leonetienne/stormwind-nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62307984f5435b4a5c9709c35fae576169f7b55d
stormwind-nixfiles/incus.nix

36 lines
809 B
Nix
Raw Normal View History

add incus
2025-01-13 01:52:37 +01:00
{ config, pkgs, ... }:
{
virtualisation.incus.enable = true;
networking = {
nftables.enable = true;
create special network for crusader which cannot ping lan
2025-07-22 10:25:34 +02:00
firewall = {
trustedInterfaces = [ "incusbr1" ];
filterForward = true;
extraForwardRules = ''
# if crusader tries to go to varian or truenas, BLOCK
iifname "incusbr1" oifname "incusbr0" drop
create l2 bridge incusbr2
2026-01-26 15:36:02 +01:00
iifname "incusbr1" oifname "incusbr2" ip daddr 192.168.0.0/16 drop
create special network for crusader which cannot ping lan
2025-07-22 10:25:34 +02:00
'';
interfaces = {
incusbr0 = {
allowedTCPPorts = [ 53 67 ];
allowedUDPPorts = [ 53 67 ];
};
incusbr1 = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 68 ];
};
add incus
2025-01-13 01:52:37 +01:00
};
create special network for crusader which cannot ping lan
2025-07-22 10:25:34 +02:00
add incus
2025-01-13 01:52:37 +01:00
};
};
load dm_thin_pool kernel module
2025-01-13 02:18:00 +01:00
# Load the kernel volume for lvm thin provisioning
add dm_snapshot kernel module
2025-01-14 13:10:24 +01:00
boot.kernelModules = [ "dm_thin_pool" "dm_snapshot" ];
add incus
2025-01-13 01:52:37 +01:00
}
Reference in New Issue Copy Permalink