bordervm: make configurable
This commit is contained in:
parent
05576eeb94
commit
ef0b5cb815
2 changed files with 98 additions and 53 deletions
|
@ -1,70 +1,106 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
let
|
||||||
|
cfg = config.bordervm;
|
||||||
|
inherit (lib) mkOption mdDoc types;
|
||||||
|
in {
|
||||||
|
options.bordervm = {
|
||||||
|
l2tp = {
|
||||||
|
host = mkOption {
|
||||||
|
description = mdDoc ''
|
||||||
|
Hostname or IP address of an L2TP LNS that this VM
|
||||||
|
will connect to when it receives a PPPoE connection request
|
||||||
|
'';
|
||||||
|
type = types.str;
|
||||||
|
example = "l2tp.example.org";
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
description = mdDoc ''
|
||||||
|
Port number, if non-standard, of the LNS.
|
||||||
|
'';
|
||||||
|
type = types.int;
|
||||||
|
default = 1701;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ethernet = {
|
||||||
|
pciId = mkOption {
|
||||||
|
description = ''
|
||||||
|
Host PCI ID (as shown by `lspci`) of the ethernet adaptor
|
||||||
|
to be used by the VM. This uses VFIO and requires setup
|
||||||
|
on the emulation host before it will work!
|
||||||
|
'';
|
||||||
|
type = types.str;
|
||||||
|
example = "04:00.0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||||
|
./bordervm.conf.nix
|
||||||
];
|
];
|
||||||
boot.kernelParams = [
|
config = {
|
||||||
"loglevel=9"
|
boot.kernelParams = [
|
||||||
];
|
"loglevel=9"
|
||||||
systemd.services.pppoe =
|
];
|
||||||
let conf = pkgs.writeText "kpppoed.toml"
|
systemd.services.pppoe =
|
||||||
''
|
let conf = pkgs.writeText "kpppoed.toml"
|
||||||
|
''
|
||||||
interface_name = "eth1"
|
interface_name = "eth1"
|
||||||
services = [ "myservice" ]
|
services = [ "myservice" ]
|
||||||
lns_ipaddr = "90.155.53.19:1701"
|
lns_ipaddr = "${cfg.l2tp.host}:${builtins.toString cfg.l2tp.port}"
|
||||||
ac_name = "kpppoed-1.0"
|
ac_name = "kpppoed-1.0"
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.tufted = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network-online.target" ];
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
|
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.tufted = {
|
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
qemu = {
|
qemu = {
|
||||||
networkingOptions = [];
|
networkingOptions = [];
|
||||||
options = [
|
options = [
|
||||||
"-device vfio-pci,host=01:00.0"
|
"-device vfio-pci,host=${cfg.ethernet.pciId}"
|
||||||
"-nographic"
|
"-nographic"
|
||||||
"-serial mon:stdio"
|
"-serial mon:stdio"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
sharedDirectories = {
|
sharedDirectories = {
|
||||||
liminix = {
|
liminix = {
|
||||||
source = builtins.toString ./.;
|
source = builtins.toString ./.;
|
||||||
target = "/home/liminix/liminix";
|
target = "/home/liminix/liminix";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
environment.systemPackages = with pkgs; [
|
||||||
environment.systemPackages = with pkgs; [
|
tcpdump
|
||||||
tcpdump
|
wireshark
|
||||||
wireshark
|
socat
|
||||||
socat
|
tufted
|
||||||
tufted
|
iptables
|
||||||
iptables
|
];
|
||||||
];
|
security.sudo.wheelNeedsPassword = false;
|
||||||
security.sudo.wheelNeedsPassword = false;
|
networking = {
|
||||||
networking = {
|
hostName = "border";
|
||||||
hostName = "border";
|
firewall = { enable = false; };
|
||||||
firewall = { enable = false; };
|
interfaces.eth1 = {
|
||||||
interfaces.eth1 = {
|
useDHCP = false;
|
||||||
useDHCP = false;
|
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
|
||||||
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
|
};
|
||||||
};
|
};
|
||||||
|
users.users.liminix = {
|
||||||
|
isNormalUser = true;
|
||||||
|
uid = 1000;
|
||||||
|
extraGroups = [ "wheel"];
|
||||||
|
};
|
||||||
|
services.getty.autologinUser = "liminix";
|
||||||
};
|
};
|
||||||
users.users.liminix = {
|
|
||||||
isNormalUser = true;
|
|
||||||
uid = 1000;
|
|
||||||
extraGroups = [ "wheel"];
|
|
||||||
};
|
|
||||||
services.getty.autologinUser = "liminix";
|
|
||||||
}
|
}
|
||||||
|
|
9
bordervm.conf-example.nix
Normal file
9
bordervm.conf-example.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{...}:
|
||||||
|
{
|
||||||
|
bordervm = {
|
||||||
|
ethernet.pciId = "01:00.0";
|
||||||
|
l2tp = {
|
||||||
|
host = "l2tp.aa.net.uk";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue