leonetienne/stormwind-nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d22428192f649f01e709bb17a131bec081531fe
stormwind-nixfiles/incus.nix

37 lines
828 B
Nix
Raw Normal View History

add incus
2025-01-13 01:52:37 +01:00
{ config, pkgs, ... }:
{
virtualisation.incus.enable = true;
networking = {
nftables.enable = true;
create special network for crusader which cannot ping lan
2025-07-22 10:25:34 +02:00
firewall = {
enable = true;
trustedInterfaces = [ "incusbr1" ];
filterForward = true;
extraForwardRules = ''
# if crusader tries to go to varian or truenas, BLOCK
iifname "incusbr1" oifname "incusbr0" drop
iifname "incusbr1" oifname "enp4s0" ip daddr 192.168.0.0/16 drop
'';
interfaces = {
incusbr0 = {
allowedTCPPorts = [ 53 67 ];
allowedUDPPorts = [ 53 67 ];
};
incusbr1 = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 68 ];
};
add incus
2025-01-13 01:52:37 +01:00
};
create special network for crusader which cannot ping lan
2025-07-22 10:25:34 +02:00
add incus
2025-01-13 01:52:37 +01:00
};
};
load dm_thin_pool kernel module
2025-01-13 02:18:00 +01:00
# Load the kernel volume for lvm thin provisioning
add dm_snapshot kernel module
2025-01-14 13:10:24 +01:00
boot.kernelModules = [ "dm_thin_pool" "dm_snapshot" ];
add incus
2025-01-13 01:52:37 +01:00
}
Reference in New Issue Copy Permalink