nix/nixos/hosts/framework-server/containers.nix

31 lines
1.1 KiB
Nix
Raw Permalink Normal View History

2024-03-27 02:10:20 +01:00
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
2024-03-20 09:23:30 +01:00
let
2024-03-25 03:53:39 +01:00
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
2024-03-20 09:23:30 +01:00
in {
2024-04-05 15:51:54 +02:00
2024-04-07 01:42:00 +02:00
containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; ip = "2"; unfree = true; desktop = "gnome"; };
2024-03-26 01:00:46 +01:00
};
2024-04-05 15:51:54 +02:00
2024-04-07 01:42:00 +02:00
# Networking config
networking.bridges.nix-br0.interfaces = [];
# Add an IP address to the bridge interface.
networking.localCommands = ''ip address add 192.168.2.1/24 dev nix-br0'';
# Firewall commands allowing traffic to go in and out of the bridge interface
# (and to the guest LXD instance). Also sets up the actual NAT masquerade rule.
networking.firewall.extraCommands = ''
iptables -A INPUT -i nix-br0 -j ACCEPT
# These three technically aren't needed, since by default the FORWARD and
# OUTPUT firewalls accept everything everything, but lets keep them in just
# in case.
iptables -A FORWARD -o nix-br0 -j ACCEPT
iptables -A FORWARD -i nix-br0 -j ACCEPT
iptables -A OUTPUT -o nix-br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE
'';
2024-03-21 12:27:53 +01:00
}