upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: vaultwarden microVM

Browse source
This commit is contained in:
Nick 2025-11-08 01:36:52 -06:00
parent b82d20a955
commit 09ff20b5fa
2 changed files with 56 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

74
systems/ceres/config/networking.nix
View file

@ -12,40 +12,38 @@ in
# Enable microVM host
microvm.host.enable = true;
# # systemd-networkd for bridge management
# # NOTE: Not needed for macvtap - only enable if using TAP interfaces
# # TAP requires a bridge on the host, macvtap connects directly to physical interface
# systemd.network.enable = true;
# systemd-networkd for bridge management (required for TAP interfaces)
systemd.network.enable = true;
# # Bridge configuration for microVMs (only needed for TAP interfaces)
# systemd.network.netdevs."10-br-vms" = {
# netdevConfig = {
# Name = "br-vms";
# Kind = "bridge";
# };
# };
# Bridge configuration for microVMs
systemd.network.netdevs."10-br-vms" = {
netdevConfig = {
Name = "br-vms";
Kind = "bridge";
};
};
# # Attach physical interface and tap interfaces to bridge
# systemd.network.networks."20-lan" = {
# matchConfig.Name = [
# "enp10s0"
# "vm-*"
# ];
# networkConfig = {
# Bridge = "br-vms";
# };
# };
# Attach physical interface and tap interfaces to bridge
systemd.network.networks."20-lan" = {
matchConfig.Name = [
"enp10s0"
"vm-*"
];
networkConfig = {
Bridge = "br-vms";
};
};
# # Bridge gets the host IP
# systemd.network.networks."30-br-vms" = {
# matchConfig.Name = "br-vms";
# networkConfig = {
# Address = "192.168.50.240/24";
# Gateway = "192.168.50.1";
# DNS = [ "192.168.50.1" ];
# };
# linkConfig.RequiredForOnline = "routable";
# };
# Bridge gets the host IP
systemd.network.networks."30-br-vms" = {
matchConfig.Name = "br-vms";
networkConfig = {
Address = "192.168.50.240/24";
Gateway = "192.168.50.1";
DNS = [ "192.168.50.1" ];
};
linkConfig.RequiredForOnline = "routable";
};
networking = {
hostName = ceres.name;
@ -53,19 +51,7 @@ in
networkmanager.enable = false;
nftables.enable = true;
useDHCP = false;
# Declarative interface configuration for the host
interfaces.enp10s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.50.240";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.50.1";
nameservers = [ "192.168.50.1" ];
# Network configuration handled by systemd-networkd bridge
firewall = {
enable = true;

44
systems/ceres/microvms/vaultwarden.nix
View file

@ -77,16 +77,18 @@ in
systemd.network = {
enable = true;
networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "${vaultwardenCfg.interface.ip}/24" ];
Gateway = vaultwardenCfg.interface.gate;
DNS = [
"1.1.1.1"
"8.8.8.8"
];
DHCP = "no";
};
matchConfig.Name = "enp0s5";
addresses = [ { Address = "${vaultwardenCfg.interface.ip}/24"; } ];
routes = [
{
Destination = "0.0.0.0/0";
Gateway = vaultwardenCfg.interface.gate;
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
@ -98,18 +100,24 @@ in
mem = 1024;
hypervisor = "qemu";
# Use q35 machine type for proper PCI support instead of microvm
qemu.machine = "q35";
interfaces = [
{
type = "macvtap";
type = "tap";
id = vaultwardenCfg.interface.id;
mac = vaultwardenCfg.interface.mac;
macvtap = {
link = "enp10s0";
mode = "bridge";
};
}
{
type = "user";
id = vaultwardenCfg.interface.idUser;
mac = vaultwardenCfg.interface.macUser;
}
];
forwardPorts = [
{
from = "host";
host.port = vaultwardenCfg.interface.ssh;
guest.port = 22;
}
];