mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-10 23:00:39 +02:00
fix: realize mkif earlier to disable local-vms definition
This commit is contained in:
parent
b545967e7a
commit
e32d5575b4
1 changed files with 21 additions and 21 deletions
|
@ -167,29 +167,29 @@
|
|||
|
||||
extra.networking.renameInterfacesByMac.${vmCfg.networking.mainLinkName} = mac;
|
||||
|
||||
systemd.network.networks = let
|
||||
wgConfig = parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName;
|
||||
in {
|
||||
# Remove requirement for the wireguard interface to come online,
|
||||
# to allow microvms to be deployed more easily (otherwise they
|
||||
# would not come online if the private key wasn't rekeyed yet).
|
||||
# FIXME ideally this would be conditional at runtime if the
|
||||
# agenix activation had an error, but this is not trivial.
|
||||
${wgConfig} = mkIf vmCfg.localWireguard {
|
||||
linkConfig.RequiredForOnline = "no";
|
||||
};
|
||||
|
||||
"10-${vmCfg.networking.mainLinkName}" = {
|
||||
matchConfig.MACAddress = mac;
|
||||
DHCP = "yes";
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
IPv6AcceptRA = true;
|
||||
systemd.network.networks =
|
||||
{
|
||||
"10-${vmCfg.networking.mainLinkName}" = {
|
||||
matchConfig.MACAddress = mac;
|
||||
DHCP = "yes";
|
||||
networkConfig = {
|
||||
IPv6PrivacyExtensions = "yes";
|
||||
MulticastDNS = true;
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
}
|
||||
// optionalAttrs vmCfg.localWireguard {
|
||||
# Remove requirement for the wireguard interface to come online,
|
||||
# to allow microvms to be deployed more easily (otherwise they
|
||||
# would not come online if the private key wasn't rekeyed yet).
|
||||
# FIXME ideally this would be conditional at runtime if the
|
||||
# agenix activation had an error, but this is not trivial.
|
||||
${parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName} = {
|
||||
linkConfig.RequiredForOnline = "no";
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
};
|
||||
|
||||
# TODO mkForce nftables
|
||||
networking.nftables.firewall = {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue