forked from DGNum/liminix
extract borderVm config into separate file
This commit is contained in:
parent
a98b266445
commit
d948438ae1
2 changed files with 75 additions and 69 deletions
69
bordervm-configuration.nix
Normal file
69
bordervm-configuration.nix
Normal file
|
@ -0,0 +1,69 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||
];
|
||||
boot.kernelParams = [
|
||||
"loglevel=9"
|
||||
];
|
||||
systemd.services.pppoe =
|
||||
let conf = pkgs.writeText "kpppoed.toml"
|
||||
''
|
||||
interface_name = "eth0"
|
||||
services = [ "myservice" ]
|
||||
lns_ipaddr = "90.155.53.19"
|
||||
ac_name = "kpppoed-1.0"
|
||||
'';
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.go-l2tp}/bin/kpppoed -config ${conf}";
|
||||
};
|
||||
};
|
||||
systemd.services.tufted = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.tufted}/bin/tufted /home/liminix/liminix";
|
||||
};
|
||||
};
|
||||
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
||||
|
||||
virtualisation = {
|
||||
qemu = {
|
||||
networkingOptions = [];
|
||||
options = [
|
||||
"-device vfio-pci,host=01:00.0"
|
||||
"-nographic"
|
||||
"-serial mon:stdio"
|
||||
];
|
||||
};
|
||||
sharedDirectories = {
|
||||
liminix = {
|
||||
source = builtins.toString ./.;
|
||||
target = "/home/liminix/liminix";
|
||||
};
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
tcpdump
|
||||
wireshark
|
||||
socat
|
||||
tufted
|
||||
iptables
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
networking = {
|
||||
hostName = "border";
|
||||
firewall = { enable = false; };
|
||||
interfaces.eth1 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
|
||||
};
|
||||
};
|
||||
users.users.liminix = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel"];
|
||||
};
|
||||
services.getty.autologinUser = "liminix";
|
||||
}
|
75
default.nix
75
default.nix
|
@ -20,75 +20,12 @@ let
|
|||
./modules/outputs.nix
|
||||
] pkgs;
|
||||
|
||||
borderVm = ((import <nixpkgs/nixos>) {
|
||||
configuration =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||
];
|
||||
boot.kernelParams = [
|
||||
"loglevel=9"
|
||||
];
|
||||
systemd.services.pppoe =
|
||||
let conf = pkgs.writeText "kpppoed.toml"
|
||||
''
|
||||
interface_name = "eth0"
|
||||
services = [ "myservice" ]
|
||||
lns_ipaddr = "90.155.53.19"
|
||||
ac_name = "kpppoed-1.0"
|
||||
'';
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.pkgsBuildBuild.go-l2tp}/bin/kpppoed -config ${conf}";
|
||||
};
|
||||
};
|
||||
systemd.services.tufted = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.pkgsBuildBuild.tufted}/bin/tufted /home/liminix/liminix";
|
||||
};
|
||||
};
|
||||
virtualisation = {
|
||||
qemu = {
|
||||
networkingOptions = [];
|
||||
options = [
|
||||
"-device vfio-pci,host=01:00.0"
|
||||
"-nographic"
|
||||
"-serial mon:stdio"
|
||||
];
|
||||
};
|
||||
sharedDirectories = {
|
||||
liminix = {
|
||||
source = builtins.toString ./.;
|
||||
target = "/home/liminix/liminix";
|
||||
};
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs.pkgsBuildBuild; [
|
||||
tcpdump
|
||||
wireshark
|
||||
socat
|
||||
tufted
|
||||
iptables
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
networking = {
|
||||
hostName = "border";
|
||||
firewall = { enable = false; };
|
||||
interfaces.eth1 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ { address = "10.0.0.1"; prefixLength = 24;}];
|
||||
};
|
||||
};
|
||||
users.users.liminix = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel"];
|
||||
};
|
||||
services.getty.autologinUser = "liminix";
|
||||
};
|
||||
borderVm = ((import <nixpkgs/nixos/lib/eval-config.nix>) {
|
||||
system = builtins.currentSystem;
|
||||
modules = [
|
||||
({ ... } : { nixpkgs.overlays = [ overlay ]; })
|
||||
(import ./bordervm-configuration.nix)
|
||||
];
|
||||
}).config.system;
|
||||
in {
|
||||
outputs = config.outputs // {
|
||||
|
|
Loading…
Reference in a new issue