nixos/tests/networking/router.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / networking / router.nix
at 24.11-pre 2.9 kB view raw
 1{ networkd }: { config, pkgs, ... }:
 2  let
 3    inherit (pkgs) lib;
 4    qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; };
 5    vlanIfs = lib.range 1 (lib.length config.virtualisation.vlans);
 6  in {
 7    environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
 8    virtualisation.vlans = [ 1 2 3 ];
 9    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
10    networking = {
11      useDHCP = false;
12      useNetworkd = networkd;
13      firewall.checkReversePath = true;
14      firewall.allowedUDPPorts = [ 547 ];
15      interfaces = lib.mkOverride 0 (lib.listToAttrs (lib.forEach vlanIfs (n:
16        lib.nameValuePair "eth${toString n}" {
17          ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ];
18          ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ];
19        })));
20    };
21    services.kea = {
22      dhcp4 = {
23        enable = true;
24        settings = {
25          interfaces-config = {
26            interfaces = map (n: "eth${toString n}") vlanIfs;
27            dhcp-socket-type = "raw";
28            service-sockets-require-all = true;
29            service-sockets-max-retries = 5;
30            service-sockets-retry-wait-time = 2500;
31          };
32          subnet4 = map (n: {
33            id = n;
34            subnet = "192.168.${toString n}.0/24";
35            pools = [{ pool = "192.168.${toString n}.3 - 192.168.${toString n}.254"; }];
36            option-data = [
37              { data = "192.168.${toString n}.1"; name = "routers"; }
38              { data = "192.168.${toString n}.1"; name = "domain-name-servers"; }
39            ];
40
41            reservations = [{
42              hw-address = qemu-common.qemuNicMac n 1;
43              hostname = "client${toString n}";
44              ip-address = "192.168.${toString n}.2";
45            }];
46          }) vlanIfs;
47        };
48      };
49      dhcp6 = {
50        enable = true;
51        settings = {
52          interfaces-config = {
53            interfaces = map (n: "eth${toString n}") vlanIfs;
54            service-sockets-require-all = true;
55            service-sockets-max-retries = 5;
56            service-sockets-retry-wait-time = 2500;
57          };
58
59          subnet6 = map (n: {
60            id = n;
61            subnet = "fd00:1234:5678:${toString n}::/64";
62            interface = "eth${toString n}";
63            pools = [{ pool = "fd00:1234:5678:${toString n}::2-fd00:1234:5678:${toString n}::2"; }];
64          }) vlanIfs;
65        };
66      };
67    };
68    services.radvd = {
69      enable = true;
70      config = lib.flip lib.concatMapStrings vlanIfs (n: ''
71        interface eth${toString n} {
72          AdvSendAdvert on;
73          AdvManagedFlag on;
74          AdvOtherConfigFlag on;
75
76          prefix fd00:1234:5678:${toString n}::/64 {
77            AdvAutonomous off;
78          };
79        };
80      '');
81    };
82  }