1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00

fix: realize mkif earlier to disable local-vms definition

This commit is contained in:
oddlama 2023-06-21 01:43:00 +02:00
parent b545967e7a
commit e32d5575b4
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A

View file

@ -167,29 +167,29 @@
extra.networking.renameInterfacesByMac.${vmCfg.networking.mainLinkName} = mac;
systemd.network.networks = let
wgConfig = parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName;
in {
# Remove requirement for the wireguard interface to come online,
# to allow microvms to be deployed more easily (otherwise they
# would not come online if the private key wasn't rekeyed yet).
# FIXME ideally this would be conditional at runtime if the
# agenix activation had an error, but this is not trivial.
${wgConfig} = mkIf vmCfg.localWireguard {
linkConfig.RequiredForOnline = "no";
};
"10-${vmCfg.networking.mainLinkName}" = {
matchConfig.MACAddress = mac;
DHCP = "yes";
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
IPv6AcceptRA = true;
systemd.network.networks =
{
"10-${vmCfg.networking.mainLinkName}" = {
matchConfig.MACAddress = mac;
DHCP = "yes";
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
}
// optionalAttrs vmCfg.localWireguard {
# Remove requirement for the wireguard interface to come online,
# to allow microvms to be deployed more easily (otherwise they
# would not come online if the private key wasn't rekeyed yet).
# FIXME ideally this would be conditional at runtime if the
# agenix activation had an error, but this is not trivial.
${parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName} = {
linkConfig.RequiredForOnline = "no";
};
linkConfig.RequiredForOnline = "routable";
};
};
# TODO mkForce nftables
networking.nftables.firewall = {