From 5e5623df57af5e41689cb2f5c81b161f4e6ccadc Mon Sep 17 00:00:00 2001 From: albert Date: Tue, 26 Mar 2024 11:35:38 +0900 Subject: [PATCH] Hello. --- lib/default.nix | 4 +++- nixos/containers/default.nix | 2 +- nixos/hosts/framework-server/containers.nix | 22 ++++++++++----------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 06fd62f0..26bbd579 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -51,7 +51,9 @@ ]; autoStart = true; privateNetwork = true; - hostBridge = "br0"; + # hostBridge = "br0"; + hostAddress = "192.168.2.1"; + localAddress = "192.168.2.2/24"; restartIfChanged = true; enableTun = true; additionalCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" ]; diff --git a/nixos/containers/default.nix b/nixos/containers/default.nix index 0e6a5da4..f2cb7a21 100644 --- a/nixos/containers/default.nix +++ b/nixos/containers/default.nix @@ -24,6 +24,6 @@ boot.isContainer = true; services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; networking.hostName = "${hostname}"; - networking.interfaces."eth0".useDHCP = true; + # networking.interfaces."eth0".useDHCP = true; system.stateVersion = stateVersion; } diff --git a/nixos/hosts/framework-server/containers.nix b/nixos/hosts/framework-server/containers.nix index 9c471dde..de013627 100644 --- a/nixos/hosts/framework-server/containers.nix +++ b/nixos/hosts/framework-server/containers.nix @@ -1,22 +1,20 @@ -{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: +{ config, lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: let libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; + lanInterface = "enp0s13f0u4"; in { containers = { rdesktop = libx.mkContainer { hostname = "rdesktop"; }; }; + networking.firewall.extraCommands = '' + iptables -w -t nat -A nixos-nat-post -s ${config.containers.rdesktop.localAddress} -j MASQUERADE + ''; - networking = { - bridges.br0.interfaces = [ "enp0s13f0u4" ]; - interfaces.br0.ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }]; + networking.nat = { + enable = true; + internalInterfaces = [ "ve-rdesktop" ]; + externalInterface = lanInterface; + extraCommands = "iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE"; }; - -# networking.nat = { -# enable = true; -# internalInterfaces = [ -# "ve-rdesktop" -# ]; -# externalInterface = "enp0s13f0u4"; -# }; }