upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-07 05:27:13 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: vaultwarden microVM

Browse source
This commit is contained in:
Nick 2025-11-08 01:36:52 -06:00
parent b82d20a955
commit 09ff20b5fa
2 changed files with 56 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

74
systems/ceres/config/networking.nix
View file

@ -12,40 +12,38 @@ in
# Enable microVM host # Enable microVM host
microvm.host.enable = true; microvm.host.enable = true;
# # systemd-networkd for bridge management # systemd-networkd for bridge management (required for TAP interfaces)
# # NOTE: Not needed for macvtap - only enable if using TAP interfaces systemd.network.enable = true;
# # TAP requires a bridge on the host, macvtap connects directly to physical interface
# systemd.network.enable = true;
# # Bridge configuration for microVMs (only needed for TAP interfaces) # Bridge configuration for microVMs
# systemd.network.netdevs."10-br-vms" = { systemd.network.netdevs."10-br-vms" = {
# netdevConfig = { netdevConfig = {
# Name = "br-vms"; Name = "br-vms";
# Kind = "bridge"; Kind = "bridge";
# }; };
# }; };
# # Attach physical interface and tap interfaces to bridge # Attach physical interface and tap interfaces to bridge
# systemd.network.networks."20-lan" = { systemd.network.networks."20-lan" = {
# matchConfig.Name = [ matchConfig.Name = [
# "enp10s0" "enp10s0"
# "vm-*" "vm-*"
# ]; ];
# networkConfig = { networkConfig = {
# Bridge = "br-vms"; Bridge = "br-vms";
# }; };
# }; };
# # Bridge gets the host IP # Bridge gets the host IP
# systemd.network.networks."30-br-vms" = { systemd.network.networks."30-br-vms" = {
# matchConfig.Name = "br-vms"; matchConfig.Name = "br-vms";
# networkConfig = { networkConfig = {
# Address = "192.168.50.240/24"; Address = "192.168.50.240/24";
# Gateway = "192.168.50.1"; Gateway = "192.168.50.1";
# DNS = [ "192.168.50.1" ]; DNS = [ "192.168.50.1" ];
# }; };
# linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
# }; };
networking = { networking = {
hostName = ceres.name; hostName = ceres.name;
@ -53,19 +51,7 @@ in
networkmanager.enable = false; networkmanager.enable = false;
nftables.enable = true; nftables.enable = true;
useDHCP = false; useDHCP = false;
# Network configuration handled by systemd-networkd bridge
# Declarative interface configuration for the host
interfaces.enp10s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.50.240";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.50.1";
nameservers = [ "192.168.50.1" ];
firewall = { firewall = {
enable = true; enable = true;

44
systems/ceres/microvms/vaultwarden.nix
View file

@ -77,16 +77,18 @@ in
systemd.network = { systemd.network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Type = "ether"; matchConfig.Name = "enp0s5";
networkConfig = { addresses = [ { Address = "${vaultwardenCfg.interface.ip}/24"; } ];
Address = [ "${vaultwardenCfg.interface.ip}/24" ]; routes = [
Gateway = vaultwardenCfg.interface.gate; {
DNS = [ Destination = "0.0.0.0/0";
"1.1.1.1" Gateway = vaultwardenCfg.interface.gate;
"8.8.8.8" }
]; ];
DHCP = "no"; dns = [
}; "1.1.1.1"
"8.8.8.8"
];
}; };
}; };
@ -98,18 +100,24 @@ in
mem = 1024; mem = 1024;
hypervisor = "qemu"; hypervisor = "qemu";
# Use q35 machine type for proper PCI support instead of microvm
qemu.machine = "q35";
interfaces = [ interfaces = [
{ {
type = "macvtap"; type = "tap";
id = vaultwardenCfg.interface.id; id = vaultwardenCfg.interface.id;
mac = vaultwardenCfg.interface.mac; mac = vaultwardenCfg.interface.mac;
macvtap = { }
link = "enp10s0"; {
mode = "bridge"; type = "user";
}; id = vaultwardenCfg.interface.idUser;
mac = vaultwardenCfg.interface.macUser;
}
];
forwardPorts = [
{
from = "host";
host.port = vaultwardenCfg.interface.ssh;
guest.port = 22;
} }
]; ];