Configure QEMU virtual bridge for SICA VM

2021-03-25 09:52:43 +01:00 · 2021-03-25 09:52:43 +01:00 · eef13ca8bf
parent db16c3fef7
commit eef13ca8bf
2 changed files with 42 additions and 7 deletions
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -26,11 +26,9 @@
    nssmdns = true;
    publish = {
      enable = true;
-      userServices = true;
+      addresses = true;
      domain = true;
-      workstation = true;
    };
-    reflector = true;
  };

  # Firewall configuration
@ -38,6 +36,7 @@
    allowedTCPPorts = [
      445 # Samba
      139 # Samba
+      2222 # VM SSH
      5000 # Sybase
    ];
    allowedUDPPorts = [
@ -48,11 +47,21 @@
    allowPing = true;
  };

-  # Enable NAT for wireguard
+  # Enable NAT for wireguard and forward ports to sica VM
  networking.nat = {
    enable = true;
    externalInterface = "eth0";
-    internalInterfaces = [ "wg0" ];
+    internalInterfaces = [ "wg0" "br0" ];
+    forwardPorts = [
+      {
+        destination = "192.168.122.100:22";
+        sourcePort = 2222;
+      }
+      {
+        destination = "192.168.122.100:5000";
+        sourcePort = 5000;
+      }
+    ];
  };

  # Wireguard setup
@ -71,4 +80,29 @@
    };
  };

+  # QEMU virtual bridge
+  networking.interfaces.br0 = {
+    ipv4.addresses = [{
+      address = "192.168.122.1";
+      prefixLength = 24;
+    }];
+  };
+  networking.bridges.br0.interfaces = [ ];
+
+  services.dhcpd4 = {
+    enable = true;
+    interfaces = [ "br0" ];
+    extraConfig = ''
+      option routers 192.168.122.1;
+      option broadcast-address 192.168.122.255;
+      option subnet-mask 255.255.255.0;
+      option domain-name-servers 1.1.1.1, 8.8.8.8;
+      default-lease-time -1;
+      max-lease-time -1;
+      subnet 192.168.122.0 netmask 255.255.255.0 {
+        range 192.168.122.100 192.168.122.200;
+      }
+    '';
+  };
+
 }
--- a/modules/virtualization.nix
+++ b/modules/virtualization.nix
@ -4,9 +4,10 @@
  # Enable virtualisation
  virtualisation.libvirtd = {
    enable = true;
+    qemuRunAsRoot = false;
    onBoot = "ignore";
    onShutdown = "shutdown";
-    qemuPackage = pkgs.qemu_kvm;
+    allowedBridges = [ "br0" ];
  };

  # Declarative configuration of the VMs
@ -16,7 +17,7 @@
    script = ''
      disk=/vault/VMs/sica.qcow2
      sock=/run/qemu-sica.mon.sock
-      ${pkgs.qemu_kvm}/bin/qemu-kvm -m 1G -nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::5000-:5000 -hda $disk -monitor unix:$sock,server,nowait -nographic
+      ${pkgs.qemu}/bin/qemu-kvm -m 1G -nic bridge,br=br0,model=virtio --hda $disk -monitor unix:$sock,server,nowait -nographic
    '';
    preStop = ''
      echo 'system_powerdown' | ${pkgs.socat}/bin/socat - UNIX-CONNECT:/run/qemu-sica.mon.sock