SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-22 08:04:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switch container networking from macvlans to bridges

Browse source
This commit is contained in:
SebastianStork 2024-09-05 19:47:58 +02:00
parent 4168626450
commit 78f25ad322
5 changed files with 60 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

36
hosts/stratus/containers/default.nix
View file

@ -7,14 +7,10 @@
}:
let
containers = lib.filterAttrs (_: v: v == "directory") (builtins.readDir ./.);
interface = "eno1";
dataDirOf = name: "/data/${name}";
in
{
imports = [
./nextcloud
./paperless
];
imports = lib.mapAttrsToList (name: _: ./${name}) containers;
sops.secrets = lib.mapAttrs' (
name: _: lib.nameValuePair "container/${name}/ssh-key" { }
@ -27,10 +23,25 @@ in
]) containers
);
networking = {
useDHCP = false;
bridges.br0.interfaces = [ "eno1" ];
interfaces."br0".useDHCP = true;
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "br0";
};
};
containers = lib.mapAttrs (name: _: {
autoStart = true;
ephemeral = true;
macvlans = [ interface ];
privateNetwork = true;
enableTun = true;
hostBridge = "br0";
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".hostPath = config.sops.secrets."container/${name}/ssh-key".path;
@ -66,18 +77,10 @@ in
networking = {
inherit domain;
useNetworkd = true;
useHostResolvConf = false;
interfaces."eth0".useDHCP = true;
};
systemd.network = {
enable = true;
networks."10-mv-${interface}" = {
matchConfig.Name = "mv-${interface}";
networkConfig.DHCP = "yes";
dhcpV4Config.ClientIdentifier = "mac";
};
};
services.resolved.enable = true;
myConfig.sops = {
enable = true;
@ -85,7 +88,6 @@ in
};
sops.secrets."tailscale-auth-key" = { };
services.tailscale.interfaceName = "userspace-networking";
myConfig.tailscale = {
enable = true;
ssh.enable = true;