From 6451ea9aee5adb416570e6756402303d0c2e3554 Mon Sep 17 00:00:00 2001 From: Tim Keller Date: Sun, 14 Jun 2026 13:39:16 -0500 Subject: fix default gateway for router and assign mac addresses for all containers --- hosts/poweredge/bitcoind.nix | 10 ++++------ hosts/poweredge/configuration.nix | 4 ++-- hosts/poweredge/gitea.nix | 10 ++++------ hosts/poweredge/immich.nix | 8 +++----- hosts/poweredge/jellyfin.nix | 8 +++----- hosts/poweredge/networking.nix | 31 ++++++++++++++++++++++++++----- hosts/poweredge/router-hosts.nix | 3 ++- 7 files changed, 44 insertions(+), 30 deletions(-) (limited to 'hosts') diff --git a/hosts/poweredge/bitcoind.nix b/hosts/poweredge/bitcoind.nix index 715fb8a..cff9cd3 100644 --- a/hosts/poweredge/bitcoind.nix +++ b/hosts/poweredge/bitcoind.nix @@ -3,10 +3,8 @@ autoStart = true; ephemeral = true; privateNetwork = true; - extraVeths.vb-bitcoind = { - hostBridge = "br-lan0"; - #localMacAddress = "02:00:00:00:00:04"; # TODO update to 26.05 - }; + hostBridge = "br-lan0"; + localMacAddress = "02:00:00:00:00:04"; # Host path bindMounts = { @@ -17,10 +15,10 @@ }; config = { lib, pkgs, config, ... }: let - btdPort = 8333; + btcPort = 8333; in { # Network - networking.interfaces.vb-bitcoind.useDHCP = true; + networking.interfaces.eth0.useDHCP = true; networking.firewall.allowedTCPPorts = [ btcPort ]; # Bitcoin diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix index 8ad7350..301566c 100644 --- a/hosts/poweredge/configuration.nix +++ b/hosts/poweredge/configuration.nix @@ -4,10 +4,10 @@ ./fileshares.nix ./networking.nix #./notification-mailer.nix # TODO move some of this stuff to archetype - #./gitea.nix + ./gitea.nix ./jellyfin.nix ./immich.nix - #./bitcoind.nix + ./bitcoind.nix ]; # Setup bootloader diff --git a/hosts/poweredge/gitea.nix b/hosts/poweredge/gitea.nix index c7a4c70..2d8b37f 100644 --- a/hosts/poweredge/gitea.nix +++ b/hosts/poweredge/gitea.nix @@ -2,20 +2,18 @@ containers.gitea = { autoStart = true; privateNetwork = true; - extraVeths.vb-gitea = { - hostBridge = "br-lan0"; - #localMacAddress = "02:00:00:00:00:03"; # TODO update to 26.05 - }; + hostBridge = "br-lan0"; + localMacAddress = "02:00:00:00:00:03"; config = { lib, pkgs, config, ... }: { # Network - networking.interfaces.vb-gitea.useDHCP = true; + networking.interfaces.eth0.useDHCP = true; networking.firewall.allowedTCPPorts = [ 80 22 ]; # Caddy + ssh # Gitea services.gitea = { enable = true; - user = "git"; # So ssh cloning uses git@gitea + #user = "git"; # So ssh cloning uses git@gitea }; # Reverse proxy diff --git a/hosts/poweredge/immich.nix b/hosts/poweredge/immich.nix index a98595e..b65d05d 100644 --- a/hosts/poweredge/immich.nix +++ b/hosts/poweredge/immich.nix @@ -2,10 +2,8 @@ containers.immich = { autoStart = true; privateNetwork = true; - extraVeths.vb-immich = { - hostBridge = "br-lan0"; - #localMacAddress = "02:00:00:00:00:01"; # TODO update to 26.05 - }; + hostBridge = "br-lan0"; + localMacAddress = "02:00:00:00:00:01"; # Host path bindMounts = { @@ -34,7 +32,7 @@ config = { lib, pkgs, config, ... }: { # Network - networking.interfaces.vb-immich.useDHCP = true; + networking.interfaces.eth0.useDHCP = true; networking.firewall.allowedTCPPorts = [ 80 ]; # Caddy # Immich diff --git a/hosts/poweredge/jellyfin.nix b/hosts/poweredge/jellyfin.nix index 84f3ec0..92412f8 100644 --- a/hosts/poweredge/jellyfin.nix +++ b/hosts/poweredge/jellyfin.nix @@ -2,10 +2,8 @@ containers.jellyfin = { autoStart = true; privateNetwork = true; - extraVeths.vb-jellyfin = { - hostBridge = "br-lan0"; - #localMacAddress = "02:00:00:00:00:02"; # TODO update to 26.05 - }; + hostBridge = "br-lan0"; + localMacAddress = "02:00:00:00:00:02"; bindMounts = { "/media" = { hostPath = "/media/ingens/media"; @@ -32,7 +30,7 @@ config = { lib, config, ... }: { # Network - networking.interfaces.vb-jellyfin.useDHCP = true; + networking.interfaces.eth0.useDHCP = true; networking.firewall.allowedTCPPorts = [ 80 ]; # Caddy # CUDA diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix index 859bc93..fbf6fa6 100644 --- a/hosts/poweredge/networking.nix +++ b/hosts/poweredge/networking.nix @@ -16,11 +16,7 @@ in { config, ... }: { vb-router-lan0.useDHCP = false; }; # Configure network - defaultGateway = { - # Read explaination for veth-router-lan below - address = "10.255.255.1"; - interface = "veth-router-lan"; - }; + defaultGateway = "10.255.255.1"; # Read explaination for veth-router-lan below nameservers = [ "192.168.1.1" ]; # DNS will only be available from this ip address THROUGH the default gateway # br-lan0 will be the interface used for networking on poweredge host interfaces.br-lan0.ipv4.addresses = [{ @@ -116,8 +112,33 @@ in { config, ... }: { }; }; + services.unbound._blocklists = { + enable = true; + hageziBlocklists = [ "pro" "nsfw" ]; + }; + system.stateVersion = "25.11"; }; }; + # FIXME the following snippet will cause the router container to fail to start: + # networking.defaultGateway = { + # address = "10.255.255.1"; + # interface = "veth-router-lan"; + # }; + # Journalctl will report: + # poweredge container router: Bring veth-router-lan up + # poweredge container router: RTNETLINK answers: File exists + # poweredge systemd: container@router.service: Control process exited, code=exited, status=2/INVALIDARGUMENT + # So the issue nixos is creating an interface with that same name. + # As a temporary workaround, the following service is deployed (after the container starts): + systemd.services.router-default-route = { + after = [ "container@router.service" ]; + wants = [ "container@router.service" ]; + serviceConfig.Type = "oneshot"; + script = '' + /run/current-system/sw/bin/ip route replace default via 10.255.255.1 dev veth-router-lan + ''; + wantedBy = [ "multi-user.target" ]; + }; } diff --git a/hosts/poweredge/router-hosts.nix b/hosts/poweredge/router-hosts.nix index 007d2d7..aedf18a 100644 --- a/hosts/poweredge/router-hosts.nix +++ b/hosts/poweredge/router-hosts.nix @@ -1,5 +1,5 @@ let - localDomain = "home.lan"; + localDomain = "home.lan"; # TODO RFC8375 .home.arpa dhcp = { inherit staticLeases; defaultGateway = "192.168.1.1"; @@ -68,4 +68,5 @@ in { services._router.dnsDhcpConfig = { inherit localDomain dhcp dns; }; + networking.hosts."192.168.1.1" = [ "router.${localDomain}" "router" ]; } -- cgit v1.2.3