dan/liminix
1
0
Fork 5
Code

bordervm: make configurable

Browse Source
This commit is contained in:
Daniel Barlow 2023-02-17 16:28:50 +00:00
parent 05576eeb94
commit ef0b5cb815
2 changed files with 98 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
bordervm-configuration.nix
View File

@ -1,70 +1,106 @@
{ config, pkgs, ... }:
{
{ config, pkgs, lib, ... }:
let
cfg = config.bordervm;
inherit (lib) mkOption mdDoc types;
in {
options.bordervm = {
l2tp = {
host = mkOption {
description = mdDoc ''
Hostname or IP address of an L2TP LNS that this VM
will connect to when it receives a PPPoE connection request
'';
type = types.str;
example = "l2tp.example.org";
};
port = mkOption {
description = mdDoc ''
Port number, if non-standard, of the LNS.
'';
type = types.int;
default = 1701;
};
};
ethernet = {
pciId = mkOption {
description = ''
Host PCI ID (as shown by `lspci`) of the ethernet adaptor
to be used by the VM. This uses VFIO and requires setup
on the emulation host before it will work!
'';
type = types.str;
example = "04:00.0";
};
};
};
imports = [
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
./bordervm.conf.nix
];
boot.kernelParams = [
"loglevel=9"
];
systemd.services.pppoe =
let conf = pkgs.writeText "kpppoed.toml"
''
config = {
boot.kernelParams = [
"loglevel=9"
];
systemd.services.pppoe =
let conf = pkgs.writeText "kpppoed.toml"
''
interface_name = "eth1"
services = [ "myservice" ]
lns_ipaddr = "90.155.53.19:1701"
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0"
'';
in {
in {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
};
};
systemd.services.tufted = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
};
};
systemd.services.tufted = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
};
};
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
virtualisation = {
qemu = {
networkingOptions = [];
options = [
"-device vfio-pci,host=01:00.0"
"-nographic"
"-serial mon:stdio"
];
};
sharedDirectories = {
liminix = {
source = builtins.toString ./.;
target = "/home/liminix/liminix";
virtualisation = {
qemu = {
networkingOptions = [];
options = [
"-device vfio-pci,host=${cfg.ethernet.pciId}"
"-nographic"
"-serial mon:stdio"
];
};
sharedDirectories = {
liminix = {
source = builtins.toString ./.;
target = "/home/liminix/liminix";
};
};
};
};
environment.systemPackages = with pkgs; [
tcpdump
wireshark
socat
tufted
iptables
];
security.sudo.wheelNeedsPassword = false;
networking = {
hostName = "border";
firewall = { enable = false; };
interfaces.eth1 = {
useDHCP = false;
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
environment.systemPackages = with pkgs; [
tcpdump
wireshark
socat
tufted
iptables
];
security.sudo.wheelNeedsPassword = false;
networking = {
hostName = "border";
firewall = { enable = false; };
interfaces.eth1 = {
useDHCP = false;
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
};
};
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
};
services.getty.autologinUser = "liminix";
};
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
};
services.getty.autologinUser = "liminix";
}

9
bordervm.conf-example.nix Normal file
View File

@ -0,0 +1,9 @@
{...}:
{
bordervm = {
ethernet.pciId = "01:00.0";
l2tp = {
host = "l2tp.aa.net.uk";
};
};
}