Configure QEMU virtual bridge for SICA VM
This commit is contained in:
parent
db16c3fef7
commit
eef13ca8bf
GPG Key ID:
9893DA236405AF57
|
|
@ -26,11 +26,9 @@
|
||||||
nssmdns = true;
|
nssmdns = true;
|
||||||
publish = {
|
publish = {
|
||||||
enable = true;
|
enable = true;
|
||||||
userServices = true;
|
addresses = true;
|
||||||
domain = true;
|
domain = true;
|
||||||
workstation = true;
|
|
||||||
};
|
};
|
||||||
reflector = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall configuration
|
# Firewall configuration
|
||||||
|
|
@ -38,6 +36,7 @@
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
445 # Samba
|
445 # Samba
|
||||||
139 # Samba
|
139 # Samba
|
||||||
|
2222 # VM SSH
|
||||||
5000 # Sybase
|
5000 # Sybase
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
|
|
@ -48,11 +47,21 @@
|
||||||
allowPing = true;
|
allowPing = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable NAT for wireguard
|
# Enable NAT for wireguard and forward ports to sica VM
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
externalInterface = "eth0";
|
externalInterface = "eth0";
|
||||||
internalInterfaces = [ "wg0" ];
|
internalInterfaces = [ "wg0" "br0" ];
|
||||||
|
forwardPorts = [
|
||||||
|
{
|
||||||
|
destination = "192.168.122.100:22";
|
||||||
|
sourcePort = 2222;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.122.100:5000";
|
||||||
|
sourcePort = 5000;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Wireguard setup
|
# Wireguard setup
|
||||||
|
|
@ -71,4 +80,29 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# QEMU virtual bridge
|
||||||
|
networking.interfaces.br0 = {
|
||||||
|
ipv4.addresses = [{
|
||||||
|
address = "192.168.122.1";
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
networking.bridges.br0.interfaces = [ ];
|
||||||
|
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = [ "br0" ];
|
||||||
|
extraConfig = ''
|
||||||
|
option routers 192.168.122.1;
|
||||||
|
option broadcast-address 192.168.122.255;
|
||||||
|
option subnet-mask 255.255.255.0;
|
||||||
|
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||||
|
default-lease-time -1;
|
||||||
|
max-lease-time -1;
|
||||||
|
subnet 192.168.122.0 netmask 255.255.255.0 {
|
||||||
|
range 192.168.122.100 192.168.122.200;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,10 @@
|
||||||
# Enable virtualisation
|
# Enable virtualisation
|
||||||
virtualisation.libvirtd = {
|
virtualisation.libvirtd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
qemuRunAsRoot = false;
|
||||||
onBoot = "ignore";
|
onBoot = "ignore";
|
||||||
onShutdown = "shutdown";
|
onShutdown = "shutdown";
|
||||||
qemuPackage = pkgs.qemu_kvm;
|
allowedBridges = [ "br0" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Declarative configuration of the VMs
|
# Declarative configuration of the VMs
|
||||||
|
|
@ -16,7 +17,7 @@
|
||||||
script = ''
|
script = ''
|
||||||
disk=/vault/VMs/sica.qcow2
|
disk=/vault/VMs/sica.qcow2
|
||||||
sock=/run/qemu-sica.mon.sock
|
sock=/run/qemu-sica.mon.sock
|
||||||
${pkgs.qemu_kvm}/bin/qemu-kvm -m 1G -nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::5000-:5000 -hda $disk -monitor unix:$sock,server,nowait -nographic
|
${pkgs.qemu}/bin/qemu-kvm -m 1G -nic bridge,br=br0,model=virtio --hda $disk -monitor unix:$sock,server,nowait -nographic
|
||||||
'';
|
'';
|
||||||
preStop = ''
|
preStop = ''
|
||||||
echo 'system_powerdown' | ${pkgs.socat}/bin/socat - UNIX-CONNECT:/run/qemu-sica.mon.sock
|
echo 'system_powerdown' | ${pkgs.socat}/bin/socat - UNIX-CONNECT:/run/qemu-sica.mon.sock
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue