feat(router0-dmz0,sj-srv1): use bridged macvlan as main dmz interface

this allows guest VMs to communicate with the host via their macvtap connection.
2024-08-24 00:18:17 +02:00 · 2024-08-24 00:18:17 +02:00 · 7d0515d6f0
commit 7d0515d6f0
parent 84b473d38c
2 changed files with 44 additions and 6 deletions
--- a/nix/os/devices/sj-srv1/system.nix
+++ b/nix/os/devices/sj-srv1/system.nix
@ -25,12 +25,12 @@
  networking.usePredictableInterfaceNames = false;

  networking.useNetworkd = true;
-  networking.useDHCP = true;
+  networking.useDHCP = false;

  networking.nat = {
    enable = true;
-    externalInterface = "eth0";
    internalInterfaces = ["br0"];
+    externalInterface = "dmz0";
  };

  networking.bridges = {
@ -49,8 +49,40 @@
    };
  };

+  systemd.network.netdevs."10-dmz0" = {
+    enable = true;
+    netdevConfig = {
+      Name = "dmz0";
+      Kind = "macvlan";
+      MACAddress = "1c:69:7a:07:08:6f";
+    };
+
+    macvlanConfig = {
+      Mode = "bridge";
+    };
+  };
+
+  systemd.network.networks."20-eth0" = {
+    enable = true;
+    matchConfig.Name = "eth0";
+
+    # TODO: i'm not sure if and if so why this is required
+    macvlan = [
+      "dmz0"
+    ];
+
+    DHCP = "no";
+  };
+
+  systemd.network.networks."30-dmz0" = {
+    enable = true;
+    matchConfig.Name = "dmz0";
+    DHCP = "yes";
+  };
+
  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.ip_forward" = 1;
  };

  # virtualization