This commit is contained in:
albert 2024-03-26 11:35:38 +09:00
parent 82b8031b0a
commit 5e5623df57
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
3 changed files with 14 additions and 14 deletions

View file

@ -51,7 +51,9 @@
]; ];
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostBridge = "br0"; # hostBridge = "br0";
hostAddress = "192.168.2.1";
localAddress = "192.168.2.2/24";
restartIfChanged = true; restartIfChanged = true;
enableTun = true; enableTun = true;
additionalCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" ]; additionalCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" ];

View file

@ -24,6 +24,6 @@
boot.isContainer = true; boot.isContainer = true;
services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
networking.hostName = "${hostname}"; networking.hostName = "${hostname}";
networking.interfaces."eth0".useDHCP = true; # networking.interfaces."eth0".useDHCP = true;
system.stateVersion = stateVersion; system.stateVersion = stateVersion;
} }

View file

@ -1,22 +1,20 @@
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: { config, lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
let let
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
lanInterface = "enp0s13f0u4";
in { in {
containers = { containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; }; rdesktop = libx.mkContainer { hostname = "rdesktop"; };
}; };
networking.firewall.extraCommands = ''
iptables -w -t nat -A nixos-nat-post -s ${config.containers.rdesktop.localAddress} -j MASQUERADE
'';
networking = { networking.nat = {
bridges.br0.interfaces = [ "enp0s13f0u4" ]; enable = true;
interfaces.br0.ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }]; internalInterfaces = [ "ve-rdesktop" ];
externalInterface = lanInterface;
extraCommands = "iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE";
}; };
# networking.nat = {
# enable = true;
# internalInterfaces = [
# "ve-rdesktop"
# ];
# externalInterface = "enp0s13f0u4";
# };
} }