|
|
extraSpecialArgs = {
|
|
|
|
|
inherit (inputs.self) nodes globals;
|
|
|
|
|
inherit (inputs.self.pkgs.x86_64-linux) lib;
|
|
|
|
|
inherit inputs minimal stateVersion;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-12-14 21:45:46 +01:00
|
|
|
};
|
|
|
|
|
in
|
2025-01-04 23:25:48 +01:00
|
|
|
{ } // mkContainer "adguardhome" { } // mkContainer "nginx" { };
|
2024-12-14 21:45:46 +01:00
|
|
|
}
|
