sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: use configurable link name in containers

Browse source
This commit is contained in:
oddlama 2023-12-19 17:57:09 +01:00
parent eafe3b673c
commit c94084496a
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 38 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/ward/kea.nix
View file

@ -1,7 +1,6 @@
{
lib,
utils,
nodes,
...
}: let
inherit (lib) net;
@ -22,7 +21,7 @@ in {
renew-timer = 1000;
rebind-timer = 2000;
interfaces-config = {
# XXX: why does this bind other macvtaps?
# XXX: BUG: why does this bind other macvtaps?
interfaces = ["lan-self"];
service-sockets-max-retries = -1;
};

2
hosts/ward/secrets/influxdb/host.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoiozZHb2lXv9sZGXDeL2hdYYVPTMVrxdUl/lRro4zh
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOanBR6abVoPfpH9RyhxaJ1dg0/+VFAUyCfQzFqxGBzk

24
modules/guests/common-guest-config.nix
View file

@ -10,20 +10,18 @@ in {
gc.automatic = mkForce false;
};
systemd.network.networks = {
"10-${guestCfg.networking.mainLinkName}" = {
matchConfig.Name = guestCfg.networking.mainLinkName;
DHCP = "yes";
dhcpV4Config.UseDNS = false;
dhcpV6Config.UseDNS = false;
ipv6AcceptRAConfig.UseDNS = false;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
systemd.network.networks."10-${guestCfg.networking.mainLinkName}" = {
matchConfig.Name = guestCfg.networking.mainLinkName;
DHCP = "yes";
dhcpV4Config.UseDNS = false;
dhcpV6Config.UseDNS = false;
ipv6AcceptRAConfig.UseDNS = false;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
networking.nftables.firewall = {

13
modules/guests/container.nix
View file

@ -12,15 +12,12 @@ guestName: guestCfg: {
flip
mapAttrs'
nameValuePair
substring
;
initialLinkName = "mv-${(substring 0 12 (builtins.hashString "sha256" guestName))}";
in {
ephemeral = true;
privateNetwork = true;
autoStart = guestCfg.autostart;
macvlans = ["${guestCfg.container.macvlan}:${initialLinkName}"];
macvlans = ["${guestCfg.container.macvlan}:${guestCfg.networking.mainLinkName}"];
extraFlags = [
"--uuid=${builtins.substring 0 32 (builtins.hashString "sha256" guestName)}"
];
@ -63,14 +60,6 @@ in {
device = zfsCfg.guestMountpoint;
options = ["bind"];
});
# Rename the network interface to our liking
systemd.network.links = {
"01-${guestCfg.networking.mainLinkName}" = {
matchConfig.Name = initialLinkName;
linkConfig.Name = guestCfg.networking.mainLinkName;
};
};
}
(import ./common-guest-config.nix guestName guestCfg)
]

49
modules/guests/default.nix
View file

@ -31,6 +31,12 @@
lib.genAttrs backends (_: {})
// mapAttrs (_: listToAttrs) (groupBy (x: x.value.backend) (attrsToList config.guests));
# List the necessary mount units for the given guest
fsMountUnitsFor = guestCfg:
map
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
(attrValues guestCfg.zfs);
# Configuration required on the host for a specific guest
defineGuest = _guestName: guestCfg: {
# Add the required datasets to the disko configuration of the machine
@ -43,7 +49,6 @@
systemd.services = mkMerge (flip map (attrValues guestCfg.zfs) (zfsCfg: let
fsMountUnit = "${utils.escapeSystemdPath zfsCfg.hostMountpoint}.mount";
in {
# Ensure that the zfs dataset exists before it is mounted.
"zfs-ensure-${utils.escapeSystemdPath zfsCfg.hostMountpoint}" = {
wantedBy = [fsMountUnit];
before = [fsMountUnit];
@ -68,14 +73,9 @@
defineMicrovm = guestName: guestCfg: {
# Ensure that the zfs dataset exists before it is mounted.
systemd.services."microvm@${guestName}" = let
fsMountUnits =
map
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
(attrValues guestCfg.zfs);
in {
requires = fsMountUnits;
after = fsMountUnits;
systemd.services."microvm@${guestName}" = {
requires = fsMountUnitsFor guestCfg;
after = fsMountUnitsFor guestCfg;
};
microvm.vms.${guestName} = import ./microvm.nix guestName guestCfg attrs;
@ -83,19 +83,15 @@
defineContainer = guestName: guestCfg: {
# Ensure that the zfs dataset exists before it is mounted.
systemd.services."container@${guestName}" = let
fsMountUnits =
map
(x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
(attrValues guestCfg.zfs);
in {
requires = fsMountUnits;
after = fsMountUnits;
systemd.services."container@${guestName}" = {
requires = fsMountUnitsFor guestCfg;
after = fsMountUnitsFor guestCfg;
# Don't use the notify service type. Using exec will always consider containers
# started immediately and donesn't wait until the container is fully booted.
# Containers should behave like independent machines, and issues inside the container
# will unnecessarily lock up the service on the host otherwise.
# This causes issues on system activation.
# This causes issues on system activation or when containers take longer to start
# than TimeoutStartSec.
serviceConfig.Type = lib.mkForce "exec";
};
@ -162,7 +158,7 @@ in {
macvtapInterface = mkOption {
type = types.str;
description = "The host macvtap interface to which the microvm should be attached";
description = "The host interface to which the microvm should be attached via macvtap";
};
};
@ -174,12 +170,15 @@ in {
};
};
networking = {
mainLinkName = mkOption {
type = types.str;
default = "wan";
description = "The main ethernet link name inside of the VM";
};
networking.mainLinkName = mkOption {
type = types.str;
description = "The main ethernet link name inside of the guest. For containers, this cannot be named similar to an existing interface on the host.";
default =
if submod.config.backend == "microvm"
then submod.config.microvm.macvtapInterface
else if submod.config.backend == "container"
then "mv-${submod.config.container.macvlan}"
else throw "Invalid backend";
};
zfs = mkOption {