diff --git a/vm/vm.nix b/vm/vm.nix index 6aa4915..01614e2 100644 --- a/vm/vm.nix +++ b/vm/vm.nix @@ -8,6 +8,7 @@ let imap flatten listToAttrs + unique ; access-topology = [ [ @@ -27,6 +28,7 @@ let client_name = sw: vni: "h-${br_name sw vni}"; vtep_name = sw: vni: "v-${toString sw}-${toString vni}"; sw_name = sw: "sw${toString sw}"; + router_vtep_name = vni: "rv-${toString vni}"; vtep_br_name = sw: vni: "br${vtep_name sw vni}"; vtep_vxlan_name = sw: vni: "x${vtep_name sw vni}"; @@ -160,10 +162,9 @@ let }; vxlanConfig = { VNI = vni; - Remote = "10.0.0.1"; Local = "10.0.0.${toString (sw + 1)}"; DestinationPort = 4789; - PortRange = 4789; + Group = "239.0.0.1"; }; }; } @@ -216,12 +217,67 @@ in config = { imports = [ ./common.nix ]; services.resolved.enable = false; - systemd.network.networks = { - "10-eth0" = { - name = "eth0"; - address = [ "10.0.0.1/24" ]; + systemd.network = + let + vni-list = unique <| flatten access-topology; + vtep-network = + listToAttrs + <| map (vni: { + name = "10-${router_vtep_name vni}"; + value = { + name = router_vtep_name vni; + linkConfig.Promiscuous = true; + networkConfig = { + Bridge = "rbr0"; + + LinkLocalAddressing = false; + LLDP = false; + EmitLLDP = false; + IPv6AcceptRA = false; + IPv6SendRA = false; + }; + bridgeConfig.Isolated = true; + }; + }) vni-list; + vtep-netdevs = + listToAttrs + <| map (vni: { + name = "10-${router_vtep_name vni}"; + value = { + netdevConfig = { + Name = router_vtep_name vni; + Kind = "vxlan"; + }; + vxlanConfig = { + VNI = vni; + Local = "10.0.0.1"; + DestinationPort = 4789; + Group = "239.0.0.1"; + }; + }; + }) vni-list; + in + { + networks = { + "10-eth0" = { + name = "eth0"; + address = [ "10.0.0.1/24" ]; + networkConfig.VXLAN = map router_vtep_name vni-list; + }; + "10-rbr0" = { + name = "rbr0"; + address = [ "10.0.100.1/16" ]; + }; + } // vtep-network; + netdevs = { + "10-rbr0" = { + netdevConfig = { + Name = "rbr0"; + Kind = "bridge"; + }; + }; + } // vtep-netdevs; }; - }; }; }; }