dan
/
liminix
1
0
Fork 5
Code Issues 3 Pull Requests 2 Projects Releases Wiki Activity

bordervm: make configurable

module-based-network
Daniel Barlow 2023-02-17 16:28:50 +00:00
parent 05576eeb94
commit ef0b5cb815
2 changed files with 98 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
bordervm-configuration.nix
View File

@ -1,70 +1,106 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
{ let
cfg = config.bordervm;
inherit (lib) mkOption mdDoc types;
in {
options.bordervm = {
l2tp = {
host = mkOption {
description = mdDoc ''
Hostname or IP address of an L2TP LNS that this VM
will connect to when it receives a PPPoE connection request
'';
type = types.str;
example = "l2tp.example.org";
};
port = mkOption {
description = mdDoc ''
Port number, if non-standard, of the LNS.
'';
type = types.int;
default = 1701;
};
};
ethernet = {
pciId = mkOption {
description = ''
Host PCI ID (as shown by `lspci`) of the ethernet adaptor
to be used by the VM. This uses VFIO and requires setup
on the emulation host before it will work!
'';
type = types.str;
example = "04:00.0";
};
};
};
imports = [ imports = [
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
./bordervm.conf.nix
]; ];
boot.kernelParams = [ config = {
"loglevel=9" boot.kernelParams = [
]; "loglevel=9"
systemd.services.pppoe = ];
let conf = pkgs.writeText "kpppoed.toml" systemd.services.pppoe =
'' let conf = pkgs.writeText "kpppoed.toml"
''
interface_name = "eth1" interface_name = "eth1"
services = [ "myservice" ] services = [ "myservice" ]
lns_ipaddr = "90.155.53.19:1701" lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
ac_name = "kpppoed-1.0" ac_name = "kpppoed-1.0"
''; '';
in { in {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
};
};
systemd.services.tufted = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}"; ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
}; };
}; };
systemd.services.tufted = { systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
};
};
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
virtualisation = { virtualisation = {
qemu = { qemu = {
networkingOptions = []; networkingOptions = [];
options = [ options = [
"-device vfio-pci,host=01:00.0" "-device vfio-pci,host=${cfg.ethernet.pciId}"
"-nographic" "-nographic"
"-serial mon:stdio" "-serial mon:stdio"
]; ];
}; };
sharedDirectories = { sharedDirectories = {
liminix = { liminix = {
source = builtins.toString ./.; source = builtins.toString ./.;
target = "/home/liminix/liminix"; target = "/home/liminix/liminix";
};
}; };
}; };
}; environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; [ tcpdump
tcpdump wireshark
wireshark socat
socat tufted
tufted iptables
iptables ];
]; security.sudo.wheelNeedsPassword = false;
security.sudo.wheelNeedsPassword = false; networking = {
networking = { hostName = "border";
hostName = "border"; firewall = { enable = false; };
firewall = { enable = false; }; interfaces.eth1 = {
interfaces.eth1 = { useDHCP = false;
useDHCP = false; ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}]; };
}; };
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
};
services.getty.autologinUser = "liminix";
}; };
users.users.liminix = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel"];
};
services.getty.autologinUser = "liminix";
} }

9
bordervm.conf-example.nix Normal file
View File

@ -0,0 +1,9 @@
{...}:
{
bordervm = {
ethernet.pciId = "01:00.0";
l2tp = {
host = "l2tp.aa.net.uk";
};
};
}