-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
*Introduce new naming pattern for VMs All VMs' names/hostnames are created using '<vmname>-vm' pattern. All VMs' network interfaces named using 'tap-<hostname>' pattern. NetVM's bridge is configured to include all 'tap-*' interfaces. This approach makes no distinction between service VMs and application VMs, but it allows to easily guess the hostname without using a network toolkit. *Introduce .ghaf local domain. All VMs except of NetVM now get their IPs from NetVM's DHCP server. The VMs are accessible by their hostnames with .ghaf postfix added, for instance, 'ssh gui-vm.ghaf'. *All VMs use separate subnet from now on, which is different from the debug-subnet. *The network configuration which is common for every VM is now extracted into the separate 'vm-networking.nix' file. Signed-off-by: Ivan Nikolaenko <[email protected]>
- Loading branch information
1 parent
aaeafbc
commit c435710
Showing
7 changed files
with
95 additions
and
143 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors | ||
# SPDX-License-Identifier: Apache-2.0 | ||
{ | ||
vmName, | ||
macAddress, | ||
... | ||
}: let | ||
networkName = "ethint0"; | ||
in { | ||
networking = { | ||
hostName = vmName; | ||
enableIPv6 = false; | ||
firewall.allowedTCPPorts = [22]; | ||
firewall.allowedUDPPorts = [67]; | ||
useNetworkd = true; | ||
nat = { | ||
enable = true; | ||
internalInterfaces = [networkName]; | ||
}; | ||
}; | ||
|
||
microvm.interfaces = [ | ||
{ | ||
type = "tap"; | ||
id = "tap-${vmName}"; | ||
mac = macAddress; | ||
} | ||
]; | ||
|
||
systemd.network = { | ||
enable = true; | ||
# Set internal network's interface name to networkName | ||
links."10-${networkName}" = { | ||
matchConfig.PermanentMACAddress = macAddress; | ||
linkConfig.Name = networkName; | ||
}; | ||
networks."10-${networkName}" = { | ||
matchConfig.MACAddress = macAddress; | ||
DHCP = "yes"; | ||
linkConfig.RequiredForOnline = "routable"; | ||
linkConfig.ActivationPolicy = "always-up"; | ||
}; | ||
}; | ||
|
||
# systemd-resolved does not support local names resolution | ||
# without configuring a local domain. With the local domain, | ||
# one would need also to disable DNSSEC for the clients. | ||
# Disabling DNSSEC for other VM then NetVM is | ||
# completely safe since they use NetVM as DNS proxy. | ||
services.resolved.dnssec = "false"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.