2024-03-27 10:10:20 +09:00
|
|
|
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
|
2024-03-20 17:23:30 +09:00
|
|
|
let
|
2024-03-25 11:53:39 +09:00
|
|
|
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
2024-03-20 17:23:30 +09:00
|
|
|
in {
|
2024-04-05 22:51:54 +09:00
|
|
|
|
2024-04-07 08:42:00 +09:00
|
|
|
containers = {
|
2024-06-20 14:14:56 +09:00
|
|
|
rdesktop = libx.mkContainer { hostname = "rdesktop"; ip = "2"; desktop = "plasma6"; unfree = true; };
|
2024-03-26 09:00:46 +09:00
|
|
|
};
|
2024-04-05 22:51:54 +09:00
|
|
|
|
2024-04-07 08:42:00 +09:00
|
|
|
# Networking config
|
|
|
|
|
networking.bridges.nix-br0.interfaces = [];
|
|
|
|
|
|
|
|
|
|
# Add an IP address to the bridge interface.
|
|
|
|
|
networking.localCommands = ''ip address add 192.168.2.1/24 dev nix-br0'';
|
|
|
|
|
|
|
|
|
|
# Firewall commands allowing traffic to go in and out of the bridge interface
|
|
|
|
|
# (and to the guest LXD instance). Also sets up the actual NAT masquerade rule.
|
|
|
|
|
networking.firewall.extraCommands = ''
|
|
|
|
|
iptables -A INPUT -i nix-br0 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# These three technically aren't needed, since by default the FORWARD and
|
|
|
|
|
# OUTPUT firewalls accept everything everything, but lets keep them in just
|
|
|
|
|
# in case.
|
|
|
|
|
iptables -A FORWARD -o nix-br0 -j ACCEPT
|
|
|
|
|
iptables -A FORWARD -i nix-br0 -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -o nix-br0 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE
|
|
|
|
|
'';
|
2024-03-21 20:27:53 +09:00
|
|
|
}
|
