feat(networking): add support for bridging default interface (for VMs)

deedee-ops · Nov 3, 2024 · e7a3c16 · e7a3c16
1 parent 646d77b
commit e7a3c16
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 14 deletions.
diff --git a/machines/deedee/configuration.nix b/machines/deedee/configuration.nix
@@ -113,6 +113,7 @@ rec {
       firewallEnable = false;
       hostname = "deedee";
       mainInterface = "enp87s0";
+      bridgeMainInterface = true;
     };
 
     nix = {

diff --git a/modules/system/apps/adguardhome/default.nix b/modules/system/apps/adguardhome/default.nix
@@ -210,7 +210,7 @@ in
         HASH="$(cat ${
           config.sops.secrets."${cfg.adminPasswordSopsSecret}".path
         } | ${lib.getExe' pkgs.apacheHttpd "htpasswd"} -niB "" | cut -c 2-)"
-        MAINIP="$(${lib.getExe' pkgs.iproute2 "ip"} -4 addr show dev enp87s0 | grep -Po 'inet \K[\d.]+')"
+        MAINIP="$(${lib.getExe' pkgs.iproute2 "ip"} -4 addr show dev ${config.mySystem.networking.rootInterface} | grep -Po 'inet \K[\d.]+')"
         ${lib.getExe pkgs.gnused} -i"" "s,ADGUARDPASS,'$HASH',g" "$STATE_DIRECTORY/AdGuardHome.yaml"
         ${lib.getExe pkgs.gnused} -i"" "s,BINDHOST,'$MAINIP',g" "$STATE_DIRECTORY/AdGuardHome.yaml"
       '';

diff --git a/modules/system/containers/jellyfin/default.nix b/modules/system/containers/jellyfin/default.nix
@@ -102,7 +102,7 @@ in
       preStart = lib.mkAfter ''
         mkdir -p "${cfg.dataDir}/config" /var/cache/jellyfin/transcode
         chown 65000:65000 "${cfg.dataDir}/config" /var/cache/jellyfin /var/cache/jellyfin/transcode
-        ip -f inet addr show ${config.mySystem.networking.mainInterface} | grep -Po 'inet \K[\d.]+' > "/var/cache/jellyfin/internal-ip"
+        ip -f inet addr show ${config.mySystem.networking.rootInterface} | grep -Po 'inet \K[\d.]+' > "/var/cache/jellyfin/internal-ip"
         chown 65000:65000 "/var/cache/jellyfin/internal-ip"
       '';
     };

diff --git a/modules/system/motd.nix b/modules/system/motd.nix
@@ -90,7 +90,7 @@ in
     networkInterfaces = lib.mkOption {
       description = "Network interfaces to monitor";
       type = lib.types.listOf lib.types.str;
-      default = [ config.mySystem.networking.mainInterface ];
+      default = [ config.mySystem.networking.rootInterface ];
     };
 
   };

diff --git a/modules/system/networking.nix b/modules/system/networking.nix
@@ -21,6 +21,25 @@ in
         "149.112.112.10"
       ];
     };
+    bridgeMainInterface = lib.mkOption {
+      type = lib.types.bool;
+      description = "If enabled, the main interface will me managed via bridge (useful for configurations with VMs).";
+      default = false;
+    };
+    customNetworking = lib.mkOption {
+      type = lib.types.nullOr lib.types.attrs;
+      description = "Custom systemd.network config. If not set, DHCP4 on default interface will be configured.";
+      default = null;
+    };
+
+    rootInterface = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Interface which will actually receive main IP, basing from configuration (may be mainInterface or bridge for example).
+        Used internally for modules.
+      '';
+      internal = true;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -41,16 +60,61 @@ in
       };
     };
 
-    systemd.network = {
-      enable = true;
-      networks."50-${cfg.mainInterface}" = {
-        matchConfig.Name = cfg.mainInterface;
-        networkConfig = {
-          DHCP = "ipv4";
-          LinkLocalAddressing = "ipv4"; # disable ipv6
-        };
-        linkConfig.RequiredForOnline = "routable";
-      };
-    };
+    mySystem.networking.rootInterface = if cfg.bridgeMainInterface then "br0" else cfg.mainInterface;
+
+    systemd.network =
+      if cfg.customNetworking == null then
+        if cfg.bridgeMainInterface then
+          {
+            enable = true;
+            links = {
+              "0000-bridge-inherit-mac" = {
+                matchConfig.Type = "bridge";
+                linkConfig.MACAddressPolicy = "none";
+              };
+            };
+            netdevs = {
+              "0001-uplink" = {
+                netdevConfig = {
+                  Kind = "bridge";
+                  Name = "br0";
+                  MACAddress = "none";
+                };
+                bridgeConfig = {
+                  # VLANFiltering = true;
+                  STP = false;
+                };
+              };
+            };
+
+            networks = {
+              "1002-add-main-to-br0" = {
+                matchConfig.Name = "${config.mySystem.networking.mainInterface}";
+                bridge = [ "br0" ];
+              };
+              "1003-br0-up" = {
+                matchConfig.Name = "br0";
+                networkConfig = {
+                  DHCP = "ipv4";
+                  LinkLocalAddressing = "ipv4"; # disable ipv6
+                };
+                linkConfig.RequiredForOnline = "routable";
+              };
+            };
+          }
+        else
+          {
+            enable = true;
+            networks."50-${cfg.mainInterface}" = {
+              matchConfig.Name = cfg.mainInterface;
+              networkConfig = {
+                DHCP = "ipv4";
+                LinkLocalAddressing = "ipv4"; # disable ipv6
+              };
+              linkConfig.RequiredForOnline = "routable";
+            };
+          }
+      else
+        lib.recursiveUpdate cfg.customNetworking { enable = true; };
   };
 }