liminix/bordervm-configuration.nix

151 lines
4.1 KiB
Nix
Raw Normal View History

2023-02-17 16:28:50 +00:00
{ config, pkgs, lib, ... }:
let
cfg = config.bordervm;
2023-05-09 21:58:56 +00:00
inherit (lib) mkOption mkEnableOption mdDoc types optional optionals;
2023-02-17 16:28:50 +00:00
in {
options.bordervm = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
};
2023-02-17 16:28:50 +00:00
l2tp = {
host = mkOption {
description = mdDoc ''
Hostname or IP address of an L2TP LNS that this VM
will connect to when it receives a PPPoE connection request
'';
type = types.str;
example = "l2tp.example.org";
};
port = mkOption {
description = mdDoc ''
Port number, if non-standard, of the LNS.
'';
type = types.int;
default = 1701;
};
};
ethernet = {
2023-05-09 21:58:56 +00:00
pci = {
enable = mkEnableOption "passthru PCI ethernet";
id = mkOption {
description = ''
Host PCI ID (as shown by `lspci`) of the ethernet adaptor
to be used by the VM. This uses VFIO and requires setup
on the emulation host before it will work!
'';
type = types.str;
example = "04:00.0";
};
};
usb = {
enable = mkEnableOption "passthru USB ethernet";
vendor = mkOption {
type = types.str;
example = "0x0bda";
};
product = mkOption {
type = types.str;
example = "0x8153";
};
2023-02-17 16:28:50 +00:00
};
};
};
imports = [
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
];
2023-02-17 16:28:50 +00:00
config = {
boot.kernelParams = [ "loglevel=9" ];
2023-02-17 16:28:50 +00:00
systemd.services.pppoe =
let
conf = pkgs.writeText "kpppoed.toml" ''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in
{
2023-02-17 16:28:50 +00:00
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
};
};
systemd.services.tufted = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
2023-02-17 16:28:50 +00:00
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
};
};
2023-05-17 14:16:41 +00:00
services.openssh.enable = true;
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
settings = {
# domain-needed = true;
dhcp-range = [ "10.0.0.10,10.0.0.240" ];
interface = "eth1";
};
};
2023-02-17 16:28:50 +00:00
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
2023-02-17 16:28:50 +00:00
virtualisation = {
qemu = {
networkingOptions = [ ];
options =
[ ]
++ optional cfg.ethernet.pci.enable "-device vfio-pci,host=${cfg.ethernet.pci.id}"
++ optionals cfg.ethernet.usb.enable [
2023-05-09 21:58:56 +00:00
"-device usb-ehci,id=ehci"
"-device usb-host,bus=ehci.0,vendorid=${cfg.ethernet.usb.vendor},productid=${cfg.ethernet.usb.product}"
]
++ [
2023-05-09 21:58:56 +00:00
"-nographic"
"-serial mon:stdio"
];
2023-02-17 16:28:50 +00:00
};
sharedDirectories = {
liminix = {
securityModel = "none";
2023-02-17 16:28:50 +00:00
source = builtins.toString ./.;
target = "/home/liminix/liminix";
};
};
};
environment.systemPackages =
let wireshark-nogui = pkgs.wireshark.override { withQt = false ; };
in with pkgs; [
tcpdump
wireshark-nogui
socat
tufted
iptables
usbutils
2024-05-01 22:09:23 +00:00
busybox
];
2023-02-17 16:28:50 +00:00
security.sudo.wheelNeedsPassword = false;
networking = {
hostName = "border";
firewall = { enable = false; };
interfaces.eth1 = {
useDHCP = false;
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
};
2024-05-08 23:04:21 +00:00
nat = {
enable = true;
internalInterfaces = [ "eth1" ];
externalInterface = "eth0";
2024-05-08 23:04:21 +00:00
};
};
2023-02-17 16:28:50 +00:00
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = cfg.keys;
};
2023-02-17 16:28:50 +00:00
services.getty.autologinUser = "liminix";
};
}