leonetienne/stormwind-nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

realize l2 bridge utilization in vhosts

Browse Source
This commit is contained in:
RootHost-Stormwind
2026-01-26 21:06:08 +01:00
parent 62307984f5
commit 03a75c33e9
3 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hardware-configuration.nix
View File

@@ -39,7 +39,9 @@
RUN+="/bin/sh -c 'modprobe ahci; echo 0000:08:00.0 > /sys/bus/pci/drivers_probe'" RUN+="/bin/sh -c 'modprobe ahci; echo 0000:08:00.0 > /sys/bus/pci/drivers_probe'"
''; '';
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true; boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/7e34cdc3-bd48-435a-8ea2-e1fe43926262"; } [ { device = "/dev/disk/by-uuid/7e34cdc3-bd48-435a-8ea2-e1fe43926262"; }

6
incus.nix
View File

@@ -5,7 +5,7 @@
networking = { networking = {
nftables.enable = true; nftables.enable = true;
firewall = { firewall = {
trustedInterfaces = [ "incusbr1" ]; trustedInterfaces = [ "incusbr1" "incusbr2" ];
filterForward = true; filterForward = true;
extraForwardRules = '' extraForwardRules = ''
@@ -23,6 +23,10 @@
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 68 ]; allowedUDPPorts = [ 53 67 68 ];
}; };
incusbr2 = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 68 ];
};
}; };

12
networking.nix
View File

@@ -9,9 +9,8 @@
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 8123 1883 8883 9001 20 21 50000 50001 50002 50003 50004 50005 22 2222 2223 990 989 445 111 2049 32765 32768 20048 ]; allowedTCPPorts = [ 53 80 443 8123 1883 8883 9001 20 21 50000 50001 50002 50003 50004 50005 22 2222 2223 990 989 445 111 2049 32765 32768 20048 ];
allowedUDPPorts = [ 111 2049 20048 32765 32768 ]; allowedUDPPorts = [ 53 67 68 111 2049 20048 32765 32768 ];
trustedInterfaces = [ "incusbr0" "incusbr2" ];
}; };
nftables.ruleset = '' nftables.ruleset = ''
@@ -28,6 +27,12 @@
# allow vm to vm communication # allow vm to vm communication
iifname "tap*" oifname "tap*" accept iifname "tap*" oifname "tap*" accept
# allow vm dns
ether saddr 10:66:6a:06:f9:5e udp dport 53 accept
# allow vms on incusbr2 to go into lan
iifname "incusbr2" accept
# allow natted replies # allow natted replies
iifname "incusbr2" oifname "incusbr0" tcp dport 8123 ct state new,established accept iifname "incusbr2" oifname "incusbr0" tcp dport 8123 ct state new,established accept
iifname "incusbr2" oifname "incusbr0" tcp dport 80 ct state new,established accept iifname "incusbr2" oifname "incusbr0" tcp dport 80 ct state new,established accept
@@ -90,7 +95,6 @@
{ address = "192.168.0.19"; prefixLength = 24; } { address = "192.168.0.19"; prefixLength = 24; }
]; ];
macAddress = "2c:fd:a1:c1:13:b0"; macAddress = "2c:fd:a1:c1:13:b0";
mtu = 1280;
}; };
}; };