home

commit a0f2ebfef00145f9a9994d1267a17a2bbd51f0d3
parent c60d950510e346747282441d421317d7111945eb
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Sun, 26 Apr 2020 13:56:51 +0200

profiles.virtualization: disalbe --listen for now

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
M
tmp/nixos-configuration/modules/profiles/virtualization.nix
 | 
75
++++++++++++++++++++++++++++++++++++++++++---------------------------------

1 file changed, 42 insertions(+), 33 deletions(-)
diff --git a/tmp/nixos-configuration/modules/profiles/virtualization.nix b/tmp/nixos-configuration/modules/profiles/virtualization.nix
@@ -24,37 +24,46 @@ in
       };
     };
   };
-  config = mkIf cfg.enable (mkMerge [
-    {
-      virtualisation.libvirtd = {
-        enable = true;
-      };
-      environment.systemPackages = with pkgs; [
-        qemu
-        vde2
-        libosinfo
-      ];
-    }
-    (mkIf cfg.nested {
-      environment.etc."modprobe.d/kvm.conf".text = ''
-options kvm_intel nested=1
-      '';
-    })
-    (mkIf config.profiles.desktop.enable {
-      environment.systemPackages = with pkgs; [ virtmanager ];
-    })
-    (mkIf cfg.listenTCP {
-      boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
-      virtualisation.libvirtd = {
-        extraConfig = ''
-        listen_tls = 0
-        listen_tcp = 1
-        auth_tcp="none"
-        tcp_port = "16509"
-        '';
-        extraOptions = [ "--listen" ];
-      };
-      networking.firewall.allowedTCPPorts = [ 16509 ];
-    })
-  ]);
+  config = mkIf cfg.enable (
+    mkMerge [
+      {
+        virtualisation.libvirtd = {
+          enable = true;
+        };
+        environment.systemPackages = with pkgs; [
+          qemu
+          vde2
+          libosinfo
+        ];
+      }
+      (
+        mkIf cfg.nested {
+          environment.etc."modprobe.d/kvm.conf".text = ''
+            options kvm_intel nested=1
+          '';
+        }
+      )
+      (
+        mkIf config.profiles.desktop.enable {
+          environment.systemPackages = with pkgs; [ virtmanager ];
+        }
+      )
+      (
+        mkIf cfg.listenTCP {
+          boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
+          virtualisation.libvirtd = {
+            allowedBridges = [ "br1" ];
+            extraConfig = ''
+              listen_tls = 0
+              listen_tcp = 1
+              auth_tcp="none"
+              tcp_port = "16509"
+            '';
+            # extraOptions = [ "--listen" ];
+          };
+          networking.firewall.allowedTCPPorts = [ 16509 ];
+        }
+      )
+    ]
+  );
 }